Antimalware Doctor entfernt, trotzdem verdächtige Datei übrig (azlkl.sys)

chemikär · 22.08.2010, 15:13

Hallo!

Ich brauche Hilfe um meinen Computer endgültig sauber zu bekommen. Was ist passiert?

1. Vor ein paar Tagen, auf einmal diverse Antivir-Meldungen, aber zu spät, der Antimalware Doctor hatte sich installiert.

2. Er ließ sich über den Task Manager durch Beenden der Prozesse ("newsecurityapp" und einer mit kryptischen Buchstaben) bis zum nächsten Neustart ausschalten.

3. Antivir komplette Prüfung ergab zwei Funde, einer ging in Quarantäne der andere nicht (s. unten)

4. Malware Bytes fand 25 infizierte Objekte und entfernte sie ohne Probleme.

Log:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4456

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.08.2010 20:51:49
mbam-log-2010-08-21 (20-51-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|)
Durchsuchte Objekte: 1009068
Laufzeit: 3 Stunde(n), 19 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kbfwygsj (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\resultdns service (Adware.ResultDns) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\****\AppData\Roaming\GabPath (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\****\AppData\Roaming\9E5D7AD44EDC4D5D2F9AD202378D1506\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\hyyeiuvxe\xnalxjeshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\ProgramData\ResultDns\resultdns112.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVXR0QUS\nezgb[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INFE7D4O\cgbvd[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRGQIEML\newsecureapp70700[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5SCQ262\cgbvd[2].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5SCQ262\qhysq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\mkcxhunr.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\cxrwonsema.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Roaming\GabPath\config.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns\resultdns.dll (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns\uninstall.exe (Adware.ResultDns) -> Quarantined and deleted successfully.

5. CCleaner

6. Das Problem: Die zweite Datei die Antivir gefunden hatte "azlkl.sys", liegt in \Windows\system32\drivers

Verdächtige Eigenschaft: Aktualisiert sich ständig, sprich Aktualisierungsdatum/zeit entspricht immer der Systemzeit.

Antivir sagt, das ist "TR/Crypt.ZPACK.Gen". Die Datei lässt sich weder mit Antivir, noch manuell, noch mit Malware Bytes, noch mit CCleaner löschen. Begründung irgendwas mit "das Gerät ist in Benutzung".

Antivir Log:

Zitat:

Beginne mit der Suche in 'C:\Windows\System32\drivers\azlkl.sys'
C:\Windows\System32\drivers\azlkl.sys
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[WARNUNG] Die Datei konnte nicht geöffnet werden!

Beginne mit der Desinfektion:
C:\Windows\System32\drivers\azlkl.sys
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
[WARNUNG] Die Quelldatei konnte nicht gefunden werden.
[HINWEIS] Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
[WARNUNG] Fehler in der ARK Library
[WARNUNG] Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden.Mögliche Ursache: Ein an das System angeschlossenes Gerät funktioniert nicht.

7. RSIT Log: (bei der Benutzung von RSIT startete der Computer zwei mal mit Verweis auf "kritsichen Fehler" neu

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by **** at 2010-08-22 15:14:20
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 422 GB (63%) free of 675 GB
Total RAM: 3071 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:14:45, on 22.08.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\****\Desktop\RSIT.exe
C:\Program Files\trend micro\****.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 8967 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{B7A6DFE8-4CD8-4873-B942-5716A181E03A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-17 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-07-30 1086816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-07-30 1086816]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-07-12 178712]
""= []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-08 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-06-17 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 237568]
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-08-09 133432]

C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-08-22 15:10:28 ----D---- C:\Program Files\trend micro
2010-08-22 15:10:26 ----D---- C:\rsit
2010-08-21 23:18:58 ----D---- C:\Program Files\CCleaner
2010-08-21 16:38:43 ----D---- C:\Users\****\AppData\Roaming\Malwarebytes
2010-08-21 16:35:30 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-21 16:35:28 ----D---- C:\ProgramData\Malwarebytes
2010-08-21 16:35:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-21 16:35:28 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-19 19:57:57 ----D---- C:\Users\****\AppData\Roaming\A631A1E0297E4A7307FA897ECBAE081B
2010-08-19 19:51:59 ----A---- C:\Windows\system32\drivers\azlkl.sys
2010-08-19 19:51:09 ----D---- C:\Users\****\AppData\Roaming\9E5D7AD44EDC4D5D2F9AD202378D1506
2010-08-16 22:23:51 ----D---- C:\Program Files\VirtualBusA6CRC3
2010-08-13 09:45:51 ----A---- C:\Windows\system32\iccvid.dll
2010-08-13 09:45:47 ----A---- C:\Windows\system32\mshtml.dll
2010-08-13 09:45:46 ----A---- C:\Windows\system32\ieframe.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\wininet.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\urlmon.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\occache.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\mstime.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\mshtmled.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\iertutil.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\iepeers.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\ieencode.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-13 09:45:45 ----A---- C:\Windows\system32\ieaksie.dll
2010-08-13 09:45:44 ----A---- C:\Windows\system32\ieapfltr.dll
2010-08-13 09:45:40 ----A---- C:\Windows\system32\schannel.dll
2010-08-13 09:45:37 ----A---- C:\Windows\system32\win32k.sys
2010-08-13 09:45:36 ----A---- C:\Windows\system32\rtutils.dll
2010-08-13 09:45:33 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-13 09:45:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-13 09:45:29 ----A---- C:\Windows\system32\msxml3.dll
2010-08-13 09:45:28 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-13 09:45:28 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-13 09:45:25 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 18:17:51 ----D---- C:\Users\****\AppData\Roaming\NVIDIA
2010-08-10 10:16:14 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-08-10 10:16:14 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-08-10 10:16:14 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-08-10 10:16:14 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-08-10 10:16:14 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-08-10 10:16:14 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-08-10 10:16:14 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-08-10 10:16:13 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-08-10 10:16:13 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-08-10 10:16:13 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-08-10 10:16:13 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-08-10 10:16:13 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-08-10 10:16:08 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-08-10 10:16:08 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-08-10 10:16:07 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-08-09 11:59:20 ----D---- C:\Program Files\Common Files\Steam
2010-08-09 11:59:17 ----D---- C:\Program Files\Steam
2010-08-08 21:18:41 ----D---- C:\Program Files\nHancer
2010-08-08 20:09:59 ----D---- C:\ProgramData\Caphyon
2010-08-08 18:10:18 ----D---- C:\ProgramData\NVIDIA Corporation
2010-08-08 18:08:59 ----A---- C:\Windows\system32\OpenCL.dll
2010-08-08 18:08:59 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-08-08 18:08:59 ----A---- C:\Windows\system32\nvoglv32.dll
2010-08-08 18:08:59 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-08-08 18:08:57 ----A---- C:\Windows\system32\nvcuvid.dll
2010-08-08 18:08:57 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-08-08 18:08:57 ----A---- C:\Windows\system32\nvcuda.dll
2010-08-08 18:08:57 ----A---- C:\Windows\system32\nvcompiler.dll
2010-08-08 18:08:57 ----A---- C:\Windows\system32\nvcod1922.dll
2010-08-08 18:08:57 ----A---- C:\Windows\system32\nvcod.dll
2010-08-03 09:23:13 ----A---- C:\Windows\system32\shell32.dll
2010-07-27 12:00:01 ----A---- C:\Windows\system32\Iyvu9_32.dll
2010-07-27 12:00:01 ----A---- C:\Windows\system32\Iacenc.dll

======List of files/folders modified in the last 1 months======

2010-08-22 15:14:15 ----D---- C:\Windows\Temp
2010-08-22 15:13:22 ----D---- C:\Users\****\AppData\Roaming\Skype
2010-08-22 15:12:44 ----D---- C:\ProgramData\NVIDIA
2010-08-22 15:10:28 ----RD---- C:\Program Files
2010-08-22 15:10:06 ----D---- C:\Windows
2010-08-22 15:08:35 ----D---- C:\Windows\Tasks
2010-08-22 15:04:29 ----D---- C:\Windows\System32
2010-08-22 15:04:29 ----D---- C:\Windows\inf
2010-08-22 15:04:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-22 15:04:18 ----D---- C:\Windows\Prefetch
2010-08-22 14:56:33 ----D---- C:\Users\****\AppData\Roaming\skypePM
2010-08-22 00:04:25 ----D---- C:\Windows\system32\drivers
2010-08-21 23:25:05 ----SHD---- C:\System Volume Information
2010-08-21 23:22:46 ----D---- C:\Windows\Minidump
2010-08-21 23:22:46 ----D---- C:\Windows\Debug
2010-08-21 23:14:30 ----D---- C:\Windows\Globalization
2010-08-21 20:51:49 ----HD---- C:\ProgramData
2010-08-21 16:31:52 ----D---- C:\ProgramData\Google Updater
2010-08-19 19:36:12 ----D---- C:\Users\****\AppData\Roaming\ICQ
2010-08-14 13:40:47 ----D---- C:\Windows\Microsoft.NET
2010-08-14 13:40:41 ----RSD---- C:\Windows\assembly
2010-08-14 00:18:18 ----D---- C:\Program Files\Internet Explorer
2010-08-14 00:18:17 ----D---- C:\Program Files\Movie Maker
2010-08-13 17:10:40 ----D---- C:\Windows\winsxs
2010-08-13 17:10:13 ----SHD---- C:\Windows\Installer
2010-08-13 17:10:09 ----D---- C:\Program Files\Microsoft Works
2010-08-13 17:06:43 ----D---- C:\Windows\system32\catroot
2010-08-13 17:06:42 ----D---- C:\Windows\system32\catroot2
2010-08-13 17:06:23 ----D---- C:\ProgramData\Microsoft Help
2010-08-12 12:04:02 ----D---- C:\Program Files\ICQ7.2
2010-08-11 18:17:36 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-09 17:14:38 ----D---- C:\Program Files\XAcars for MSFS
2010-08-09 11:59:20 ----D---- C:\Program Files\Common Files
2010-08-08 22:21:58 ----D---- C:\Users\****\AppData\Roaming\nHancer
2010-08-08 20:10:04 ----D---- C:\ProgramData\nHancer
2010-08-08 18:10:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-08 18:08:51 ----D---- C:\NVIDIA
2010-08-07 16:34:44 ----D---- C:\Program Files\SystemRequirementsLab
2010-08-04 10:02:36 ----D---- C:\Program Files\vBus
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-29 13:07:53 ----D---- C:\Windows\system
2010-07-27 12:00:01 ----D---- C:\Program Files\Intel
2010-07-27 11:51:40 ----D---- C:\Spiele
2010-07-25 16:31:38 ----D---- C:\Program Files\FSacars
2010-07-25 14:19:24 ----D---- C:\Program Files\VATroute
2010-07-25 12:20:16 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-12 56816]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 msloop;Microsoft Loopbackadaptertreiber; C:\Windows\system32\DRIVERS\loop.sys [2008-01-19 6656]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 npusbio;npusbio; C:\Windows\System32\Drivers\npusbio.sys [2008-04-25 36384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-10-03 99840]
R3 SaiH075C;SaiH075C; C:\Windows\system32\DRIVERS\SaiH075C.sys [2006-07-27 176640]
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2009-06-10 14080]
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2009-06-10 36992]
R3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [2008-09-05 364544]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-06-25 75064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-07-30 185640]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]

-----------------EOF-----------------

--- --- ---

Ich hoffe ihr könnt mir weiterhelfen.

Viele Grüße

PS.: Ich weiß das Vista noch auf SP1 läuft, das automatische Update auf SP2 hatte damals nicht geklappt, mache ich aber als erstes, wenn der Rechner wieder sicher ans Netz kann

cosinus · 23.08.2010, 14:20

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

chemikär · 23.08.2010, 15:09

OTL Log

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.08.2010 15:53:47 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 659,11 Gb Total Space | 411,95 Gb Free Space | 62,50% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 1,40 Gb Free Space | 13,73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,88 Gb Total Space | 0,42 Gb Free Space | 22,52% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 29,30 Gb Total Space | 2,38 Gb Free Space | 8,11% Space Free | Partition Type: NTFS
 
Computer Name: ****
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\update.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (npusbio) -- C:\Windows\System32\drivers\npusbio.sys (Thesycon GmbH, Germany)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (msloop) -- C:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (SaiH075C) -- C:\Windows\System32\drivers\SaiH075C.sys (Saitek)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\****\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 12:20:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.26 12:25:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.17 10:33:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.03 16:13:00 | 000,000,000 | ---D | M]
 
[2008.10.07 11:08:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.08.19 12:24:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ykqyfzp3.default\extensions
[2010.05.07 19:05:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ykqyfzp3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.10 10:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ykqyfzp3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.06.26 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ykqyfzp3.default\extensions\battlefieldheroespatcher@ea.com
[2010.06.06 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ykqyfzp3.default\extensions\firefox@tvunetworks.com
[2009.11.07 17:29:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ykqyfzp3.default\extensions\moveplayer@movenetworks.com
[2010.08.16 20:36:39 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\ykqyfzp3.default\searchplugins\icqplugin-1.xml
[2010.07.10 10:55:50 | 000,000,168 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\ykqyfzp3.default\searchplugins\icqplugin.gif
[2010.07.10 10:55:50 | 000,000,618 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\ykqyfzp3.default\searchplugins\icqplugin.src
[2010.07.18 16:45:55 | 000,001,056 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\ykqyfzp3.default\searchplugins\icqplugin.xml
[2010.08.19 12:24:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.23 18:27:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.03.12 11:56:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 11:56:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 11:56:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 11:56:45 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 11:56:45 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {00000130-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.25 23:49:00 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d6d1f0d-93e2-11dd-93ca-001644941e23}\Shell - "" = AutoRun
O33 - MountPoints2\{2d6d1f0d-93e2-11dd-93ca-001644941e23}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found
O33 - MountPoints2\{c0ee9682-01b0-11dd-866d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0ee9682-01b0-11dd-866d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\stub.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.23 15:53:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2010.08.22 15:10:28 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.08.22 15:10:26 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.21 23:18:58 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.21 16:38:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.08.21 16:35:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.21 16:35:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.21 16:35:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.21 16:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.21 16:35:14 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup234.exe
[2010.08.21 16:35:05 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\****\Desktop\mbam-setup.exe
[2010.08.19 19:57:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\A631A1E0297E4A7307FA897ECBAE081B
[2010.08.19 19:51:38 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\hyyeiuvxe
[2010.08.19 19:51:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\9E5D7AD44EDC4D5D2F9AD202378D1506
[2010.08.18 19:13:49 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Roadmaps
[2010.08.16 22:23:51 | 000,000,000 | ---D | C] -- C:\Programme\VirtualBusA6CRC3
[2010.08.14 13:31:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\British_Airways_Virtual_F
[2010.08.13 09:45:51 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.13 09:45:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.13 09:45:45 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.13 09:45:45 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.13 09:45:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.08.13 09:45:45 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.13 09:45:45 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.08.13 09:45:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.13 09:45:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.13 09:45:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.13 09:45:44 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.13 09:45:37 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.13 09:45:36 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.13 09:45:33 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.13 09:45:32 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.12 16:09:34 | 000,000,000 | R--D | C] -- C:\Users\****\Documents\Notes
[2010.08.11 18:17:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\NVIDIA
[2010.08.10 10:17:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\2K Games
[2010.08.10 10:16:14 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.08.10 10:16:14 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.08.10 10:16:14 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.08.10 10:16:14 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.08.10 10:16:14 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010.08.10 10:16:14 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.08.10 10:16:14 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.08.10 10:16:13 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.08.10 10:16:13 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.08.10 10:16:13 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.08.10 10:16:13 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.08.10 10:16:13 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.08.10 10:16:08 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.08.10 10:16:08 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.08.10 10:16:07 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.08.09 11:59:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam
[2010.08.09 11:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2010.08.08 22:50:49 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\treesbackup
[2010.08.08 21:18:41 | 000,000,000 | ---D | C] -- C:\Programme\nHancer
[2010.08.08 20:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2010.08.08 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.08.08 18:08:59 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.08.08 18:08:59 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.08.08 18:08:59 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.08.08 18:08:59 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.08.08 18:08:59 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.08.08 18:08:57 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.08.08 18:08:57 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.08.08 18:08:57 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.08.08 18:08:57 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.08.08 18:08:57 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.08.08 18:08:57 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.08.02 15:10:57 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\MfN2
[2010.07.29 11:05:50 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Blues Brothers 2000
[2010.07.27 12:00:01 | 000,144,384 | ---- | C] (Intel Corporation) -- C:\Windows\System32\Iacenc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.23 15:56:03 | 000,783,872 | ---- | M] () -- C:\Windows\System32\drivers\azlkl.sys
[2010.08.23 15:54:09 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.23 15:53:43 | 004,194,304 | -HS- | M] () -- C:\Users\****\NTUSER.DAT
[2010.08.23 15:52:33 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7A6DFE8-4CD8-4873-B942-5716A181E03A}.job
[2010.08.23 15:51:46 | 000,037,781 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.23 15:51:46 | 000,037,781 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.23 15:51:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.23 15:51:30 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.23 15:51:30 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.23 15:51:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.23 15:51:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.23 15:51:18 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.23 15:47:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2010.08.22 15:34:06 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.08.22 15:34:06 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.22 15:33:59 | 004,112,538 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db
[2010.08.22 15:18:04 | 001,418,600 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.22 15:18:04 | 000,618,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.22 15:18:04 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.22 15:18:04 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.22 15:18:04 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.22 14:15:26 | 000,339,991 | ---- | M] () -- C:\Users\****\Desktop\RSIT.exe
[2010.08.21 23:47:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.21 23:24:32 | 000,238,976 | ---- | M] () -- C:\Users\****\Documents\cc_20100821_232423.reg
[2010.08.21 23:18:58 | 000,000,806 | ---- | M] () -- C:\Users\****\Desktop\CCleaner.lnk
[2010.08.21 16:35:32 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.21 16:19:34 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup234.exe
[2010.08.19 21:43:00 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\****\Desktop\mbam-setup.exe
[2010.08.18 19:48:02 | 000,002,579 | ---- | M] () -- C:\Users\****\Desktop\EuroScope 3.1d.lnk
[2010.08.16 12:48:31 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.14 23:34:04 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010.08.14 23:34:04 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010.08.14 13:24:31 | 000,540,160 | ---- | M] () -- C:\Users\****\Desktop\pegasus.exe
[2010.08.14 10:29:57 | 000,319,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.09 12:05:34 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.08.05 16:04:10 | 046,989,789 | ---- | M] () -- C:\Users\****\Desktop\M2_KITH_US.wmv
[2010.08.05 11:19:14 | 000,715,934 | ---- | M] () -- C:\Users\****\Desktop\PMC1B-HV-Blockprakt_2009_Aenderung.pdf
[2010.08.05 11:19:08 | 001,193,835 | ---- | M] () -- C:\Users\****\Desktop\PMC1A-HV-WS0910.pdf
[2010.08.05 11:18:52 | 002,255,228 | ---- | M] () -- C:\Users\****\Desktop\PMC1-VV-WS0910.pdf
[2010.07.30 18:50:43 | 000,016,197 | ---- | M] () -- C:\Users\****\Desktop\Panela300backup.cfg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.22 15:01:55 | 000,339,991 | ---- | C] () -- C:\Users\****\Desktop\RSIT.exe
[2010.08.21 23:24:26 | 000,238,976 | ---- | C] () -- C:\Users\****\Documents\cc_20100821_232423.reg
[2010.08.21 23:18:58 | 000,000,806 | ---- | C] () -- C:\Users\****\Desktop\CCleaner.lnk
[2010.08.21 16:35:32 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.19 19:51:59 | 000,783,872 | ---- | C] () -- C:\Windows\System32\drivers\azlkl.sys
[2010.08.14 13:33:31 | 000,540,160 | ---- | C] () -- C:\Users\****\Desktop\pegasus.exe
[2010.08.09 11:59:17 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.08.08 23:22:09 | 000,000,571 | ---- | C] () -- C:\Users\****\Desktop\0_eddf_fs9_vtp.Bgl
[2010.08.08 18:25:18 | 000,037,781 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.08.08 18:25:18 | 000,037,781 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.08.08 18:08:59 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.08.05 11:19:14 | 000,715,934 | ---- | C] () -- C:\Users\****\Desktop\PMC1B-HV-Blockprakt_2009_Aenderung.pdf
[2010.08.05 11:19:08 | 001,193,835 | ---- | C] () -- C:\Users\****\Desktop\PMC1A-HV-WS0910.pdf
[2010.08.05 11:18:51 | 002,255,228 | ---- | C] () -- C:\Users\****\Desktop\PMC1-VV-WS0910.pdf
[2010.08.02 19:13:54 | 046,989,789 | ---- | C] () -- C:\Users\****\Desktop\M2_KITH_US.wmv
[2010.07.30 22:28:16 | 000,016,197 | ---- | C] () -- C:\Users\****\Desktop\Panela300backup.cfg
[2010.07.27 12:00:01 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2010.06.25 19:16:36 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2010.06.25 19:16:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2010.06.25 19:16:35 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2010.06.25 19:16:35 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2010.06.25 19:16:35 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2010.06.25 19:16:35 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2010.06.25 19:16:35 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2010.06.25 19:16:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2010.06.25 19:16:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2010.06.25 19:16:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2010.06.25 19:16:35 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2010.06.25 19:16:35 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2010.06.25 19:16:35 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2010.06.25 19:16:35 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2010.06.25 19:16:35 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2010.06.25 19:16:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2010.06.25 19:16:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2010.03.21 17:20:34 | 000,000,993 | ---- | C] () -- C:\Windows\STBC.ini
[2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.06.25 22:42:55 | 000,139,152 | ---- | C] () -- C:\Users\****\AppData\Roaming\PnkBstrK.sys
[2009.02.23 23:03:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.11.02 01:20:29 | 000,000,083 | ---- | C] () -- C:\Users\****\AppData\Local\X-Plane Installer.prf
[2008.11.02 01:20:08 | 000,000,049 | ---- | C] () -- C:\Users\****\AppData\Local\x-plane_install.txt
[2008.10.31 13:09:14 | 000,009,216 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.25 16:04:10 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.10.11 00:01:25 | 000,000,138 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat
[2008.10.10 22:29:01 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll
[2008.03.25 23:42:55 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.03.25 22:37:36 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.03.25 22:37:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.05.01 16:11:28 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC075C_11.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.01 19:14:08 | 000,097,280 | ---- | C] () -- C:\Windows\System32\TSRemote.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:40D3D3E8
< End of report >

--- --- ---

Extras.txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.08.2010 15:53:47 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Nils Friedrich\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 659,11 Gb Total Space | 411,95 Gb Free Space | 62,50% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 1,40 Gb Free Space | 13,73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,88 Gb Total Space | 0,42 Gb Free Space | 22,52% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 29,30 Gb Total Space | 2,38 Gb Free Space | 8,11% Space Free | Partition Type: NTFS
 
Computer Name: ****
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB16A58-3AC5-47E5-9CC8-FAA678142E6D}" = lport=3290 | protocol=17 | dir=in | name=fs internet | 
"{55B12F61-0228-45AE-BC10-286C15F1F49A}" = lport=8590 | protocol=6 | dir=in | name=aa | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060C78B9-5872-40F9-A389-7A99751E0CE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0757426F-9F02-4617-8000-959A9D1236DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{094040F2-709B-49B7-959B-76D5E91E54D4}" = protocol=17 | dir=in | app=c:\battlefield 2\bf2.exe | 
"{09D44283-5225-4BB2-B75F-B88699C3592B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{09DDB459-A969-4E85-B691-75F817A70869}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B092F34-E00B-40AA-9571-8FF09A0AFDD1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C7755BA-3218-4CFB-B74C-9E345F57110A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C9E0D8D-3635-4F34-BA4E-434A2B002988}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0EF8B00E-4E50-4FA2-B13F-B0174B3D58C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F5164F6-ED1B-414B-A8CD-6234DD8B235A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F9B5948-A8A1-4207-88E7-98EC0E8DA666}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0FE60B04-6C12-4A5E-92B1-277DB1B6D387}" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe | 
"{1013D944-22E4-479D-812C-650410C690AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1193A736-EC87-4E7F-B6D1-08155A4CCC85}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1402143A-4D84-4846-AD1F-B0A00663182A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15272FE3-A4EA-4270-8C5B-544ED6C90CF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{16D296E4-AFA4-4BBE-A870-1337B39FBF62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18B73335-B2F0-4744-A755-AABEB817B60F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{191582EC-7B95-4BD5-A6A2-C2AB31D7831B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{192EBDEE-A1AD-4D47-B45E-030565820CAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{193B7124-A8BF-47B0-B4E8-7439D59036CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1BC274BD-3450-487F-B9EB-8A50DCBB6265}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1BCCCD58-6047-4820-B88F-82F7EC492872}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C0AC365-CDD5-49C3-B948-759ABB39735A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1D7B447F-1291-4906-B404-FDF4D598DE7C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1DA875A7-9277-4068-BA81-E3B4B895A23E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E2A2B94-228D-4054-BDCC-98C81AEC3871}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1EC633F2-B018-4019-ABE6-313369D4A8E7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{22077E96-A977-4C87-BBD8-47CB536416B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{247E40BE-6F0D-4EDF-A2E9-EA8F027363B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{24E8C64E-1825-42D3-90AB-AC36D49783D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25EB16B1-905A-4D3C-BD42-942B863BAF2D}" = protocol=6 | dir=in | app=c:\battlefield 2\bf2.exe | 
"{27DD9F54-19EA-432F-9C32-745D28E1899F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E81290E-B003-4498-8E2B-124281DA32EB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EDD1032-E0B6-4618-A2DE-892A21CFD886}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EE8595A-BC32-410C-A5B2-8DF7436B88BD}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2F788239-4574-4FBD-9B3F-8F772C33C067}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2FA70D61-E627-42B7-8001-B9319F2F46BD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{31F42B8C-2AD1-498F-A726-0A2DF3981901}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe | 
"{337C2844-9119-42DF-8AC1-F3523F376445}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{351A0D84-17C5-4976-A05D-B2690EF5FDCC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3805AD25-5AE8-40F4-A1CC-902E589C7CC6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{3960885B-0692-44B6-80E6-8BFD788029BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39E9C597-2409-495A-891F-C47FD432C002}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3A26DA9D-9871-44F9-A0B5-08CB5380B6BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3DDF5E83-9E73-4674-9F30-0E9511F45A35}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3EC04D90-693C-4B94-8173-78E98B694DA0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{3ECE06FB-B644-463F-9F5B-E146BDAA2935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3F44DFB3-E17A-4D52-A70F-CD9318236528}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F698082-916F-4920-A681-18285BE2EEC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4199FEA0-7016-459E-9E62-5F2034208BAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43296C52-061F-4A58-A545-6ACACFFD77A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45503D69-921A-4287-8AB2-77AD00C70C98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{461F82FB-0AC2-47AE-BC56-56C42AC33EF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{465C2F41-CB90-4F68-AFF6-285F7184A8DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5087D26C-119C-4598-93B7-2280B4757417}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{514CE0CD-DE2E-46C6-B45E-18FABF64CF58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{52458CB8-843E-4156-B3CB-289055361D52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5396EF0E-7B29-4B7B-A4C5-F6202457C22F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{560926D5-3717-4FEF-8C69-0CB686C54E99}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{570E3865-12E0-4466-A795-281A15A62605}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{5B8AA2DE-8EFE-4C78-9254-7C86D9335AB0}" = protocol=6 | dir=in | app=c:\spiele\gtaiv\grand theft auto iv\launchgtaiv.exe | 
"{5D046BFB-532A-43BD-B740-EFF1912DCB48}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E01E992-A69D-43A1-A1C9-31F9D0884601}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{5E557849-5188-46EF-9641-16FFCCA64032}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5EA274FF-CE0F-4A9E-9227-129C185B1B60}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{614DA832-5E82-48ED-A8D5-1CDC4F1ACD6E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{615DA2A2-D38E-4DEC-9474-44ECB8F031FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{620950F1-3B1C-4410-8013-F9E341CC7E07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62146642-2583-453D-BF33-A7158346DFDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62730A6A-BFCD-4D5F-AA17-2ED87DE3E986}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62DF3D57-F807-4A38-A3C8-F8FA0F5583CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{630BD6CF-2306-4E25-8B46-C9E934C52187}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{63F1A681-3673-499C-AF6D-E97BEC5EA57D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64F6CC07-E6B7-43C1-9BDC-3AF7876DBBC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A8AFFCD-9FED-480F-86B3-4505796A09C0}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe | 
"{6CA63DAE-95CB-40C3-BDF7-EFA7F8AF0785}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6CCA280D-1272-4BE4-96D4-C9C058C16408}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6FA2CE4E-3AE3-42B6-A02E-AD42720EC84E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73A4AAF1-3987-4544-B724-D3E627ABE597}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73AAD54C-0CCA-4C39-9361-1D878230A7FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7406F0D0-DC20-437E-8540-F6597B14A173}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{74419F6B-5A3B-4746-99AE-7680342496C5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{761E7DDC-89D4-403D-9943-79776A44DA8F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{783F9DD1-A556-4976-A1A9-F0C21DC0BAE4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78838572-9495-4247-9F12-66B6EA4045C0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A5D9F3E-01A6-4C70-9327-C8AD9A11EC61}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B5DEAB9-4699-4389-98E7-2D71E98DF4E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B6BFB58-814B-4C38-86DD-0D5CCF53A830}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7EC4E16C-5C01-4F3B-B331-188F8974E2D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7ED99049-C669-48E0-AB0D-FB0182CE358B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{7F2F73CB-3A7D-419F-AB30-04ED20AB19DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F65455A-A322-4E1C-B5E0-57AD63E1FB45}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FB5934E-0CB2-49E6-BBD9-4FA1DCA4A32D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{813B3666-799E-46DA-BF97-F47F7F04E232}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8177357C-FBB9-4A81-A8D5-268A3BB3E7F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{819C4148-098F-41E8-98DB-4A3356A524C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83C1C1BF-1AB3-43DF-9B13-365984C35BA9}" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe | 
"{851AEF6C-2D3C-4569-AA28-0E5125D8D533}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{857ED66D-B51A-4E29-929B-DBC9ECE18ED1}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe | 
"{864DCD15-488E-4452-A41E-9C61CE2D43F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8933C867-2F02-4F61-BFFB-E0289A534713}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{89365C6D-26E0-4F40-9D91-2417C9989BEE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{89ADFD42-6C51-4204-A981-45956EEE5B43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A7C2933-C7A2-4323-8B3E-2C3370B11C71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BCB5543-5045-4738-8947-4CF254382911}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C982FB6-AF1C-46A9-88A5-48FD377BA402}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D20E051-72B9-43D4-9E00-6C4DB8B003C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D4095D3-760A-40D2-B260-7769EA729B83}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{8D5433D9-58B1-4836-88CC-E0B3B8BAF77D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8DE037F2-C752-4BC1-99B0-26E6C62E84CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{916E74FA-8529-49F9-917A-39D6DF05A04B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9314837C-C123-46CE-9FC1-ED37CFB02F71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95238B4B-E7E4-4BD5-8F2E-712D52E87CD8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96BBCB24-19CB-4E6E-BF81-5696A8EBEEDE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{970DB045-03C6-4EEA-A710-FD8EE248737C}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{978FD010-8987-4DFA-AA33-2A34C9BBB156}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9AADD9FA-77D4-47A8-B7A5-763D8A4DDAC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B604191-1783-48A8-A22D-10BE098C5DC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CA5DCFB-8ED8-418C-A1D1-58F0534F7587}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9EA62D87-06AB-4904-8692-93569BC3107D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F720118-F9DF-47FD-9848-1B22DCDA7BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FB663B1-A112-4AB2-8B66-49D08B841C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A1454C67-1271-4824-9C29-3DA67F80E54A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A17FA013-9234-4463-9620-F2D126FB1C6D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2237C43-D03F-476D-A989-F83A74CBA2D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A472E87A-2F4A-4759-B3DC-3AACA2A98D93}" = protocol=17 | dir=in | app=c:\spiele\gtaiv\grand theft auto iv\launchgtaiv.exe | 
"{A5127336-7211-4470-A3F7-554F2256E7EF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A533E1D2-DFFF-4ADC-901C-F14624634373}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{A646891E-EFFA-4C76-953B-2B1067F24DE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA2DE1C0-ACD8-4EB5-9DDF-30FFBCF9AEC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA78F454-53C9-49FE-A13D-A8F5B4FA2641}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB07C68C-F264-499B-A394-72155CD6001D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACE35864-6519-432F-8DE4-88AE5ACF1639}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD7D409C-2C55-4540-8931-F46352F99BE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE4FB651-9248-4860-B735-B582FA2D6F1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2266667-D8AD-44FE-A4F3-540856D1BF4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2C5BDEB-1DED-4B86-8755-AA1B21049188}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{B489F199-6DDA-4E06-A879-47EF49C60605}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5F15B61-2BA4-472A-8CC4-EC781EDED410}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B6CC106F-BEE1-4BF6-99AE-7839E9F07783}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{B74D3D2B-052C-429C-B909-07C99FCECF4C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B7D4D7E5-BEC1-4F02-8DB7-B20A98C08E3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BA999722-F776-486F-8C0D-97490AD32B89}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB202562-0C2E-49AC-87B8-59A61436A29A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BD0438A7-8A51-4429-AB17-7B6A950AC189}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF8CFC5A-6A2B-40D0-BAF8-B24675E1A7C1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C08F7BC3-9B8A-4D2C-A76E-A373297867B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2B2BC92-9B00-46A0-B0F4-F5274A74D95F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3BD596C-414B-48AC-A42B-DB4B58533444}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4A4CD35-82E4-4A55-BBA3-B6C282896F57}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4F7215C-14E5-413B-AF69-7CC0FD7F25EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA84BD22-5F8F-4173-8FBE-8B4707AF8E5F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CAE2B5D4-E08D-4C39-92A6-DE74624C50CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CCFB2D69-F6DB-4539-BC70-84195FAF2741}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD3E4D33-0738-44E5-B64E-FF22A225A431}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D2687DF1-0DB5-4E58-8881-571D2F85BB92}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D27F51D2-82CD-4AAA-BACE-9138B5AFEDEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D2908FB8-DE39-4689-AB54-60994C3A0C39}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D4DAAAD4-290B-426A-8002-88BBD9F4E2F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7D8C294-5619-49FB-B550-E2141AFE0A76}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{D8283BAD-F2A1-4206-A66A-1DCE0397F999}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D831DB66-DC09-48E8-BD7F-3C4F1CC8BF30}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{DB8F0F77-5D9C-472A-82C1-E61D981A0E05}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC14A2AE-FDCF-4F3F-BCBE-E3FBB8CF7E7D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DDB907F0-A920-4AC9-ABCC-1F9B3D6E4520}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe | 
"{DDDE6CFA-0434-4265-93DD-5C2B2FAB7508}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{DE4DC58F-85C5-4E04-95DA-64FBECDE48E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E01E2FAD-7E0C-4D8C-9661-D340C1F6FD6F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E23F4B41-24F4-4DD2-9A2D-D8AF7A98B048}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E5DA3B4A-44AF-4651-9004-BDD6A922C34B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E734FA17-4581-4751-A790-F86059148999}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8094055-5AC7-4EDA-9129-0D6103890FEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E91F7DC9-613D-4A96-81D8-3F4058982B89}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9444AC8-43AA-4B45-8F6B-E7581EB1D4B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA8E67A0-B9F5-4D7C-AD9E-7C7055FE9C52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EB02ACA6-C8AD-4BB9-88D8-E210F7564989}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC51555A-8581-4D7F-869F-10F19AF5DCB8}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{ED5C12EE-F247-4076-A71A-82B6D63B6FA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE9C201D-D86D-45D3-9EEF-A3C30E36E06C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F00A8E9A-3835-4938-9A7D-AC29C9137C34}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F191BA2E-F8E4-4591-9AC5-AAD186CD89E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F4152E76-68BB-4816-BBA3-47779D0F162A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F664DBB7-E7FA-4071-96F0-459C20938187}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7076C8E-7B54-4A13-B945-AA4E773533AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7193C1D-7BD9-4A1B-8BAF-68FD9FC7C762}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FA1B47EA-7A59-4FCA-982A-8D0872E9FC1C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FB69400F-0859-4D5C-BB4A-95F6808EC703}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC066956-2C7E-46B7-B4C3-962E57764310}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC687A8B-80CE-41D2-9241-51593FC2A90E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC9EB617-EE10-4B40-9F87-C6D37854B142}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FCF2F18E-9B64-491D-A0C2-FBB8B1E35DF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{0F80DFF0-64CE-4EDA-AEB0-7522A081FFFF}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{17E3A1AF-E723-4805-89DA-9DA87525B4B1}K:\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=k:\flight simulator 9\fs9.exe | 
"TCP Query User{1B60F557-3671-424A-AE2A-FAA9ABFCBF6D}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{20E5DCFB-C2CC-45A4-B40D-67E26D32AD67}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{21CA18DC-DE62-4340-9BBE-989E39C7C929}K:\fshost\fshost32.exe" = protocol=6 | dir=in | app=k:\fshost\fshost32.exe | 
"TCP Query User{24930F27-23E9-41E6-9042-3CBD584DCDCA}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 
"TCP Query User{29445C86-D600-4AC3-A5BD-4162033C48FC}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{2C0976CF-5704-4042-9672-005CB35EF08C}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe | 
"TCP Query User{2C811BED-9BE9-4502-88DA-6498EEEB6593}C:\program files\euroscope\euroscope.exe" = protocol=6 | dir=in | app=c:\program files\euroscope\euroscope.exe | 
"TCP Query User{3D258BD7-8008-41CF-A62A-6F8B13AC5A1B}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{4D92BE20-B2ED-404C-8D7E-96CCFB36FF9D}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 
"TCP Query User{4F70C021-556D-43CE-9B37-093B9D0040F6}C:\program files\fsfdt\control panel\fsfdtcp.exe" = protocol=6 | dir=in | app=c:\program files\fsfdt\control panel\fsfdtcp.exe | 
"TCP Query User{50B4F2FE-4757-465B-91D4-8765AC1E7C49}C:\program files\csernakgergely\euroscope\euroscope.exe" = protocol=6 | dir=in | app=c:\program files\csernakgergely\euroscope\euroscope.exe | 
"TCP Query User{5CEB38A8-2BA7-4A0E-AC8B-0E2F1A1DE651}K:\flight simulator 9\ibmegaserv.exe" = protocol=6 | dir=in | app=k:\flight simulator 9\ibmegaserv.exe | 
"TCP Query User{622FB040-24D8-4B58-95AC-1EFB4F01BCF2}C:\program files\csernakgergely\euroscope\euroscope.exe" = protocol=6 | dir=in | app=c:\program files\csernakgergely\euroscope\euroscope.exe | 
"TCP Query User{63541456-DD75-444E-9CB2-A263A1AFD151}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{6B0F27D8-006E-4478-A09D-BDCECE21DCF7}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe | 
"TCP Query User{78542D6C-B8A7-4DC9-839C-78FF5BB45479}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{7B810D73-7F39-47EA-917B-A90F77EDB307}C:\spiele\gtaiv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\spiele\gtaiv\grand theft auto iv\gtaiv.exe | 
"TCP Query User{8E932D1B-3543-4DE2-B4BC-3F7E4F034ED9}C:\program files\squawkbox\squawkbox_fs.exe" = protocol=6 | dir=in | app=c:\program files\squawkbox\squawkbox_fs.exe | 
"TCP Query User{91D81178-7187-40CC-B463-CC5E8E77E520}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{9C67350B-0B2B-42DE-A800-78E67A688786}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"TCP Query User{9F0A58B2-2F35-49F5-BAD5-472D1F221363}C:\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\america's army\system\armyops.exe | 
"TCP Query User{A20048EA-D843-49FB-BC8D-F2727132B236}C:\program files\vrc\vrc.exe" = protocol=6 | dir=in | app=c:\program files\vrc\vrc.exe | 
"TCP Query User{BE5758A7-21B7-4015-845A-86962F9B1DE4}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=6 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe | 
"TCP Query User{CF4878CD-A837-49FF-8D01-2A2A874A558B}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{D46A192C-254F-4F07-BEEF-866351A7C2D5}C:\program files\fsfdt\fwinn\fwinn.exe" = protocol=6 | dir=in | app=c:\program files\fsfdt\fwinn\fwinn.exe | 
"TCP Query User{D5327594-A78A-48D9-8810-7B6F852E925D}C:\program files\fsfdt\fwinn\fwinn.exe" = protocol=6 | dir=in | app=c:\program files\fsfdt\fwinn\fwinn.exe | 
"TCP Query User{D53C6214-404E-493A-844E-98FB139AC0F3}K:\flight simulator 9\ibserv.exe" = protocol=6 | dir=in | app=k:\flight simulator 9\ibserv.exe | 
"TCP Query User{E26B55B3-3157-402C-85E3-65B0A87E4724}C:\users\****\appdata\local\apps\2.0\p2zv3e7e.7hd\lhh9q00e.ykd\vat_..tion_6024084954dcf4d0_0000.0004_4c74de6f177183a4\vat_earth_fs.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\apps\2.0\p2zv3e7e.7hd\lhh9q00e.ykd\vat_..tion_6024084954dcf4d0_0000.0004_4c74de6f177183a4\vat_earth_fs.exe | 
"TCP Query User{E78BA2BD-69E9-43BD-ABAA-07ACF8C0A9B9}C:\program files\euroscope\euroscope.exe" = protocol=6 | dir=in | app=c:\program files\euroscope\euroscope.exe | 
"TCP Query User{EF627B74-63C0-457C-87D9-5EEFA4C9960B}K:\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=k:\flight simulator 9\fs9.exe | 
"TCP Query User{F0F2977F-B839-4C13-881C-093FCC86A320}C:\spiele\gtaiv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\spiele\gtaiv\grand theft auto iv\gtaiv.exe | 
"TCP Query User{FD4765EC-4987-45F6-BD82-866988AC9C05}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{01B0DF2B-B843-428C-9EF1-D29A82A585C8}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{03A01042-975D-4863-9D78-5DCB34F37D25}C:\program files\squawkbox\squawkbox_fs.exe" = protocol=17 | dir=in | app=c:\program files\squawkbox\squawkbox_fs.exe | 
"UDP Query User{121BBF8E-6007-45EC-B439-0ADECD3A2E8C}C:\program files\euroscope\euroscope.exe" = protocol=17 | dir=in | app=c:\program files\euroscope\euroscope.exe | 
"UDP Query User{14491DFA-1089-4F17-83E6-F4D0EA4B320A}K:\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=k:\flight simulator 9\fs9.exe | 
"UDP Query User{149BCFFE-2EB1-49E8-9D1E-59DCB48A5D6D}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=17 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe | 
"UDP Query User{1CC13B49-0B13-4A88-BA85-5A0BA7FB1AC0}K:\fshost\fshost32.exe" = protocol=17 | dir=in | app=k:\fshost\fshost32.exe | 
"UDP Query User{222D1AC4-739E-4285-A17D-F76D12DEFCA6}C:\program files\vrc\vrc.exe" = protocol=17 | dir=in | app=c:\program files\vrc\vrc.exe | 
"UDP Query User{29795FD3-0F14-4394-B3C1-3D0C8FB136C6}C:\program files\csernakgergely\euroscope\euroscope.exe" = protocol=17 | dir=in | app=c:\program files\csernakgergely\euroscope\euroscope.exe | 
"UDP Query User{2CE3DFD6-F157-44F2-AB4A-5FCF287152A9}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{48E26E55-F2A1-422D-9149-5CD65468696F}K:\flight simulator 9\ibserv.exe" = protocol=17 | dir=in | app=k:\flight simulator 9\ibserv.exe | 
"UDP Query User{523C3799-E727-4C90-A78A-DEE5827531F2}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{5278F693-BA47-415D-86D3-D1CFE2EDF7F0}C:\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\america's army\system\armyops.exe | 
"UDP Query User{56BF4D18-B9E2-4B2C-AC00-B60A2158C9C5}K:\flight simulator 9\ibmegaserv.exe" = protocol=17 | dir=in | app=k:\flight simulator 9\ibmegaserv.exe | 
"UDP Query User{5DAC5E41-95EB-4587-9CAA-806AFFB5F8BC}C:\program files\euroscope\euroscope.exe" = protocol=17 | dir=in | app=c:\program files\euroscope\euroscope.exe | 
"UDP Query User{6B8EE9A0-D0A4-4962-AFAC-7043FF059DFF}C:\program files\fsfdt\fwinn\fwinn.exe" = protocol=17 | dir=in | app=c:\program files\fsfdt\fwinn\fwinn.exe | 
"UDP Query User{6C20CCBE-6565-4989-8052-699206BD37D0}C:\users\****\appdata\local\apps\2.0\p2zv3e7e.7hd\lhh9q00e.ykd\vat_..tion_6024084954dcf4d0_0000.0004_4c74de6f177183a4\vat_earth_fs.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\apps\2.0\p2zv3e7e.7hd\lhh9q00e.ykd\vat_..tion_6024084954dcf4d0_0000.0004_4c74de6f177183a4\vat_earth_fs.exe | 
"UDP Query User{72E0A699-8856-4C44-B248-7DB8B8C28DCD}K:\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=k:\flight simulator 9\fs9.exe | 
"UDP Query User{77F74A01-37E3-4136-8DD0-AB06B85768B1}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 
"UDP Query User{83676D78-2294-4ED0-95B8-620E121CD132}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe | 
"UDP Query User{8486BF05-55B9-46A1-81DF-887E6FD773DA}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{9B17A73C-D5BF-4CEF-BD5D-24FE5A37FC30}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{9D941D1B-2A5D-499B-9BCA-FC2D8B480B77}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"UDP Query User{A6046E9E-994E-41D4-9DC4-02E52B844A2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{A92CB28B-4011-4663-879D-9559CB304A47}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{AFB99A5F-6E3C-4B25-A839-8C8D5AAE3228}C:\program files\fsfdt\control panel\fsfdtcp.exe" = protocol=17 | dir=in | app=c:\program files\fsfdt\control panel\fsfdtcp.exe | 
"UDP Query User{B18C76A0-9BB4-4BC4-B054-4FB8113A3647}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe | 
"UDP Query User{C4210705-CDD7-43C4-A183-43E3C7DE07CA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{CA3F7A0C-B050-4D2D-B487-4488EA4A245C}C:\program files\fsfdt\fwinn\fwinn.exe" = protocol=17 | dir=in | app=c:\program files\fsfdt\fwinn\fwinn.exe | 
"UDP Query User{CDDF7765-3343-4672-A262-95B67C40CFB5}C:\program files\csernakgergely\euroscope\euroscope.exe" = protocol=17 | dir=in | app=c:\program files\csernakgergely\euroscope\euroscope.exe | 
"UDP Query User{D0D8860A-4595-4F99-BD2F-A10820317BF7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{D2EB9370-5D43-46F9-AD69-D372BF544C50}C:\spiele\gtaiv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\spiele\gtaiv\grand theft auto iv\gtaiv.exe | 
"UDP Query User{DA0F9B2A-7EED-4350-AF48-035D2121E7D4}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 
"UDP Query User{DD4D26FC-BA47-462B-A7C9-3E7FE4E9CB9B}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{FD61BFEF-39A6-401D-A5D9-A73845C402DE}C:\spiele\gtaiv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\spiele\gtaiv\grand theft auto iv\gtaiv.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C3630A-7FD2-46DF-B514-A4B829B0021A}" = aerosoft's - German Airports 2 X - FSX
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04B73EB2-7538-4CC4-BBD6-5463E508B69B}" = aerosoft's - Balearic Islands X for FSX
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{0705EEB6-2F15-4D19-B37D-84C953E93D18}" = aerosoft's - German Airports 2 X - FS2004
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A902DF4-B767-49DB-98D3-D413E6F1E703}" = World of Subways Vol.2
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software  1.10.23.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200" = Canon iP4200
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2F76FF6D-B992-4FD9-8686-F09F868B2C58}" = FSNavigator
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{4D401B5C-5407-41E8-808F-584E5F46F2EB}" = aerosoft's - German Airports 3 X - FS2004
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.8.0521 EN
"{59FF06C1-A663-4839-9792-5AE37C724072}" = Just Flight World Airports 2 FS2004 v1.00
"{5EE08A0C-9C8B-4FEA-9E1D-31124A90FF75}" = aerosoft's - Balearic Islands X for FS2004
"{6360C5E9-2842-4213-88B9-47D814FAAD54}" = aerosoft's - German Airports 3 X - FSX
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C3D43F9-72E2-4DEB-98E9-E98AB49BDBCF}" = Kamchatka. The Lost World
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F702E8C-D01F-4128-AD93-4A9AE07603A9}" = Aerosoft's - German Airfields FREE - Wasserkuppe
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91309FCB-3520-4579-9BD8-6B8BF39C773A}_is1" = VRS F/A-18E Superbug
"{93878DDD-E621-4AFF-8203-2658451A3636}" = EuroScope 3.1d
"{93E61AF4-29C4-11D9-A9CC-0080AD30B67D}" = Landscape Germany Mesh
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B71B617-17A0-46C8-88CD-D21FD1F427C8}" = ActiveSky Version 6 and ActiveSky Graphics
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A486DC51-FE1D-4ADE-B12D-1501002978AE}" = XAcars for MSFS
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A901BF63-29AD-49A3-B067-231925E98B62}_is1" = Version 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA755AA7-B941-48A0-828C-7F43975E3EDE}_is1" = XAcars for Microsoft Flightsimulator
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{AF7362B6-BD39-4848-A991-3BA4319444AC}" = Landscape Germany Landclass
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C539AF6F-9DB3-458C-9274-1F3EE3291FB1}" = Abacus EZ-Libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C87E5016-201A-11D9-A9CC-0080AD30B67D}" = Landscape Germany Rivers
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF48A02C-E0F0-4A8A-BAB3-EDB68DD0BD49}" = Saitek SD6 Programming Software 6.6.6.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}" = America's Army
"{DE3FCA5F-7B8A-482B-89A9-CC9BD5F656A1}" = UEFA EURO 2008™
"{DF270969-CDFB-4005-B0A1-0CE6F19AB76A}_is1" = MSTS Bernina Bahn v0.7
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E63F475A-0FA0-4D63-9A83-09DDF8A7D226}" = KVB Linie 5 Version 3
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB9C5329-F982-435C-AEC5-EE0A75EE6395}" = muvee autoProducer 6.1
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"{FF61952D-09F6-4BE4-A1EA-8AA6EA060A1C}" = Virtual Dispatch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC78FC9-2FE6-4648-BFEB-446C61C2D61E}" = FSacars
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActivityChanger 1.5" = ActivityChanger 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AirSimmer A320 Family SL" = AirSimmer A320 Family SL 0.5.0
"ALMATY9 V2.0" = ALMATY9 V2.0
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity_is1" = Audacity 1.2.6
"Auf der Marschbahn nach Westerland" = Auf der Marschbahn nach Westerland
"AutoAtis_is1" = AutoAtis v3.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BOB Integral" = BOB Integral
"Bridge Commander" = Star Trek Bridge Commander
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Carenado Mooney M20J" = Carenado Mooney M20J
"CCleaner" = CCleaner
"DCS Black Shark" = DCS Black Shark
"Der VerkehrsGigant" = Der VerkehrsGigant
"Dolomynum" = Dolomynum (remove only)
"Durch den Schwarzwald nach Offenburg" = Durch den Schwarzwald nach Offenburg
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"Eve of Destruction Levels_is1" = Eve of Destruction 2.0 Levels
"Eve of Destruction_is1" = Eve of Destruction v2.0
"Faros Freeplay FMGS for A320" = Faros Freeplay FMGS for A320
"FinnMesh 2.0" = FinnMesh 2.0
"FinnTerrain 1.8" = FinnTerrain 1.8
"FIS2005_is1" = FIS2005 1.0
"Flight Book System" = Flight Book System 1.0
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"FlightGear_is1" = FlightGear v2.0.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"FreeZ" = FreeZ
"FSCheckride1.4  by FS2Crew" = FSCheckride1.4  by FS2Crew
"FSFDT FSCopilot" = FSFDT FSCopilot
"FSFDT FSInn" = FSFDT FSInn
"FSFDT VIP Standard 2004" = FSFDT VIP Standard 2004
"FS-ScenerySync_is1" = FS-ScenerySync 1.0.0.1
"Google Updater" = Google Updater
"Hamburg-City Scenery " = Hamburg-City Scenery 
"HolmenkollbanenV1.1" = HolmenkollbanenV1.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"IBNetPlayer" = IBNetPlayer
"ICQToolbar" = ICQ Toolbar
"IFSD Irish Scenery1.11 Full" = IFSD Irish Scenery
"Indeo® software" = Indeo® software
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"ISD PROJECT LIML2004" = ISD PROJECT LIML2004
"KVB B-Wagen Pack Vol. 3" = KVB B-Wagen Pack Vol. 3
"KVB K4000 Pack Vol. 1" = KVB K4000 Pack Vol. 1
"KVB Linie 6/12/15" = KVB Linie 6/12/15 1.30
"KVB-SWB K5000-Pack Vol.2" = KVB-SWB K5000-Pack Vol.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malta Intl. Airport V1.0" = Malta Intl. Airport V1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mega Scenery Zvartnots - Armenia 2008 for FS2004 1.00" = Mega Scenery Zvartnots - Armenia 2008 for FS2004 1.00
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mumble" = Mumble and Murmur
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"ProTrain 12 Karlsruhe - Basel 1.0" = ProTrain 12 Karlsruhe - Basel 1.0
"ProTrain 12 Weihnachtsspecial 1.0" = ProTrain 12 Weihnachtsspecial 1.0
"ProTrain 17 München-Salzburg 1.0" = ProTrain 17 München-Salzburg 1.0
"ProTrain 25 Koblenz - Giessen "Lahntalbahn" 1.0" = ProTrain 25 Koblenz - Giessen "Lahntalbahn" 1.0
"PSpice Student" = PSpice Student 9.1
"PunkBusterSvc" = PunkBuster Services
"QIP 2005_is1" = QIP 2005 8081
"QIP2005" = QIP 2005 Uninstall
"RealPlayer 12.0" = RealPlayer
"Rigs of Rods" = Rigs of Rods 0.36.2
"Ruta Sierras de Cordoba" = Ruta Sierras de Cordoba 1.0
"Ryanair Photoreal Repaint v4" = Ryanair Photoreal Repaint v4
"Samdim Design Antonov An-24RV" = Samdim Design Antonov An-24RV
"sceenPusher_is1" = screenPusher 1.3
"SimSig Edinburgh_is1" = SimSig Edinburgh V2.207
"SimSig System_is1" = SimSig V2.103
"SkyTest® Piloten Edition, Vista-Update 1_is1" = SkyTest® Piloten Edition, Vista-Update 1
"SkyTest® Piloten Edition_is1" = SkyTest® Piloten Edition 2.1
"Soekarno-Hatta airport scenery" = Soekarno-Hatta airport scenery
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"SquawkBox" = SquawkBox
"ST6UNST #1" = ICAO Editor
"Steam App 50280" = Mafia II - Demo
"STP DB ICE3 403" = STP DB ICE3 403
"Straßenbahn ( GT8-80-C ) 1.0" = Straßenbahn ( GT8-80-C ) 1.0
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"TmNationsForever_is1" = TmNationsForever
"Train Simulator 1.0" = Microsoft Train Simulator
"Train Store V3.2" = Train Store V3.2
"Tramway de Bordeaux - Ligne A v2.5 beta" = Tramway de Bordeaux - Ligne A v2.5 beta
"TVUPlayer" = TVUPlayer 2.5.3.1
"UK2000 Birmingham Xtreme" = Remove UK2000 Birmingham Xtreme files
"UK2000 Edinburgh Xtreme" = Remove UK2000 Edinburgh Xtreme files
"UK2000 Gatwick FREE" = Remove UK2000 Gatwick FREE files
"UK2000 Gatwick Xtreme" = Remove UK2000 Gatwick Xtreme files
"UK2000 Glasgow Xtreme" = Remove UK2000 Glasgow Xtreme files
"UK2000 Heathrow Xtreme" = Remove UK2000 Heathrow Xtreme files
"UK2000 Stansted Xtreme" = Remove UK2000 Stansted Xtreme files
"vasFMC FS2004 Gauge_is1" = vasFMC 2.0a9
"VATroute" = VATroute 0.0.1.021 
"vBus 2.2.1" = vBus 2.2.1
"VERONA VFR SCENERY" = VERONA VFR SCENERY
"VirtualBus" = VirtualBus A6C RC2.2
"VirtualBus_is1" = VirtualBus A6C RC3
"VRC" = VRC
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.1.8.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" Coche Motor Zanello - FCC" =  Coche Motor Zanello - FCC
"03a05e79d7136a65" = VATEarth Flight Simulator Client
"171a3bd25b2ddd36" = vroute.info
"5b954f6f7a1d5673" = Wee Tune Beastie
"737 Pilot in Command" = 737 Pilot in Command
"737 Pilot in Command (FSX - Vista)" = 737 Pilot in Command (FSX - Vista)
"De Hoekse Lijn v1.0" = De Hoekse Lijn v1.0
"Erfurt 2008" = Erfurt 2008
"Flyscenery Merrill C. Meigs Field Airport (KCGX)" = Flyscenery Merrill C. Meigs Field Airport (KCGX)
"Fokker 70-100" = Fokker 70-100
"Fokker 70-100 FSX" = Fokker 70-100 FSX
"QIP 2005" = QIP 2005 8092
"Rübelandbahn Version 1.1" = Rübelandbahn Version 1.1
"Seamulator 2009 Demo" = Seamulator 2009 Demo
"vBus" = vBus
"Wupper Express 11 Actpack 1.0" = Wupper Express 11 Actpack 1.0
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

cosinus · 23.08.2010, 17:10

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O33 - MountPoints2\{2d6d1f0d-93e2-11dd-93ca-001644941e23}\Shell - "" = AutoRun
O33 - MountPoints2\{2d6d1f0d-93e2-11dd-93ca-001644941e23}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found
O33 - MountPoints2\{c0ee9682-01b0-11dd-866d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0ee9682-01b0-11dd-866d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\stub.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
[2010.08.19 19:51:38 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\hyyeiuvxe
[2010.08.23 15:56:03 | 000,783,872 | ---- | M] () -- C:\Windows\System32\drivers\azlkl.sys
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:40D3D3E8
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

chemikär · 23.08.2010, 18:30

Hier ist das Logfile:

Zitat:

all processes killed
========== otl ==========
registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6d1f0d-93e2-11dd-93ca-001644941e23}\ deleted successfully.
Registry key hkey_local_machine\software\classes\clsid\{2d6d1f0d-93e2-11dd-93ca-001644941e23}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6d1f0d-93e2-11dd-93ca-001644941e23}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{2d6d1f0d-93e2-11dd-93ca-001644941e23}\ not found.
File l:\pushinst.exe not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0ee9682-01b0-11dd-866d-806e6f6e6963}\ deleted successfully.
Registry key hkey_local_machine\software\classes\clsid\{c0ee9682-01b0-11dd-866d-806e6f6e6963}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0ee9682-01b0-11dd-866d-806e6f6e6963}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{c0ee9682-01b0-11dd-866d-806e6f6e6963}\ not found.
File e:\stub.exe not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\f\ deleted successfully.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\f\ not found.
File f:\pushinst.exe not found.
C:\users\****\appdata\local\hyyeiuvxe folder moved successfully.
File c:\windows\system32\drivers\azlkl.sys not found.
Ads c:\programdata\temp:40d3d3e8 deleted successfully.
========== commands ==========
c:\windows\system32\drivers\etc\hosts moved successfully.
Hosts file reset successfully

[emptytemp]

user: All users

user: Default
->temp folder emptied: 0 bytes
->temporary internet files folder emptied: 33170 bytes
->flash cache emptied: 41 bytes

user: Default user
->temp folder emptied: 0 bytes
->temporary internet files folder emptied: 0 bytes
->flash cache emptied: 0 bytes

user: ****
->temp folder emptied: 257858 bytes
->temporary internet files folder emptied: 66340 bytes
->java cache emptied: 63440005 bytes
->firefox cache emptied: 36541181 bytes
->opera cache emptied: 0 bytes
->flash cache emptied: 5558 bytes

user: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\system32 .tmp files removed: 0 bytes
%systemroot%\system32\drivers .tmp files removed: 0 bytes
windows temp folder emptied: 138033 bytes
recyclebin emptied: 302 bytes

total files cleaned = 96,00 mb

otl by oldtimer - version 3.2.10.0 log created on 08232010_192244

files\folders moved on reboot...

Registry entries deleted on reboot...

cosinus · 23.08.2010, 19:25

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

chemikär · 24.08.2010, 12:20

Wenn ich den Computer mit dem Internet verbinde, startet er nach 1 Minuten, mit Verweis auf einen "kritischen Fehler" neu. Kann ich Combofix auch ohne aktive Internetverbindung ausführen?

cosinus · 24.08.2010, 15:26

Ja, kannst Du.

chemikär · 24.08.2010, 17:29

Combo Fix Log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-22.07 - **** 24.08.2010  18:09:06.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3071.2003 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\****\AppData\Roaming\9E5D7AD44EDC4D5D2F9AD202378D1506
c:\users\****\AppData\Roaming\9E5D7AD44EDC4D5D2F9AD202378D1506\enemies-names.txt
c:\users\****\AppData\Roaming\9E5D7AD44EDC4D5D2F9AD202378D1506\local.ini
c:\windows\system\msvbvm60.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-24 bis 2010-08-24  ))))))))))))))))))))))))))))))
.

2010-08-24 16:19 . 2010-08-24 16:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-23 17:22 . 2010-08-23 17:22	--------	d-----w-	C:\_OTL
2010-08-22 13:10 . 2010-08-22 13:14	--------	d-----w-	c:\program files\trend micro
2010-08-22 13:10 . 2010-08-22 13:14	--------	d-----w-	C:\rsit
2010-08-21 21:18 . 2010-08-21 21:18	--------	d-----w-	c:\program files\CCleaner
2010-08-21 14:38 . 2010-08-21 14:38	--------	d-----w-	c:\users\****\AppData\Roaming\Malwarebytes
2010-08-21 14:35 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 14:35 . 2010-08-21 14:35	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-21 14:35 . 2010-08-21 14:35	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-21 14:35 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-19 17:57 . 2010-08-19 17:57	--------	d-----w-	c:\users\****\AppData\Roaming\A631A1E0297E4A7307FA897ECBAE081B
2010-08-16 20:23 . 2010-08-16 20:26	--------	d-----w-	c:\program files\VirtualBusA6CRC3
2010-08-14 11:31 . 2010-08-14 12:18	--------	d-----w-	c:\users\****\AppData\Local\British_Airways_Virtual_F
2010-08-11 16:17 . 2010-08-11 16:17	--------	d-----w-	c:\users\****\AppData\Roaming\NVIDIA
2010-08-10 08:17 . 2010-08-10 08:17	--------	d-----w-	c:\users\****\AppData\Local\2K Games
2010-08-09 09:59 . 2010-08-09 09:59	--------	d-----w-	c:\program files\Common Files\Steam
2010-08-09 09:59 . 2010-08-12 16:34	--------	d-----w-	c:\program files\Steam
2010-08-08 19:18 . 2010-08-08 20:21	--------	d-----w-	c:\program files\nHancer
2010-08-08 18:09 . 2010-08-08 18:09	--------	d-----w-	c:\programdata\Caphyon
2010-08-08 16:10 . 2010-08-08 16:10	--------	d-----w-	c:\programdata\NVIDIA Corporation
2010-08-08 16:08 . 2010-07-09 22:37	56936	----a-w-	c:\windows\system32\OpenCL.dll
2010-08-08 16:08 . 2010-07-09 22:37	5107816	----a-w-	c:\windows\system32\nvwgf2um.dll
2010-08-08 16:08 . 2010-07-09 22:37	14092904	----a-w-	c:\windows\system32\nvoglv32.dll
2010-08-08 16:08 . 2010-07-09 22:37	11008040	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2010-08-08 16:08 . 2010-07-09 22:37	4553832	----a-w-	c:\windows\system32\nvcuda.dll
2010-08-08 16:08 . 2010-07-09 22:37	2892904	----a-w-	c:\windows\system32\nvcuvid.dll
2010-08-08 16:08 . 2010-07-09 22:37	2506344	----a-w-	c:\windows\system32\nvcuvenc.dll
2010-08-08 16:08 . 2010-07-09 22:37	236136	----a-w-	c:\windows\system32\nvcod1922.dll
2010-08-08 16:08 . 2010-07-09 22:37	236136	----a-w-	c:\windows\system32\nvcod.dll
2010-08-08 16:08 . 2010-07-09 22:37	10267240	----a-w-	c:\windows\system32\nvcompiler.dll
2010-07-27 10:00 . 1998-11-18 14:33	144384	----a-w-	c:\windows\system32\Iacenc.dll
2010-07-27 10:00 . 1997-06-13 06:56	56832	----a-w-	c:\windows\system32\Iyvu9_32.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 16:05 . 2008-10-14 19:17	--------	d-----w-	c:\programdata\Google Updater
2010-08-24 16:05 . 2009-06-06 22:08	--------	d-----w-	c:\users\****\AppData\Roaming\Skype
2010-08-24 16:02 . 2008-03-25 21:42	--------	d-----w-	c:\programdata\NVIDIA
2010-08-24 16:02 . 2009-06-06 22:09	--------	d-----w-	c:\users\****\AppData\Roaming\skypePM
2010-08-24 16:02 . 2010-08-08 16:25	37781	----a-w-	c:\programdata\nvModes.dat
2010-08-24 11:16 . 2008-03-26 04:53	618192	----a-w-	c:\windows\system32\perfh007.dat
2010-08-24 11:16 . 2008-03-26 04:53	122442	----a-w-	c:\windows\system32\perfc007.dat
2010-08-19 17:36 . 2008-12-09 16:50	--------	d-----w-	c:\users\****\AppData\Roaming\ICQ
2010-08-13 15:10 . 2008-03-25 21:51	--------	d-----w-	c:\program files\Microsoft Works
2010-08-13 15:06 . 2008-10-19 14:17	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-12 10:04 . 2010-07-10 08:55	--------	d-----w-	c:\program files\ICQ7.2
2010-08-11 16:17 . 2008-11-08 17:13	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-08-09 15:14 . 2008-10-09 12:48	--------	d-----w-	c:\program files\XAcars for MSFS
2010-08-08 20:21 . 2008-10-09 09:09	--------	d-----w-	c:\users\****\AppData\Roaming\nHancer
2010-08-08 18:10 . 2008-10-09 09:08	--------	d-----w-	c:\programdata\nHancer
2010-08-08 16:10 . 2008-10-07 09:47	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-07 14:34 . 2008-10-07 09:36	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-08-04 08:02 . 2009-07-12 16:28	--------	d-----w-	c:\program files\vBus
2010-07-27 10:00 . 2008-03-25 21:38	--------	d-----w-	c:\program files\Intel
2010-07-25 14:31 . 2008-10-21 15:55	--------	d-----w-	c:\program files\FSacars
2010-07-25 12:19 . 2008-11-12 11:20	--------	d-----w-	c:\program files\VATroute
2010-07-20 07:31 . 2010-07-20 07:31	--------	d-----w-	c:\program files\Saitek
2010-07-20 07:29 . 2010-07-20 07:29	--------	d-----w-	c:\programdata\Saitek
2010-07-20 07:28 . 2008-03-25 21:38	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-10 10:02 . 2010-07-10 09:41	--------	d-----w-	c:\program files\SOB
2010-07-10 08:55 . 2010-07-10 08:55	--------	d-----w-	c:\program files\ICQ6Toolbar
2010-07-10 08:55 . 2010-07-10 08:55	--------	d-----w-	c:\programdata\ICQ
2010-07-10 08:55 . 2008-12-09 16:50	--------	d-----w-	c:\program files\ICQ6.5
2010-07-09 22:37 . 2010-08-08 16:08	10920	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
2010-07-09 22:37 . 2009-02-09 12:18	604776	----a-w-	c:\windows\system32\nvudisp.exe
2010-07-09 22:37 . 2008-03-25 21:38	9818728	----a-w-	c:\windows\system32\nvd3dum.dll
2010-07-09 22:37 . 2008-03-25 21:38	1625192	----a-w-	c:\windows\system32\nvapi.dll
2010-07-09 14:20 . 2010-07-09 14:20	110696	----a-w-	c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20	66664	----a-w-	c:\windows\system32\nvshext.dll
2010-07-09 14:20 . 2010-07-09 14:20	1881704	----a-w-	c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20	1469544	----a-w-	c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20	13939816	----a-w-	c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20	129640	----a-w-	c:\windows\system32\nvvsvc.exe
2010-07-08 14:09 . 2010-07-08 14:10	1388544	----a-w-	c:\windows\MSVBVM60.DLL
2010-07-07 11:46 . 2009-02-28 17:47	604776	----a-w-	c:\windows\system32\NVUNINST.EXE
2010-07-04 17:21 . 2010-07-04 17:21	--------	d-----w-	c:\program files\Cockpit-online.org
2010-07-03 16:30 . 2010-07-03 16:30	--------	d-----w-	c:\program files\vasFMCnav
2010-06-28 16:17 . 2010-08-13 07:45	833024	----a-w-	c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-13 07:45	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-06-27 13:16 . 2009-01-24 19:30	--------	d-----w-	c:\program files\vasFMC
2010-06-25 17:17 . 2010-06-25 17:16	--------	d-----w-	c:\program files\OrCAD_Demo
2010-06-21 13:18 . 2010-08-13 07:45	2036736	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-13 07:45	36352	----a-w-	c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-13 07:45	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-13 07:45	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-18 11:48 . 2010-06-18 11:48	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-16 15:59 . 2010-08-13 07:45	898952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-06-11 15:31 . 2010-08-13 07:45	274432	----a-w-	c:\windows\system32\schannel.dll
2010-06-11 15:30 . 2010-08-13 07:45	1257472	----a-w-	c:\windows\system32\msxml3.dll
2010-06-08 17:00 . 2010-08-13 07:45	3598216	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-08 17:00 . 2010-08-13 07:45	3545992	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-02 02:55 . 2010-08-10 08:16	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-10 08:16	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-10 08:16	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2010-05-27 19:16 . 2010-08-13 07:45	81920	----a-w-	c:\windows\system32\iccvid.dll
2008-10-08 09:28 . 2008-10-08 09:28	61	--sh--w-	c:\windows\cnerolf.bin
2008-10-07 16:05 . 2008-10-07 16:05	61	--sh--w-	c:\windows\cnerolf.dat
2008-11-16 15:15 . 2008-11-16 15:15	22	--sha-w-	c:\windows\SMINST\HPCD.sys
2008-03-26 05:25 . 2008-03-26 04:54	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-09 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-08 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]

c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"AVMWlanClient"=c:\program files\avmwlanstick\FRITZWLANMini.ex
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c1,2e,7b,9f,5c,38,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-04-05 264704]
R3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio.sys [2008-04-25 36384]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys [2006-07-27 176640]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-07-30 185640]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - azlkl
.
Inhalt des "geplante Tasks" Ordners

2010-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 18:34]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 14:26]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 14:26]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{B7A6DFE8-4CD8-4873-B942-5716A181E03A}.job
- c:\windows\system32\msfeedssync.exe [2008-10-10 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ykqyfzp3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - plugin: c:\program files\Opera\program\plugins\Npindeo.dll
FF - plugin: c:\program files\TVUPlayer\npTVUAx.dll
FF - plugin: c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ykqyfzp3.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ykqyfzp3.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ykqyfzp3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://w*w.gmer.net
Rootkit scan 2010-08-24 18:19
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1400280738-944943155-76155050-1000\* c*]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1400280738-944943155-76155050-1000\Software\SecuROM\License information*]
"datasecu"=hex:e6,f9,c2,4d,26,fb,07,e7,71,6f,00,8b,31,cc,71,43,03,48,1d,98,f2,
   f6,25,cd,81,bf,76,68,01,f4,17,8f,8b,3c,b7,d8,1f,e2,bf,73,a8,d7,85,63,77,d0,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Zeit der Fertigstellung: 2010-08-24  18:22:06
ComboFix-quarantined-files.txt  2010-08-24 16:22

Vor Suchlauf: 23 Verzeichnis(se), 442.321.981.440 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 442.250.104.832 Bytes frei

- - End Of File - - 7B8AF77CACEF97CD8BA22C10D2C34BF1

--- --- ---

cosinus · 24.08.2010, 18:22

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

chemikär · 25.08.2010, 12:55

GMER hat was gefunden, ist aber beide Male an unterschiedlichen Stellen ziemlich hässlich (Blue Screen) abgestürzt.

OSAM konnte ich ausführen, aber ohne den Onlinepart, der Computer startete neu, bevor die Onlineüberprüfung fertig ist. Ich hoffe man kann mit dem Log trotzdem was anfangen:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:47:22 on 25.08.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"azlkl" (azlkl) - ? - C:\Windows\system32\drivers\azlkl.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\Users\****FR~1\AppData\Local\Temp\catchme.sys  (File not found)
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"npusbio" (npusbio) - "Thesycon GmbH, Germany" - C:\Windows\System32\Drivers\npusbio.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\Windows\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
{00000130-9980-0010-8000-00AA00389B71} "{00000130-9980-0010-8000-00AA00389B71}" - ? -   (File not found | COM-object registry key not found) / hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar Launcher" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"AVMWlanClient" - "AVM Berlin GmbH" - C:\Program Files\avmwlanstick\FRITZWLANMini.exe
"hpsysdrv" - "Hewlett-Packard Company" - c:\hp\support\hpsysdrv.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"KBD" - ? - C:\HP\KBD\KbdStub.EXE  (File found, but it contains no detailed information)
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"OsdMaestro" - "OsdMaestro" - "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"ProfilerU" - "Saitek" - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
"SaiMfd" - "Saitek" - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
"Start WingMan Profiler" - "Logitech Inc." - C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"WinampAgent" - ? - "C:\Program Files\Winamp\winampa.exe"  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Chasis Button Service" (HPBtnSrv) - ? - c:\hp\HPEZBTN\HPBtnSrv.exe  (File found, but it contains no detailed information)
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

Bootkit remover log:

Zitat:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6e1c385735071a353ec369fd572116f3

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

cosinus · 25.08.2010, 13:20

Zitat:

"azlkl" (azlkl) - ? - C:\Windows\system32\drivers\azlkl.sys (Hidden registry entry, rootkit activity | File not found)

Bitte mit OSAM deaktivieren + löschen, neues OSAM log posten (ohne DB-Abfrage)

chemikär · 25.08.2010, 13:42

Nach dem deaktivieren:

Zitat:

(Success) HKLM\SYSTEM\CurrentControlSet\Services\azlkl azlkl C:\Windows\system32\drivers\azlkl.sys

Log nach Löschen und Neustart:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:36:57 on 25.08.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\NILSFR~1\AppData\Local\Temp\catchme.sys  (File not found)
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"npusbio" (npusbio) - "Thesycon GmbH, Germany" - C:\Windows\System32\Drivers\npusbio.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\Windows\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
{00000130-9980-0010-8000-00AA00389B71} "{00000130-9980-0010-8000-00AA00389B71}" - ? -   (File not found | COM-object registry key not found) / hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar Launcher" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"AVMWlanClient" - "AVM Berlin GmbH" - C:\Program Files\avmwlanstick\FRITZWLANMini.exe
"hpsysdrv" - "Hewlett-Packard Company" - c:\hp\support\hpsysdrv.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"KBD" - ? - C:\HP\KBD\KbdStub.EXE  (File found, but it contains no detailed information)
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"OsdMaestro" - "OsdMaestro" - "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"ProfilerU" - "Saitek" - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
"SaiMfd" - "Saitek" - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
"Start WingMan Profiler" - "Logitech Inc." - C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"WinampAgent" - ? - "C:\Program Files\Winamp\winampa.exe"  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Chasis Button Service" (HPBtnSrv) - ? - c:\hp\HPEZBTN\HPBtnSrv.exe  (File found, but it contains no detailed information)
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

cosinus · 25.08.2010, 14:27

Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
Enter your choice: 2
Enter the physical disk number to fix (0-99, -1 to cancel): 0
Please select the MBR code to write to this drive: 3 (für Vista)
Gib nun Yes ein und bestätige mit ENTER.
Starte den Rechner neu auf.

Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

chemikär · 25.08.2010, 14:48

MBR Log 1539:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: KN389AA-ABD m9270.de
Logical Drives Mask: 0x000007dc

Kernel Drivers (total 149):
0x8220A000 \SystemRoot\system32\ntkrnlpa.exe
0x825C3000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80470000 \SystemRoot\system32\PSHED.dll
0x80481000 \SystemRoot\system32\BOOTVID.dll
0x80489000 \SystemRoot\system32\CLFS.SYS
0x804CA000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80680000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068D000 \SystemRoot\system32\drivers\acpi.sys
0x806D3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DC000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E4000 \SystemRoot\system32\drivers\pci.sys
0x8070B000 \SystemRoot\System32\drivers\partmgr.sys
0x8071A000 \SystemRoot\system32\drivers\volmgr.sys
0x80729000 \SystemRoot\System32\drivers\volmgrx.sys
0x80773000 \SystemRoot\System32\drivers\mountmgr.sys
0x8300F000 \SystemRoot\system32\drivers\iastor.sys
0x830D6000 \SystemRoot\system32\drivers\fltmgr.sys
0x83108000 \SystemRoot\system32\drivers\fileinfo.sys
0x83118000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8320A000 \SystemRoot\system32\drivers\ndis.sys
0x83315000 \SystemRoot\system32\drivers\msrpc.sys
0x83340000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A603000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A80E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A91D000 \SystemRoot\system32\drivers\volsnap.sys
0x8A956000 \SystemRoot\System32\Drivers\spldr.sys
0x8A95E000 \SystemRoot\System32\Drivers\mup.sys
0x8A96D000 \SystemRoot\System32\drivers\ecache.sys
0x8A994000 \SystemRoot\system32\drivers\disk.sys
0x8A9A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9DC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A9E7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A9F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EE09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F887000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F889000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F928000 \SystemRoot\System32\drivers\watchdog.sys
0x8F935000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F940000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F97E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F98D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F99F000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F9BB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F9CB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F9D9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A7CE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8337A000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F9F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x833BB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A800000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x833D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x83189000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x83198000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x831AC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x833F5000 \SystemRoot\system32\DRIVERS\loop.sys
0x831C1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x831D1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x831DC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x83200000 \SystemRoot\system32\drivers\SaiBus.sys
0x8EE05000 \SystemRoot\system32\DRIVERS\swenum.sys
0x80783000 \SystemRoot\system32\DRIVERS\ks.sys
0x831E7000 \SystemRoot\system32\DRIVERS\circlass.sys
0x831F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F9FC000 \SystemRoot\system32\drivers\WmBEnum.sys
0x83000000 \SystemRoot\system32\drivers\WmXlCore.sys
0x807AD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807BA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x807EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A7FC000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0x805AA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x805BA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FE00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x805C1000 \SystemRoot\system32\drivers\portcls.sys
0x90003000 \SystemRoot\system32\drivers\drmk.sys
0x90028000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90031000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90039000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90042000 \SystemRoot\System32\Drivers\Null.SYS
0x90049000 \SystemRoot\System32\Drivers\Beep.SYS
0x90063000 \SystemRoot\System32\drivers\vga.sys
0x9006F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90090000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90098000 \SystemRoot\system32\drivers\rdpencdd.sys
0x900A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x900AB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x900B9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x900C2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x900D8000 \SystemRoot\system32\DRIVERS\smb.sys
0x900EC000 \SystemRoot\system32\drivers\afd.sys
0x90134000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90166000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9017C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9018A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9019D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x901A3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x901DF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x901E9000 \SystemRoot\System32\Drivers\dfsc.sys
0x90403000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x9041F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x90421000 \SystemRoot\System32\Drivers\npusbio.sys
0x9042D000 \SystemRoot\System32\Drivers\USBD.SYS
0x9042F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9043C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x90503000 \SystemRoot\system32\DRIVERS\netr73.sys
0x954B0000 \SystemRoot\System32\win32k.sys
0x90583000 \SystemRoot\System32\drivers\Dxapi.sys
0x9058D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90596000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x905AD000 \SystemRoot\system32\DRIVERS\SaiH075C.sys
0x905D9000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x905EF000 \SystemRoot\system32\DRIVERS\hidir.sys
0x90050000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8A707000 \SystemRoot\system32\DRIVERS\monitor.sys
0x956D0000 \SystemRoot\System32\TSDDD.dll
0x956F0000 \SystemRoot\System32\cdd.dll
0x8A716000 \SystemRoot\system32\drivers\luafv.sys
0x8A731000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9E00F000 \SystemRoot\system32\drivers\spsys.sys
0x9E0BE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E0CE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9E0F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E102000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E115000 \SystemRoot\system32\drivers\HTTP.sys
0x9E182000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E19F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E1B8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E1CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8A745000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8A77E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8A796000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0A0E000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0A5C000 \SystemRoot\system32\drivers\WmVirHid.sys
0xA0A5E000 \SystemRoot\system32\drivers\peauth.sys
0xA0B3C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0B46000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0B52000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA0B67000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA0B79000 \SystemRoot\system32\drivers\tdtcp.sys
0xA0B84000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA0B90000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA0BC3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xBE809000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76EB0000 \Windows\System32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
540 csrss.exe
608 C:\Windows\System32\wininit.exe
620 csrss.exe
652 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
756 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\nvvsvc.exe
984 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\audiodg.exe
1236 C:\Windows\System32\SLsvc.exe
1284 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\nvvsvc.exe
1776 C:\Windows\System32\spoolsv.exe
1820 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1936 C:\Windows\System32\svchost.exe
236 C:\Windows\System32\dwm.exe
324 C:\Windows\explorer.exe
336 C:\Windows\System32\taskeng.exe
464 C:\Windows\System32\taskeng.exe
2224 C:\Program Files\Windows Defender\MSASCui.exe
2272 C:\Windows\RtHDVCpl.exe
2296 C:\hp\support\hpsysdrv.exe
2340 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
2352 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2424 C:\Program Files\Winamp\winampa.exe
2432 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
2488 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2504 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2524 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2532 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
2564 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
2576 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
2596 C:\Program Files\avmwlanstick\FRITZWLanMini.exe
2604 C:\Windows\ehome\ehtray.exe
2624 C:\Windows\ehome\ehmsas.exe
2988 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3076 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
3092 C:\Program Files\avmwlanstick\WLanNetService.exe
3244 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
3304 C:\hp\HPEZBTN\HPBtnSrv.exe
3580 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3628 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
3652 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3688 C:\Windows\System32\PnkBstrA.exe
3704 C:\Windows\System32\svchost.exe
3736 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3836 C:\Windows\System32\svchost.exe
3872 C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
3916 C:\Windows\System32\svchost.exe
3948 C:\Windows\System32\SearchIndexer.exe
2092 WUDFHost.exe
3468 C:\Program Files\Windows Media Player\wmpnscfg.exe
3436 C:\Program Files\Windows Media Player\wmpnetwk.exe
4468 WmiPrvSE.exe
5820 C:\hp\KBD\kbd.exe
4236 C:\Windows\System32\conime.exe
1532 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5456 C:\Windows\System32\mobsync.exe
3472 C:\Windows\System32\SearchProtocolHost.exe
872 C:\Windows\System32\SearchFilterHost.exe
2160 C:\Users\****\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ac`1a251400 (NTFS)
\\.\K: --> \\.\PhysicalDrive0 at offset 0x000000a4`c7300000 (NTFS)

PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.CHN

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

MBR Log 1542:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: KN389AA-ABD m9270.de
Logical Drives Mask: 0x000007dc

Kernel Drivers (total 148):
0x8224E000 \SystemRoot\system32\ntkrnlpa.exe
0x8221B000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046E000 \SystemRoot\system32\PSHED.dll
0x8047F000 \SystemRoot\system32\BOOTVID.dll
0x80487000 \SystemRoot\system32\CLFS.SYS
0x804C8000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\drivers\volmgr.sys
0x80730000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077A000 \SystemRoot\System32\drivers\mountmgr.sys
0x83003000 \SystemRoot\system32\drivers\iastor.sys
0x830CA000 \SystemRoot\system32\drivers\fltmgr.sys
0x830FC000 \SystemRoot\system32\drivers\fileinfo.sys
0x8310C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8320E000 \SystemRoot\system32\drivers\ndis.sys
0x83319000 \SystemRoot\system32\drivers\msrpc.sys
0x83344000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A604000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A80A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A919000 \SystemRoot\system32\drivers\volsnap.sys
0x8A952000 \SystemRoot\System32\Drivers\spldr.sys
0x8A95A000 \SystemRoot\System32\Drivers\mup.sys
0x8A969000 \SystemRoot\System32\drivers\ecache.sys
0x8A990000 \SystemRoot\system32\drivers\disk.sys
0x8A9A1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9C2000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9D8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A9E3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A9EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EE0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F889000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F88B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F92A000 \SystemRoot\System32\drivers\watchdog.sys
0x8F937000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F942000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F980000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F98F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F9A1000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F9BD000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F9CD000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F9DB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A7CF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8337E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F9F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x833BF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x833D6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8317D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8318C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x831A0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A9FB000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8A800000 \SystemRoot\system32\DRIVERS\loop.sys
0x831B5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x83200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x831C5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x831D0000 \SystemRoot\system32\drivers\SaiBus.sys
0x8F9FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8078A000 \SystemRoot\system32\DRIVERS\ks.sys
0x831DA000 \SystemRoot\system32\DRIVERS\circlass.sys
0x831E8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A600000 \SystemRoot\system32\drivers\WmBEnum.sys
0x831F2000 \SystemRoot\system32\drivers\WmXlCore.sys
0x807B4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807C1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x805A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x833F9000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0x805B9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x807F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FC00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x805C9000 \SystemRoot\system32\drivers\portcls.sys
0x8FE0B000 \SystemRoot\system32\drivers\drmk.sys
0x8FE30000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8FE39000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FE41000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FE4A000 \SystemRoot\System32\Drivers\Null.SYS
0x8FE51000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FE6B000 \SystemRoot\System32\drivers\vga.sys
0x8FE77000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FE98000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FEA0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FEA8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FEB3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FEC1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FECA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FEE0000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FEF4000 \SystemRoot\system32\drivers\afd.sys
0x8FF3C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FF6E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FF84000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FF92000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FFA5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FFAB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FFE7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90205000 \SystemRoot\System32\Drivers\dfsc.sys
0x9021C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90238000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x9023A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90247000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9030E000 \SystemRoot\System32\Drivers\npusbio.sys
0x9031A000 \SystemRoot\System32\Drivers\USBD.SYS
0x9031C000 \SystemRoot\system32\DRIVERS\netr73.sys
0x9039C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x903A5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x903BC000 \SystemRoot\system32\DRIVERS\SaiH075C.sys
0x93A90000 \SystemRoot\System32\win32k.sys
0x903E8000 \SystemRoot\System32\drivers\Dxapi.sys
0x8A708000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x903F2000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8FE58000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8FFF1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93CB0000 \SystemRoot\System32\TSDDD.dll
0x93CD0000 \SystemRoot\System32\cdd.dll
0x8A71E000 \SystemRoot\system32\drivers\luafv.sys
0x8A739000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9E00B000 \SystemRoot\system32\drivers\spsys.sys
0x9E0BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E0CA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9E0F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E0FE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E111000 \SystemRoot\system32\drivers\HTTP.sys
0x9E17E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E19B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E1B4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E1C9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8A74D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E1E8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8A786000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0608000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0656000 \SystemRoot\system32\drivers\WmVirHid.sys
0xA0658000 \SystemRoot\system32\drivers\peauth.sys
0xA0736000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0740000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA074C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA0761000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA0773000 \SystemRoot\system32\drivers\tdtcp.sys
0xA077E000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA078A000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA07BD000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77BA0000 \Windows\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
548 csrss.exe
608 C:\Windows\System32\wininit.exe
620 csrss.exe
652 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
756 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\nvvsvc.exe
976 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\audiodg.exe
1224 C:\Windows\System32\SLsvc.exe
1272 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\svchost.exe
1612 C:\Windows\System32\spoolsv.exe
1644 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1780 C:\Windows\System32\nvvsvc.exe
1896 C:\Windows\System32\svchost.exe
236 C:\Windows\System32\taskeng.exe
492 C:\Windows\System32\dwm.exe
1128 C:\Windows\explorer.exe
1344 C:\Windows\System32\taskeng.exe
2136 C:\Program Files\Google\Update\GoogleUpdate.exe
2144 C:\Program Files\Windows Defender\MSASCui.exe
2164 C:\Windows\RtHDVCpl.exe
2172 C:\hp\support\hpsysdrv.exe
2180 C:\hp\KBD\KbdStub.exe
2212 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
2248 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2264 C:\Program Files\Winamp\winampa.exe
2284 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
2292 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2516 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2528 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
2596 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2604 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
2612 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
2620 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
2628 C:\Program Files\avmwlanstick\FRITZWLanMini.exe
2636 C:\Windows\ehome\ehtray.exe
2656 C:\Windows\ehome\ehmsas.exe
2860 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3036 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
3048 C:\Program Files\avmwlanstick\WLanNetService.exe
3160 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
3256 C:\hp\HPEZBTN\HPBtnSrv.exe
3308 C:\Program Files\Google\Update\GoogleUpdate.exe
3476 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3596 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
3620 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3656 C:\Windows\System32\PnkBstrA.exe
3688 C:\Windows\System32\svchost.exe
3712 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3996 C:\Windows\System32\svchost.exe
4032 C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
4068 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\SearchIndexer.exe
2720 WUDFHost.exe
352 C:\Windows\System32\mobsync.exe
4056 C:\Program Files\Windows Media Player\wmpnscfg.exe
2124 C:\Program Files\Windows Media Player\wmpnetwk.exe
1460 WmiPrvSE.exe
4624 WmiPrvSE.exe
5060 C:\Users\****\Desktop\MBRCheck.exe
5088 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ac`1a251400 (NTFS)
\\.\K: --> \\.\PhysicalDrive0 at offset 0x000000a4`c7300000 (NTFS)

PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.CHN

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

24.08.2010, 15:26	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antimalware Doctor entfernt, trotzdem verdächtige Datei übrig (azlkl.sys) Ja, kannst Du. __________________ Logfiles bitte immer in CODE-Tags posten

Antimalware Doctor entfernt, trotzdem verdächtige Datei übrig (azlkl.sys)

Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor entfernt, trotzdem verdächtige Datei übrig (azlkl.sys)