Google Links leiten des öfteren falsch weiter

DnIpR · 16.08.2010, 12:40

Hallo,
Hab mich mal hier registriert weil ich einfach nicht mehr weiter weiß.

Die Google Links leiten mich ständig zu anderen komischen Seiten weiter.

z.B. Wenn ich in Google Pizza Service eingebe und auf

Joey's Pizza Service klicke werde ich zu

h**p://de.gomeo.de/index.php?keyword=way+to+make+money

weiter geleitet. Aber ich kann auch zu anderen Seiten weiter geleitet werden.

Wenn ich aber unten rechts auf "Im Cache" klicke wird die richtige Seite angezeigt aber zumeist fehlerhaft.

Laut Google und mit ner menge Geduld hab ich herausgefunden dass ich möglicherweise HiJacker/AdWare auf dem Rechner habe.

achja und mit SpyBot hab ich mein System auch gescannt. Er hat zwar Gefahren entdeckt und gelöscht aber leider nicht die, die meine Probleme verursachen

Naja und hier ist mein HijackThis logfile:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:32, on 16.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Disk_Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Taylan\AppData\Local\Temp\svchost.bat
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Disk_Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\wsqmcons.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Disk Monitor] C:\Disk_Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [wmsdk64_32.exe] C:\Users\KARAKU~1.KAR\AppData\Local\Temp\wmsdk64_32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3353481963-3739831721-2344158522-1005\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Taylan')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: McAfee Application Installer Cleanup (0179501240493299) (0179501240493299mcinstcleanup) - Unknown owner - C:\windows\TEMP\017950~1.EXE (file missing)
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12156 bytes

--- --- ---

Danke schonmal im vorraus

cosinus · 16.08.2010, 13:15

Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

DnIpR · 16.08.2010, 13:20

OK,

danke

ich mach dann mal einen Scan mit MalwareBytes. Ergebnis werde ich posten oder evtl. diesen beitrag hier editieren.

cosinus · 16.08.2010, 13:22

Denk ans Update und den Vollscan. Am besten einen neuen Beitrag dann posten.

DnIpR · 16.08.2010, 20:13

So,

Als erstes die Logfile von Malwarebytes :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4432

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

16.08.2010 20:58:24
mbam-log-2010-08-16 (20-58-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 318477
Laufzeit: 6 Stunde(n), 30 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 23

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\registrymonitor2 (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\PRAGMArvcmvfqtnw (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\$Recycle.Bin\S-1-5-21-3353481963-3739831721-2344158522-1005\$RJMMEMH.exe (HackTool.Sniffer.WpePro) -> Quarantined and deleted successfully.
C:\Users\Karakurt\AppData\Local\Temp\BF37.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Users\Karakurt\AppData\Local\Temp\tmpaa9f9825\MicrosoftOutlook.2.31.17.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Karakurt\AppData\Roaming\Ehyv\leom.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Karakurt\AppData\Roaming\Ukuxu\tuusi.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YW6HHXO\5-direct[1].ex (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Taylan\Desktop\CL\CryptLoad\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Taylan\Desktop\CL\CryptLoad\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
C:\Windows\PRAGMArvcmvfqtnw\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\About.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Activate.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Antivirus Support.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Buy.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Scan.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Settings.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Update.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\cleansweep.exe\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Local\Temp\PRAGMA5374.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Local\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Taylan\AppData\Local\Temp\svchost.bat (Backdoor.IRCBot) -> Delete on reboot.

Hier die OTL.Txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.08.2010 21:08:49 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Taylan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 58,02 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,89 Gb Free Space | 20,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1020,00 Mb Total Space | 1017,69 Mb Free Space | 99,77% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KARAKURT
Current User Name: Taylan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Taylan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Disk_Monitor.exe (Neodio Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Taylan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (0179501240493299mcinstcleanup) McAfee Application Installer Cleanup (0179501240493299) -- C:\windows\TEMP\017950~1.EXE File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cmnsusbser) -- C:\windows\System32\DRIVERS\cmnsusbser.sys File not found
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (hcw17bda) -- C:\Windows\System32\drivers\hcw17bda.sys (Hauppauge Computer Works, Inc.)
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)
DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)
DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.12 18:37:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 17:15:51 | 000,000,000 | ---D | M]
 
[2010.07.07 15:42:09 | 000,000,000 | ---D | M] -- C:\Users\Taylan\AppData\Roaming\Mozilla\Extensions
[2010.08.15 16:30:51 | 000,000,000 | ---D | M] -- C:\Users\Taylan\AppData\Roaming\Mozilla\Firefox\Profiles\5yp1xnug.default\extensions
[2010.07.15 10:10:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Taylan\AppData\Roaming\Mozilla\Firefox\Profiles\5yp1xnug.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.11 08:15:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Taylan\AppData\Roaming\Mozilla\Firefox\Profiles\5yp1xnug.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.16 02:15:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.15 17:15:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.01 21:23:51 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.01 21:23:51 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.01 21:23:51 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.01 21:23:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.01 21:23:51 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.15 17:04:23 | 000,415,885 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 14380 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [Disk Monitor] C:\Disk_Monitor.exe (Neodio Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.25 16:16:58 | 000,000,076 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{4980d59d-7f05-11df-bb67-0024813f23a3}\Shell - "" = AutoRun
O33 - MountPoints2\{4980d59d-7f05-11df-bb67-0024813f23a3}\Shell\AutoRun\command - "" = H:\AUTOSTARTER.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.16 21:06:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Taylan\Desktop\OTL.exe
[2010.08.16 12:39:51 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Desktop\Nokia+
[2010.08.15 17:26:37 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Desktop\Games
[2010.08.15 16:30:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.08.15 16:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.15 15:20:46 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Roaming\Malwarebytes
[2010.08.15 15:20:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.08.15 15:20:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.08.15 15:20:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.15 15:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.15 15:05:45 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.13 07:02:48 | 000,000,000 | ---D | C] -- C:\windows\System32\MpEngineStore
[2010.08.12 18:48:06 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\windows\System\MSVCRT.DLL
[2010.08.12 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Roaming\Uniblue
[2010.08.12 18:15:09 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2010.08.12 18:15:00 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010.08.12 18:15:00 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieencode.dll
[2010.08.12 18:14:59 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2010.08.12 18:13:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2010.08.12 18:13:37 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010.08.12 18:13:19 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010.08.12 18:13:19 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010.08.12 18:11:38 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010.08.12 18:11:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010.08.12 18:11:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010.08.12 18:11:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010.08.12 16:23:00 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Desktop\CL
[2010.08.04 18:28:32 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.08.04 17:56:32 | 007,758,840 | ---- | C] (hxxp://cryptload.info) -- C:\Users\Taylan\Desktop\CryptLoad.exe
[2010.08.04 17:31:55 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\Risen
[2010.08.04 17:29:48 | 000,000,000 | ---D | C] -- C:\windows\1C4551A64743409391E41477CD655043.TMP
[2010.08.04 17:18:00 | 000,000,000 | ---D | C] -- C:\Programme\Deep Silver
[2010.08.04 16:46:34 | 000,000,000 | ---D | C] -- C:\Programme\KRU
[2010.08.02 12:43:50 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\GUILD WARS
[2010.08.02 12:43:25 | 000,000,000 | ---D | C] -- C:\Programme\GUILD WARS
[2010.08.01 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\Oblivion
[2010.08.01 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\My Games
[2010.07.31 22:40:15 | 000,000,000 | ---D | C] -- C:\windows\System32\AGEIA
[2010.07.31 22:40:14 | 000,000,000 | ---D | C] -- C:\Programme\AGEIA Technologies
[2010.07.31 22:38:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.07.31 18:55:54 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Neuer Ordner
[2010.07.31 18:49:23 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Support
[2010.07.31 18:49:23 | 000,000,000 | ---D | C] -- C:\Users\Taylan\images
[2010.07.31 18:49:23 | 000,000,000 | ---D | C] -- C:\Users\Taylan\data
[2010.07.31 15:32:53 | 000,000,000 | ---D | C] -- C:\windows\.mpr_file_store_32
[2010.07.31 11:35:12 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\Pinnacle VideoSpin
[2010.07.31 10:51:41 | 000,000,000 | ---D | C] -- C:\Programme\RADVideo
[2010.07.31 10:05:00 | 000,000,000 | ---D | C] -- C:\Programme\CamStudio
[2010.07.31 09:49:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Yahoo!
[2010.07.31 09:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle VideoSpin
[2010.07.31 09:49:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2010.07.31 09:49:35 | 000,000,000 | ---D | C] -- C:\Programme\Pinnacle
[2010.07.31 09:32:50 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\My WeGame Screenshots
[2010.07.31 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\My WeGame Videos
[2010.07.31 09:32:04 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\WeGame
[2010.07.31 09:31:43 | 000,000,000 | ---D | C] -- C:\Programme\WeGame
[2010.07.24 22:33:03 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\gctmp
[2010.07.24 22:32:59 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\Xenocode
[2010.07.24 13:03:03 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\Emicsoft Studio
[2010.07.24 13:02:51 | 000,000,000 | ---D | C] -- C:\Programme\Emicsoft Studio
[2010.07.20 20:34:47 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Roaming\Credential Manager
[2010.07.20 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\Bluetooth-Exchange-Ordner
[2010.07.20 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Bluetooth Software
[2010.07.20 17:04:36 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Shattered Designer
[2010.07.15 20:07:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Taylan\AppData\Roaming\pcouffin.sys
[2009.04.23 15:21:51 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009.04.23 15:21:50 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.16 21:07:58 | 006,029,312 | -HS- | M] () -- C:\Users\Taylan\ntuser.dat
[2010.08.16 21:07:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Taylan\Desktop\OTL.exe
[2010.08.16 21:04:45 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.16 21:04:45 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.16 21:02:55 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010.08.16 21:02:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010.08.16 21:02:38 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.08.16 21:02:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.08.16 21:02:29 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.16 21:00:57 | 000,007,941 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.08.16 21:00:05 | 000,524,288 | -HS- | M] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.16 21:00:05 | 000,065,536 | -HS- | M] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TM.blf
[2010.08.16 20:59:56 | 002,440,149 | -H-- | M] () -- C:\Users\Taylan\AppData\Local\IconCache.db
[2010.08.15 21:05:39 | 000,000,420 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{4574AE5D-2B2E-4700-9F04-1F62AA76121A}.job
[2010.08.15 17:16:46 | 000,524,288 | -HS- | M] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TMContainer00000000000000000002.regtrans-ms
[2010.08.15 17:04:23 | 000,415,885 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010.08.15 16:48:03 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20100815-170423.backup
[2010.08.15 16:19:32 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.dll
[2010.08.15 16:19:03 | 154,195,948 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010.08.15 15:59:01 | 000,524,288 | -HS- | M] () -- C:\Users\Taylan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 15:59:01 | 000,065,536 | -HS- | M] () -- C:\Users\Taylan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.08.15 15:05:46 | 000,001,874 | ---- | M] () -- C:\Users\Taylan\Desktop\HijackThis.lnk
[2010.08.14 22:45:31 | 000,000,507 | ---- | M] () -- C:\windows\ODBC.INI
[2010.08.13 09:23:49 | 000,371,072 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010.08.13 07:02:49 | 000,000,127 | ---- | M] () -- C:\windows\System32\MRT.INI
[2010.08.04 17:29:51 | 000,281,760 | ---- | M] () -- C:\windows\System32\drivers\atksgt.sys
[2010.08.04 17:29:50 | 000,025,888 | ---- | M] () -- C:\windows\System32\drivers\lirsgt.sys
[2010.08.04 16:16:59 | 001,568,228 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010.08.04 16:16:59 | 000,674,582 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.08.04 16:16:59 | 000,634,400 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.08.04 16:16:59 | 000,146,234 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.08.04 16:16:59 | 000,119,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.08.01 16:38:05 | 000,000,524 | ---- | M] () -- C:\Users\Taylan\Desktop\Fraps.lnk
[2010.08.01 16:35:38 | 000,000,023 | ---- | M] () -- C:\windows\BlendSettings.ini
[2010.07.31 22:57:04 | 000,394,041 | ---- | M] () -- C:\AnalysisLog.sr0
[2010.07.31 22:45:50 | 000,005,120 | ---- | M] () -- C:\Users\Taylan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.31 21:06:47 | 000,098,808 | ---- | M] () -- C:\Users\Taylan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.25 17:27:53 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2010.07.25 10:22:10 | 000,001,044 | ---- | M] () -- C:\Users\Taylan\AppData\Roaming\vso_ts_preview.xml
[2010.07.24 22:40:08 | 000,011,302 | ---- | M] () -- C:\video.pass
[2010.07.22 13:02:34 | 000,000,318 | ---- | M] () -- C:\windows\WPE PRO.INI
[2010.07.20 17:05:56 | 000,000,410 | ---- | M] () -- C:\Users\Taylan\Dokumente - Verknüpfung.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.15 16:19:42 | 000,524,288 | -HS- | C] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TMContainer00000000000000000002.regtrans-ms
[2010.08.15 16:19:42 | 000,524,288 | -HS- | C] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 16:19:41 | 000,065,536 | -HS- | C] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TM.blf
[2010.08.15 15:05:46 | 000,001,874 | ---- | C] () -- C:\Users\Taylan\Desktop\HijackThis.lnk
[2010.08.13 07:02:49 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2010.08.04 17:29:51 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2010.08.04 17:29:50 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2010.08.01 16:38:05 | 000,000,524 | ---- | C] () -- C:\Users\Taylan\Desktop\Fraps.lnk
[2010.08.01 15:04:29 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2010.07.31 22:56:52 | 000,394,041 | ---- | C] () -- C:\AnalysisLog.sr0
[2010.07.25 17:27:53 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010.07.24 22:36:48 | 000,011,302 | ---- | C] () -- C:\video.pass
[2010.07.22 13:02:25 | 000,000,318 | ---- | C] () -- C:\windows\WPE PRO.INI
[2010.07.20 17:05:56 | 000,000,410 | ---- | C] () -- C:\Users\Taylan\Dokumente - Verknüpfung.lnk
[2010.07.15 20:20:05 | 000,005,120 | ---- | C] () -- C:\Users\Taylan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.15 20:09:43 | 000,001,044 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\vso_ts_preview.xml
[2010.07.15 20:08:15 | 000,000,034 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\pcouffin.log
[2010.07.15 20:07:00 | 000,087,608 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\inst.exe
[2010.07.15 20:07:00 | 000,007,887 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\pcouffin.cat
[2010.07.15 20:07:00 | 000,001,144 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\pcouffin.inf
[2010.07.08 16:50:34 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2010.07.07 15:41:49 | 000,000,000 | ---- | C] () -- C:\Users\Taylan\AppData\Local\QSwitch.txt
[2010.07.07 15:41:49 | 000,000,000 | ---- | C] () -- C:\Users\Taylan\AppData\Local\DSwitch.txt
[2010.07.07 15:41:49 | 000,000,000 | ---- | C] () -- C:\Users\Taylan\AppData\Local\AtStart.txt
[2010.05.15 16:59:00 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010.04.26 18:32:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.25 17:26:19 | 001,970,176 | ---- | C] () -- C:\windows\System32\d3dx9.dll
[2010.04.07 17:00:47 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010.02.07 14:11:29 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2009.11.15 20:47:16 | 000,006,259 | ---- | C] () -- C:\windows\HCWPNP.INI
[2009.11.12 15:10:58 | 000,033,807 | ---- | C] () -- C:\windows\Irremote.ini
[2009.11.12 15:10:35 | 000,000,507 | ---- | C] () -- C:\windows\ODBC.INI
[2009.04.23 15:21:50 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.04.23 15:21:50 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.04.23 15:21:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008.07.23 15:38:17 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008.07.23 15:38:17 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008.07.23 15:38:17 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008.07.23 15:38:17 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008.07.23 15:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008.05.30 18:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.05.21 11:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2007.08.23 18:55:34 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
[1997.09.08 16:10:00 | 000,056,832 | ---- | C] () -- C:\windows\System32\iyvu9_32.dll
< End of report >

--- --- ---

Und als Letztes die Extras.Txt:

Code:

ATTFilter

OTL Extras logfile created on: 16.08.2010 21:08:49 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Taylan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 58,02 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,89 Gb Free Space | 20,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1020,00 Mb Total Space | 1017,69 Mb Free Space | 99,77% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KARAKURT
Current User Name: Taylan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{150F69A0-B77F-482E-9C2B-D5D05D506F60}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{233AEA61-1B33-4322-9143-6F1B108FAD28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{29AD1150-169E-425D-B2E1-484C5D75C0EE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2D921E4E-13AB-4DDC-B125-5F29F2024B7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31701E86-88E3-4CB8-BD20-F1061940815A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{35BCEF93-8673-495E-B3D7-C13AD531F859}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{38666E5A-1146-4ADA-8E18-B4A22079D8CE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3E3B8FDE-5EFF-4E26-A73E-5AAB2826CF1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{42C10D27-98D7-41C9-8064-1DDFE1B46CA4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{524E3BF8-4813-4E07-919E-402BFE495DDE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5296D6C3-7412-47CD-AE6A-0ADBA3BE3834}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{62BD10CB-1E11-4F73-B77D-5AA64D722EE9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{70078C23-E7F8-4274-BFA7-21E4FF2FFB2C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7188ABCB-0AD4-4832-A7DF-6E1EC4157763}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7650EB08-3C14-4AF7-8A77-A28531C3E99A}" = lport=13139 | protocol=17 | dir=in | name=star wars(r): empire at war(tm): forces of corruption(tm) | 
"{7D75258B-C31E-47A3-A990-902570E1C482}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7FDB5D59-091A-468B-9E4E-A13FBB9CD719}" = lport=6500 | protocol=17 | dir=in | name=star wars(r): empire at war(tm): forces of corruption(tm) | 
"{872E7A46-486F-4FFC-A172-0FAB83D81D8C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{91BCC85B-9BE6-4D42-BA87-78A7EDFAAEFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{94DC37C8-719F-42E5-9AD9-0CDA5953A8C6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9723CE3D-CE23-4813-A2EC-CE380A369F70}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9D78EA2A-1A81-4B68-81BD-2FA9B044B00C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{A4832F31-5626-40A9-9F2B-9A547086F910}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B10EFA8E-AAF0-49A6-8594-D75E75D9B65F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C6F5F7C0-4FC4-4C09-8890-97157D0EFF75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C7E46026-4E04-4434-A083-ED55EDE5A206}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CF8E7D5A-732D-4399-8919-F610C92304C8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E2359A78-6F13-4506-B54C-04EA90492EBF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F223F28A-3DB6-4662-831C-0F8A1686E64E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8B58276-D092-4249-AD6D-CAF4BA9DBA34}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FDB4D7F7-7E88-4107-93E4-D6EC5C931548}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026AA5F3-5157-4949-B3F2-7F99593FD913}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0E41888D-E29C-4D86-B01A-CFF59DE5769F}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{13B21AAD-7356-4D20-8619-B31560E16A66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1528E5CD-E3B1-4749-85C4-F618739A92B3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1C3A2D71-1B79-45E1-9493-7BB37D86C34F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{21528B62-23A6-4310-ACE8-7882E8E52AE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2468D2C4-60F9-4E3F-A1E9-C8F4A978DAAA}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{2E10C0F6-7025-4999-9FFB-CBF44E469679}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2FCF8C53-C7BD-47B5-9159-DDF43968B3D7}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{344F0119-7FD2-479C-8A5F-343E1CB6F872}" = protocol=6 | dir=out | app=system | 
"{3EE346A2-F005-44E1-8C04-9B5216E90C88}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4657EF35-6C48-4E8D-8E93-05C51A10CB4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{47947B17-F7AF-4BEF-AB38-7C1549063A8A}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{4874A6CB-53B5-4F00-9C89-627FDB173073}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{49C57AC0-96A4-4296-B658-A757ECD94C92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D2FF80B-BACA-4432-86E4-9AB1FC551084}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4EB8E202-18CE-47F2-B915-2AD933A61C56}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{52007A3C-62FC-4504-9178-FCE21740456F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{69046B04-CE89-4438-A5F1-2BE0AEABE190}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8171F608-8D22-4BEC-8884-007B9281D15C}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{83E21F68-0BC3-496E-89BC-3A85E78E7946}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{87BF3BDA-7512-44A7-A899-29610A1F77AA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D3C41AF-B8D0-4186-81AE-845C942C9497}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{A0E5FFE2-F0A7-4B22-9C2F-6AC5B96CA997}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A338F4E0-7AA1-4432-8B19-5DD4C7BE6A07}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B81B5E59-E1DC-47E9-9EAC-0FC20272BBE6}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{B8D2AB85-E523-444E-8F3A-B4C030D07A01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BA3D5710-460A-4AC5-A7FC-2E00502ED664}" = dir=in | name=usenet.nl | 
"{BDA7B49C-51B9-4E32-B307-AE626D10D098}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{C3DE85AB-896B-4F38-9AD0-3DACD99B4AA1}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{C8947545-6623-4EB5-A47C-AD5BF1C1D3D6}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{CA3A4834-1181-4337-98D4-DFA74977CF21}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CB51A3B9-5AD8-497D-8503-5D0ACC4AC9BB}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{D09F098C-E62F-48B1-A497-71F54C70047C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D3877550-89FD-4915-BF6C-16739696BE66}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{D6E3E2D9-E692-432B-A274-F75FE6E0D2A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBBC25CE-CD99-43BC-9EAD-75921B8FD183}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E0402D9B-78BB-4FEF-A0B2-92DD0A1CF207}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{E0896757-EA1C-46D6-9821-FFA6A9366CE8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{E7091CF0-6BCA-4C61-85BD-F85DF814CCA9}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{F5A08C2E-791D-444F-92ED-910189A725ED}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{FD5403C4-94FF-4D06-8D58-93BAB7B75277}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{021CCDEE-B623-4DF2-B6FF-FEE69DD5FA3B}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{05D4495F-7ED0-4EC5-A074-E64A084BB33A}C:\users\gerd\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\gerd\program files\dna\btdna.exe | 
"TCP Query User{0BEC262B-A9D9-4C20-9983-BE461C212C12}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | 
"TCP Query User{1994CCFD-E349-4B58-984E-9749A0C067EC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{4926E495-E2C0-484D-B3A0-96EB76231661}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{4BCBD5DC-5ED9-4C72-B23A-E67E0C820D86}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{588D7A28-8BF4-430F-82E8-E3F7E6624D3E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{59E6AD62-ED30-47E0-B65D-60E3A3298CC3}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{8B2A2E11-2D53-41B3-85A4-7F22306648D2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{AED70859-8B37-4D14-95C8-10F189AED0E7}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{B026E2ED-2592-40F0-B5F2-0E81592DFFB0}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{BE804FE9-10D7-4616-BC30-B5C96DCB2573}C:\users\gerd\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\gerd\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{C113B1CF-D52B-4348-B5F4-97B672BC155B}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"TCP Query User{C654BADA-A922-415D-9938-60EDEA9F5C24}C:\users\gerd\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\gerd\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
"TCP Query User{DAEBAD26-D299-4B5C-8F84-BE7E44A37566}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | 
"TCP Query User{F0924693-2930-4F09-8772-D36DA4F2ADA9}C:\users\gerd\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=6 | dir=in | app=c:\users\gerd\downloads\fogdownloader-rom_2_1_6_2049.exe | 
"TCP Query User{F9777F6D-9516-4FDC-9603-8761FC8A1666}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{117618B1-D0EB-4B91-BCFD-6CE0E8599C33}C:\users\gerd\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\gerd\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{227B38E7-F2BC-437D-A40E-3DFC851EDE7B}C:\users\gerd\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\gerd\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
"UDP Query User{2CF863D3-FF75-42D1-9A9B-00C4336F9C21}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{5F14F98E-FD95-46D5-83FA-548C117A741F}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | 
"UDP Query User{6D069016-C631-40D3-8994-DD7557AA7949}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{6E12E047-629B-4249-B659-49AB41965F7C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{92E14568-4537-4C6D-B2A2-4A6CE611432C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9FEF5AF7-0AE6-4DC5-BBE5-BDFF0C931279}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{AFC16387-9A20-4899-A329-E28083F08838}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{B610630B-AB2D-45CE-BF70-AFED9507F8C4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{CB88B3B1-87B7-4EE3-8606-3486CC99D86B}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{CF25FB2E-1957-40C6-B6B5-29647A4ACAA5}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{E07A4C29-0C21-4E46-BEFD-64502F804705}C:\users\gerd\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=17 | dir=in | app=c:\users\gerd\downloads\fogdownloader-rom_2_1_6_2049.exe | 
"UDP Query User{EDB242C7-1092-4807-9479-32F84EEF1980}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"UDP Query User{F864CD32-918C-4DC6-A7D6-3E5A4D099A60}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{FAF9A7D1-3B06-473D-BA20-C1ECF220D886}C:\users\gerd\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\gerd\program files\dna\btdna.exe | 
"UDP Query User{FE6A1B47-8813-46A0-8EEB-F4690839C75B}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{084D80A0-A897-F435-CE63-A3A7CDB46D9A}" = CCC Help Danish
"{0E485D10-139A-21B6-471C-7856AF893F42}" = Catalyst Control Center Localization Spanish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{196A2093-817C-7237-9FB8-7223FF8D3424}" = Catalyst Control Center Localization Portuguese
"{19C6BC99-B7D0-E36A-3F72-24501D2FF8F0}" = Catalyst Control Center Localization Thai
"{1C52C859-8E8E-4E69-9608-C923644AC1E0}" = LG PC Suite III
"{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}" = FOCMapEditor
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2462B5A9-CDE0-A51C-5646-6863B445B717}" = CCC Help Dutch
"{2472CC23-7C6E-F1A5-F439-B93CC198D0E2}" = Catalyst Control Center Graphics Light
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 21
"{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
"{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
"{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
"{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
"{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
"{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59FD1BDF-FEC7-403E-97FC-FBE437154BD2}" = Blasc3
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
"{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
"{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
"{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193d
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7BE6A272-9078-5035-FB61-D2D1C15D1EA0}" = Catalyst Control Center Localization Russian
"{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9320B364-EF7F-90E6-63F8-C58EEB9AE517}" = Catalyst Control Center Graphics Full New
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959B8759-D31A-CE42-6BA1-A8F7812C040B}" = CCC Help Finnish
"{959BAC64-7722-EBD6-660E-C74ED44CA0D3}" = Catalyst Control Center Localization Danish
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{99A5C123-2741-45BA-276A-8BDA52303CAD}" = CCC Help German
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools
"{9DEE62F7-3C8A-A6E8-6D00-99BB99B0A19C}" = CCC Help French
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3EB6C7C-F959-9258-3A35-2A6EDB9CA176}" = CCC Help Hungarian
"{A4B50564-9B8D-49DF-4A90-C6EC349A6538}" = Catalyst Control Center Localization Korean
"{A55C2FF6-4217-F05B-E603-0544CB9EBD93}" = Catalyst Control Center Localization French
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1" = Battlefront Extreme 2.2
"{B076BAB8-B78C-053A-FAC2-0A9CCD802E0A}" = CCC Help Korean
"{B1508FDD-AFC7-373B-8B96-6A6BEC48A9A8}" = Catalyst Control Center Localization Polish
"{B3B36E34-2E5A-20E8-AF99-A2D40E84CC6F}" = CCC Help Turkish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57BC333-F983-C25E-4C04-834548DF8607}" = Catalyst Control Center Localization Italian
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BECF6C08-ED85-7F05-E2CD-43A18DA0B3D7}" = CCC Help Spanish
"{BEEA5BCB-CCA1-6FBA-764C-625239FE0F50}" = CCC Help Polish
"{C09C13C7-B636-01CC-D5A1-A7411F858891}" = Catalyst Control Center Localization Czech
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C19BD21C-AF1A-CBC1-3B73-938B37F6B0E6}" = CCC Help Chinese Traditional
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9EF2D75-ECB0-602D-6700-977702AD7CCF}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
"{CC8128C5-EC9A-0167-65F5-305E78F1A535}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0FF1E97-85BA-C735-1D4C-636293B0E9F0}" = CCC Help Greek
"{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager
"{D4C5185C-A8DF-8466-FE8A-1692E08ECBF7}" = Skins
"{D7FD9036-5EE1-A970-B981-BF46AF433380}" = Catalyst Control Center Localization German
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF3C3C9A-C96B-051E-99D1-72D7CE823DA8}" = ccc-core-static
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F46CBAC2-20F4-98DA-D890-81F4DE2BF3BA}" = Catalyst Control Center Localization Finnish
"{F545FAC8-4D05-229A-E1A3-3DF671518DC3}" = CCC Help English
"{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FF165D48-1562-B757-E006-69197226E903}" = CCC Help Japanese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCA8569-F139-54BF-A9EF-092A3DFDFB4B}" = Catalyst Control Center Localization Dutch
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Azureus" = Azureus
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"DivX Setup.divx.com" = DivX-Setup
"Emicsoft Video Converter_is1" = Emicsoft Video Converter
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Game Cam" = Game Cam 2.54.0.47
"GameSpy Arcade" = GameSpy Arcade
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"IC Card Reader Driver" = IC Card Reader Driver v1.9e2
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PDF Complete" = PDF Complete
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"ScreenshotCaptor_is1" = Screenshot Captor 2.77.01
"Shattered Galaxy" = Shattered Galaxy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"Usenet.nl_is1" = Usenet.nl
"VLC media player" = VLC media player 1.1.0
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Was soll ich jetzt tun?

cosinus · 16.08.2010, 20:59

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: []  File not found
O32 - AutoRun File - [2010.05.25 16:16:58 | 000,000,076 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{4980d59d-7f05-11df-bb67-0024813f23a3}\Shell - "" = AutoRun
O33 - MountPoints2\{4980d59d-7f05-11df-bb67-0024813f23a3}\Shell\AutoRun\command - "" = H:\AUTOSTARTER.EXE -- File not found
[2010.08.04 17:31:55 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\Risen
[2010.08.04 17:29:48 | 000,000,000 | ---D | C] -- C:\windows\1C4551A64743409391E41477CD655043.TMP
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

DnIpR · 16.08.2010, 21:14

ok hab ich gemacht:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File F:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4980d59d-7f05-11df-bb67-0024813f23a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4980d59d-7f05-11df-bb67-0024813f23a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4980d59d-7f05-11df-bb67-0024813f23a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4980d59d-7f05-11df-bb67-0024813f23a3}\ not found.
File move failed. H:\AutoStarter.exe scheduled to be moved on reboot.
Folder C:\Users\Taylan\AppData\Local\Risen\ not found.
Folder C:\windows\1C4551A64743409391E41477CD655043.TMP\ not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gerd

User: Karakurt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karakurt.KARAKURT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Taylan
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 9717477 bytes
->Java cache emptied: 33495740 bytes
->FireFox cache emptied: 37997657 bytes
->Flash cache emptied: 142354 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 113376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3197167 bytes

Total Files Cleaned = 81,00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08162010_220840

Files\Folders moved on Reboot...
File\Folder H:\AutoStarter.exe not found!

Registry entries deleted on Reboot...

Danke dass du mir hilfst !

cosinus · 17.08.2010, 08:25

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

DnIpR · 17.08.2010, 10:00

Ich habe Combofix wie gesagt ausgeführt.
Er hat den Scan durchgeführt und auch ein paar infizierte Dateien gefunden und wiederhergestellt.

Am Schluss hat er meinen Rechner neugestartet und versucht die Logfile herzustellen.
Aber das hat nicht so ganz funktioniert. Das lief schon knapp eine Stunden und mein Desktop hatte sich nur bis zur Hälfte geladen. Also hab ich meinen Rechner neugestartet. Per Knopfdruck, da es nicht mehr reagierte.

Die Logfile konnte also nicht hergestellt werden :/

cosinus · 17.08.2010, 10:32

Schau mal in den Ordner C:\Qoobox bzw. ob es c:\combofix.txt gibt

DnIpR · 17.08.2010, 11:42

Den Ordner Qoobox gibt es. Habe aber dort keine Logfile gefunden.

Im Ordner cofi.exe hab ich "Combofix.txt" gefunden :

Da stand aber nur

*Weg edititiert*

*brauchte man nicht*

cosinus · 17.08.2010, 12:23

Hmpf. Dann mach den Durchgang mit cofi.exe einfach nochmal

DnIpR · 17.08.2010, 12:35

hmm Ok. Mach ich.

16.08.2010, 13:22	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google Links leiten des öfteren falsch weiter Denk ans Update und den Vollscan. Am besten einen neuen Beitrag dann posten. __________________ Logfiles bitte immer in CODE-Tags posten

17.08.2010, 10:32	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google Links leiten des öfteren falsch weiter Schau mal in den Ordner C:\Qoobox bzw. ob es c:\combofix.txt gibt __________________ Logfiles bitte immer in CODE-Tags posten

17.08.2010, 12:23	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google Links leiten des öfteren falsch weiter Hmpf. Dann mach den Durchgang mit cofi.exe einfach nochmal __________________ Logfiles bitte immer in CODE-Tags posten

Google Links leiten des öfteren falsch weiter

Log-Analyse und Auswertung: Google Links leiten des öfteren falsch weiter