Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Probleme mit unbekannten Dateien (trojaner?)

Probleme mit unbekannten Dateien (trojaner?)


Log-Analyse und Auswertung: Probleme mit unbekannten Dateien (trojaner?)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.08.2010, 22:21   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit unbekannten Dateien (trojaner?) - Standard

Probleme mit unbekannten Dateien (trojaner?)


Zitat:
Stellt sich noch die frage was mit den dateien im HijackThis log ist.
Was für Dateien? Du weißt was ein Log (=Protokoll!) ist?! Anscheinend nicht.

Zitat:
Wichtig: HijackThis legt nicht fest, welche Einträge gut oder böse sind, auch die automatische Auswertung auf HijackThis Logfileauswertung bietet nur einen Anhaltspunkt. Führe bitte keine Änderungen durch bis Du von einem erfahren Computer Benutzer dazu aufgefordert wurdest.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.08.2010, 22:42   #2
notfall
 
Probleme mit unbekannten Dateien (trojaner?) - Standard

Probleme mit unbekannten Dateien (trojaner?)


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.08.2010 23:30:10 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 46,56 Gb Free Space | 26,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 45,22 Gb Total Space | 45,13 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
Drive K: | 539,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E5722B1-A331-4DE7-A5E6-6029D3917E27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6990643F-5E3B-469D-876D-00345AFC49A3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9301465E-9938-4E66-B10A-8B57DC51DD9B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CD85F1E7-2360-4F6C-918A-CB8C2E2C7E2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0376F33C-FE47-48B7-89DF-F59A3318138E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{068E0DFC-A40F-4C6E-92BE-622753F11989}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe | 
"{096CBF99-B365-46A5-81C2-52032F99419E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe | 
"{0C692DBF-683A-4A07-8924-0F694E423F68}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | 
"{1015EBDF-8ABE-4BE8-8D16-554662F1CD50}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | 
"{1728350A-E89A-4C94-AB5F-359E98FEB8E2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\kev1804142\counter-strike\hl.exe | 
"{1A4340FE-90E2-4122-9422-B9365959E609}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | 
"{1E0D4055-7835-481E-832E-8D733CB960F5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe | 
"{2E448F65-DC40-43DF-97B3-F75F274FC1B1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{457DDDB4-0E92-4787-BBC2-CE83CF2FA993}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | 
"{5F3210FB-B388-478E-99E7-EB474E1325F0}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | 
"{5F3A70AD-4A9A-4175-9E1D-A0E77D632D5A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe | 
"{601208A2-8655-430F-9AA3-4E1DA27B9439}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{60DF5E2F-7C44-487A-9C0A-637BDB86E28F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | 
"{653C4363-924D-4C09-BD08-3C4DECE88FD3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-engb-ptr-downloader.exe | 
"{65D3DA6E-BA5A-41F7-8BAA-8A7895016C0B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe | 
"{89317D37-D4DA-48E7-9C99-7999DBAB1EBB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{8AEC75A1-9247-4853-86DB-035ED4FE9BA7}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{92BDA403-5FB5-4080-86F2-0521976CE0AD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{99B37F61-A9E5-4259-A7B0-350229509D7E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A2A74962-6503-472B-9052-8941FA4EEF4D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{A38F3336-98B9-4F95-BF68-EF7D9F76E55A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | 
"{B889802A-0418-49E9-BA3D-8C66313E3D1D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{BFFE0891-EF33-45C3-A4EB-9862F9C26E5B}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | 
"{C3099A2D-1BFE-4F16-B012-C40E00FCDFD1}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{C638B71B-D556-4F10-9A71-8BFAF5031193}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-engb-ptr-downloader.exe | 
"{CA9E9D23-D2F7-4BC8-80E3-704D4108BB7B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D6C80550-3F37-48D8-846B-DCE01D676829}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-engb-ptr-downloader.exe | 
"{DCF71FE4-C823-4E7B-819D-272F5197A287}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{DD30E25D-1438-4246-8599-0461EB75D82E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\kev1804142\counter-strike\hl.exe | 
"{E40852EE-92B5-4D51-8971-FB15A27915C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E946F265-4B33-49ED-BD16-369C8E341964}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-engb-ptr-downloader.exe | 
"{EC5EA48C-EE66-41A4-99CC-144628DBFF2B}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{F04A8754-8E3C-421D-BECF-F9AFAB615233}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe | 
"TCP Query User{04CA41A8-DC3D-4BC9-9DA6-5EBA9042BFC3}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe | 
"TCP Query User{07516232-D4BB-485C-AF93-42BB274C29E1}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{08682804-FC7C-481F-9CC4-84130941519D}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"TCP Query User{093F98AC-78B0-4116-94E7-2E912AA9FE80}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{0DB1F04D-F707-4039-BEA5-AD28410C4C2B}C:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe | 
"TCP Query User{117EF904-929D-4A7B-A2CD-AD9EDC7405E9}C:\users\kev\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe | 
"TCP Query User{17DBFEFD-3C9B-4A60-82C9-24936E05D27A}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{1C7AB96D-BF49-4480-B043-46EEE63927F4}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{25DD9A7F-4165-4243-8BA7-DC58FBB10E57}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe | 
"TCP Query User{34298AEF-5112-402B-BCE4-4517FF6950DF}C:\unreal anthology\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe | 
"TCP Query User{3583640C-DB7C-48DE-A07A-57E88074FFF1}C:\program files\steam\steamapps\genius209\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\genius209\counter-strike\hl.exe | 
"TCP Query User{4A1C705A-F089-4725-BB6D-5B001EE8EBF2}C:\users\kev\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\kev\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{4A55599B-17C0-4BA8-81F9-7367ED32B82B}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{59095997-12EA-4826-AF04-CE4A46F961CA}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{642923A4-3C68-45DE-A8CB-0B6954D1F53C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{78845424-45C2-4C59-B6F7-4EDF722BA3B8}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{8BB577AE-132F-4613-BCC5-197EF7B517D1}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe | 
"TCP Query User{8C4A6825-49DC-4B4C-BBD2-58B2E7F81283}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe | 
"TCP Query User{8E499C18-6114-4870-AEB2-5A70250BA4E8}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{8EA266EF-FFF9-4335-8900-790F723DD36B}K:\d-link.exe" = protocol=6 | dir=in | app=k:\d-link.exe | 
"TCP Query User{9CA9A8C1-01B7-4667-90F4-CA783203E39A}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{A3A88A0C-E777-437D-91CA-C1E2C9EE3C87}C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch\wowtest\wow-0.3.0.7468-to-0.3.0.7485-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch\wowtest\wow-0.3.0.7468-to-0.3.0.7485-dede-downloader.exe | 
"TCP Query User{A8DB9275-1012-4569-B106-434B655402D7}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe | 
"TCP Query User{A938BE27-CBC7-4F63-B049-4F13BF95C53D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{AD046F74-929B-4D28-AB06-63619A0985BA}C:\users\kev\desktop\wow-language-pack-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\wow-language-pack-engb-downloader.exe | 
"TCP Query User{B327CA75-D4FF-46C8-99E9-F5B0EEDC7318}C:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe" = protocol=6 | dir=in | app=c:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe | 
"TCP Query User{B80F5D9C-ED9E-4D59-842A-9AD0DAC354EB}C:\users\kev\desktop\vba link\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\vba link\visualboyadvance.exe | 
"TCP Query User{C35B2E5B-CE6E-4114-BD4A-DB774DFA8B4C}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{D8F7E071-404B-4560-B688-D6CA742E728C}C:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe | 
"TCP Query User{DFA2A831-7665-48B5-B5C3-D2E542308784}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe | 
"TCP Query User{F6C09E79-39DB-4A4A-88D7-7752C3890416}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{FE697B05-B916-49EB-9AA5-943C962A0ADC}C:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe | 
"TCP Query User{FEC6DDB6-B953-4743-ABD3-753C1041FBBD}C:\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\diablo ii\game.exe | 
"TCP Query User{FED69D51-69BE-4F7D-9A72-1CA3FBCE2937}C:\users\kev\desktop\wow-language-pack-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\wow-language-pack-engb-downloader.exe | 
"UDP Query User{00884650-1030-4275-97B1-2AA502D68414}C:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe" = protocol=17 | dir=in | app=c:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe | 
"UDP Query User{0E8FE509-AB4F-4CEC-B002-D1DFB02BE8E6}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{11BF1DB2-425D-4E06-9BD2-F26BC314E9B6}C:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe | 
"UDP Query User{158BF257-5E9F-4E18-8C79-E103EBEFDEE3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{19825F39-6500-448D-942D-6C8D355CEF2D}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{1B2A1BBB-2C48-4A53-A469-86AF6A5A1A6F}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe | 
"UDP Query User{2019E1BB-5DDF-4E57-AACC-C3C248DE2BE9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{225E39EB-B143-44A9-B3DD-D6C8AED874F4}C:\users\kev\desktop\vba link\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\vba link\visualboyadvance.exe | 
"UDP Query User{249C3354-0724-4EB4-9D5A-FC7140803CBB}C:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe | 
"UDP Query User{24C4454B-00A4-455D-8363-268D845720D5}C:\program files\steam\steamapps\genius209\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\genius209\counter-strike\hl.exe | 
"UDP Query User{2BA05799-3D84-4332-9A07-723150930EA1}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{476D7E4E-F7BC-4F2F-BC81-049581407CF8}C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch\wowtest\wow-0.3.0.7468-to-0.3.0.7485-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch\wowtest\wow-0.3.0.7468-to-0.3.0.7485-dede-downloader.exe | 
"UDP Query User{4C898DDD-6952-41BC-B89C-CCE254F3CC82}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{5050883E-54A4-4161-8995-708E618DB2FF}K:\d-link.exe" = protocol=17 | dir=in | app=k:\d-link.exe | 
"UDP Query User{51BF6D27-0A6C-4C82-A0C0-25732ED796DB}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe | 
"UDP Query User{55CC75CD-E1F8-4C78-9CAB-68078969168B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{565CB796-844D-42D6-B379-B3CB11000270}C:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe | 
"UDP Query User{68678668-B29C-4BC8-9F35-A45314A28CC4}C:\unreal anthology\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe | 
"UDP Query User{6D23A8FE-F3FD-414D-B5DA-B5633F234257}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{7E45E226-6A24-4C5C-8224-5C4652A87C31}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe | 
"UDP Query User{8AA8E442-614A-4E6A-9CB9-BD8BF0710C3A}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{ABF958A7-8FCA-4919-84A0-459384B3179D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{B4DD7543-922D-4810-8CDF-3C400C36B629}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{B50D5E0C-37DB-4AFE-A60D-12D32D259953}C:\users\kev\desktop\wow-language-pack-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\wow-language-pack-engb-downloader.exe | 
"UDP Query User{CD9A2B9A-9523-4AD7-BD6A-B1B931DD10FE}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe | 
"UDP Query User{D48D3390-5F48-486C-A85E-A87359264A24}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe | 
"UDP Query User{DB9B4884-2F3C-439D-82B5-8CE397B8836A}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{DD321A9A-D04B-455A-BD73-D108456E7E94}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"UDP Query User{DF30247D-BA01-4EE6-83B9-3A51B3FE1950}C:\users\kev\desktop\wow-language-pack-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\wow-language-pack-engb-downloader.exe | 
"UDP Query User{E3BA0F97-11C3-4551-A25F-C852EC6C8403}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe | 
"UDP Query User{EE801708-885F-4F5F-806B-5512F52DE32A}C:\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\diablo ii\game.exe | 
"UDP Query User{F1998FF4-7595-4197-8C7B-43D162F37D6A}C:\users\***\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe | 
"UDP Query User{F981C125-AEFB-4CA9-9F1E-59EC0847BBF9}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{FEB522B5-F4F4-40AE-BC68-450F02A82AC2}C:\users\***\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\kev\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{0D7B7EFD-C8D8-85CE-D7AC-15CB76F745B8}" = ATI Catalyst Control Center Ex
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2995F172-E2F6-4D21-A8A0-090EBBA7E60D}" = OpenOffice.org 3.0 Beta
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D34D82E0-4600-407B-9478-8506C1DD1031}" = Nero 7 Essentials
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast!" = avast! Antivirus
"CABAL Online_is1" = CABAL Online
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"divx650vfw_is1" = DivX Pro 6.8.0 VFW
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Glary Utilities_is1" = Glary Utilities Pro 2.6
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Security Task Manager" = Security Task Manager 1.7h
"Steam App 10" = Counter-Strike
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bailamo" = bailamo
"Octoshape Streaming Services" = Octoshape Streaming Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 06.03.2010 12:13:57 | Computer Name = Kev-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Kev\AppData\Roaming\skypePM\2010-03-06-2.ezlog failed, 00000005.  
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---
---------------------------------------------------------------------------------------------
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.08.2010 23:30:10 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Kev\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 46,56 Gb Free Space | 26,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 45,22 Gb Total Space | 45,13 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
Drive K: | 539,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Programme\Glary Utilities\memdefrag.exe (GlarySoft,Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Programme\Razer\Lycosa\razertra.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Programme\Razer\Copperhead\razerhid.exe ()
PRC - C:\Programme\Razer\Copperhead\razerofa.exe (Razer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc.              )
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV - (LycoFltr) -- C:\Windows\System32\drivers\Lycosa.sys (Razer USA Ltd.)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM) -- C:\Windows\System32\drivers\SE2Ebus.sys (MCCI)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (xfilt) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 0F 7F 40 C8 D9 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe (GlarySoft,Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\Shell\AutoRun\command - "" = K:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.09 23:29:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe
[2010.08.09 21:13:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.09 21:12:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.09 21:12:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.09 06:40:33 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2010.08.09 05:56:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.08 19:53:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam
[2010.08.08 19:52:55 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2010.07.31 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.09 23:32:15 | 004,456,448 | -HS- | M] () -- C:\Users\Kev\ntuser.dat
[2010.08.09 23:30:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83FBEBE3-B758-4CBA-9E8B-9742F07D78DF}.job
[2010.08.09 23:29:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe
[2010.08.09 23:08:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.09 23:08:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.09 22:47:08 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.09 21:14:22 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.09 21:14:22 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.09 21:14:22 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.09 21:14:22 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.09 21:14:22 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.09 21:13:03 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.09 21:09:53 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.08.09 21:09:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.09 21:08:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.08.09 21:08:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.09 21:08:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.09 21:08:16 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.09 21:07:41 | 000,524,288 | -HS- | M] () -- C:\Users\Kev\ntuser.dat{f50aed8c-f738-11dd-89e8-854b8ddf64c3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.09 21:07:41 | 000,065,536 | -HS- | M] () -- C:\Users\Kev\ntuser.dat{f50aed8c-f738-11dd-89e8-854b8ddf64c3}.TM.blf
[2010.08.09 21:07:09 | 002,952,672 | -H-- | M] () -- C:\Users\Kev\AppData\Local\IconCache.db
[2010.08.09 16:44:42 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DB38E93A-38EC-4070-B765-E95CCC581324}.job
[2010.08.09 16:15:58 | 000,299,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.09 05:58:27 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.08 20:03:38 | 000,000,212 | ---- | M] () -- C:\Users\Kev\Desktop\Counter-Strike.url
[2010.08.08 20:02:33 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.08.05 19:28:55 | 000,000,813 | ---- | M] () -- C:\Users\Kev\Desktop\World of Warcraft.lnk
[2010.07.31 01:26:50 | 000,152,904 | ---- | M] () -- C:\Windows\System32\vghd.scr
 
========== Files Created - No Company Name ==========
 
[2010.08.09 21:13:03 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.09 05:56:37 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.08 20:03:38 | 000,000,212 | ---- | C] () -- C:\Users\Kev\Desktop\Counter-Strike.url
[2010.08.08 19:52:58 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.04.26 03:02:11 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010.03.15 19:20:39 | 000,000,145 | ---- | C] () -- C:\Windows\Lilli.ini
[2010.03.15 19:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\Lclin.ini
[2009.09.11 02:41:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.23 20:36:55 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.23 20:36:53 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.07.20 15:17:12 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.20 15:17:06 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.07.20 15:04:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007.09.27 00:07:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.09.06 16:51:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.08.21 23:52:05 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2007.08.21 23:51:24 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.02 21:41:20 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007.08.02 21:39:13 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007.08.02 21:39:12 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007.08.02 21:39:12 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007.04.26 13:05:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.04.26 12:08:43 | 000,003,584 | ---- | C] () -- C:\Windows\NcDial.dll
[2007.03.10 13:51:48 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007.01.12 17:51:01 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.04.13 11:30:06 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2006.02.25 20:09:38 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
--- --- ---

So da sind die logs

Und zu den dateien in dem mwb ordner, es stimmt das ich vlt nich 100%ig weiß was ne logdatei ist, aber ich bin mir ziemlich sicher das dll exe und lizenz dateien nicht dazu gehören :P
__________________
Antwort

Themen zu Probleme mit unbekannten Dateien (trojaner?)
abstürzen, adobe, antivir, antivirus, avast, avast!, bho, defender, google, hijack, internet, internet explorer, memory optimizer, netgear, object, ohne befund, plug-in, rundll, scan, server, sicherheit, software, spielen, symantec, system, trojaner, trojaner-board, trojaner?, unknown file in winsock lsp, updates, vista, windows


« Auch bei meinem PC klemmts.... | Dauernd Abstürze und Aufhänger »


Ähnliche Themen: Probleme mit unbekannten Dateien (trojaner?)


  1. Trojaner nach Öffnung eines unbekannten Anhangs?
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (26)
  2. Nach einem Bundespolizei Trojaner foto und film dateien .enc codiert und in RTF dateien umgewandelt
    Antiviren-, Firewall- und andere Schutzprogramme - 10.04.2014 (2)
  3. Unbekannten Link zu einem Artikel geöffnet - Trojaner möglich?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (9)
  4. Was kann ich tun? Alle Probleme und Dateien enden auf .Ink
    Log-Analyse und Auswertung - 02.04.2013 (1)
  5. Unbekannten Trojaner von Freund aufgespielt
    Log-Analyse und Auswertung - 16.03.2013 (26)
  6. Noch unbekannten Trojaner beim Surfen eingefangen (XP)
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (16)
  7. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (3)
  8. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Mülltonne - 04.08.2012 (1)
  9. Probleme mit neuem oder unbekannten BKA-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  10. Unbekannten Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (1)
  11. kein XP start mehr möglich - durch unbekannten trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 17.01.2010 (1)
  12. Probleme beim löschen von Dateien
    Mülltonne - 02.09.2008 (0)
  13. Probleme beim Löschen von Dateien
    Plagegeister aller Art und deren Bekämpfung - 01.01.2008 (0)
  14. unbekannten Trojaner wie erkennen ? Antivirenprogramme finden ihn nicht.
    Plagegeister aller Art und deren Bekämpfung - 12.01.2007 (24)
  15. Probleme in den Eigenen Dateien
    Mülltonne - 18.10.2006 (1)
  16. probleme mit audio-dateien
    Alles rund um Windows - 08.03.2006 (7)
  17. Verdacht auf unbekannten Backdoor-Trojaner: Bitte um Hilfe !
    Plagegeister aller Art und deren Bekämpfung - 15.05.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Probleme mit unbekannten Dateien (trojaner?) - Zitat: Stellt sich noch die frage was mit den dateien im HijackThis log ist. Was für Dateien? Du weißt was ein Log (=Protokoll!) ist?! Anscheinend nicht. Zitat: Wichtig : HijackThis - Probleme mit unbekannten Dateien (trojaner?)...
Archiv
Du betrachtest: Probleme mit unbekannten Dateien (trojaner?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131