Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malware, Trojaner?

Malware, Trojaner?


Log-Analyse und Auswertung: Malware, Trojaner?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 2 von 2 1 2
Alt 29.08.2010, 00:07   #16
Chris4You
 
Malware, Trojaner? - Standard

Malware, Trojaner?


Hi,

die Einträge sind noch da, hast du das :OTL mitkopiert?
Es sieht nicht so aus...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.08.2010, 00:09   #17
LukasLauss
 
Malware, Trojaner? - Standard

Malware, Trojaner?


hmm muss ich nochmal machen, weiß nicht genau ob ichs miitkopiert habe..
__________________
Alt 29.08.2010, 00:14   #18
LukasLauss
 
Malware, Trojaner? - Standard

Malware, Trojaner?


er ist genau das selbe passiert und :
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WARN POP TRUST LIES deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Bike Store deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XBV6RD5SZF not found.
File C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe not found.
C:\WINDOWS\Bxebya.exe moved successfully.
File C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job not found.
File C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
C:\WINDOWS\tasks\AF1787DF91B43833.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lukas L
->Temp folder emptied: 159208 bytes
->Temporary Internet Files folder emptied: 59544 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22997592 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 08292010_010930

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
__________________
Alt 29.08.2010, 13:29   #19
Chris4You
 
Malware, Trojaner? - Standard

Malware, Trojaner?


Hi,

mit dem kleinen Unterschied, dass die Einträge und die Malware jetzt entfernt worden sind...
Zitat:
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WARN POP TRUST LIES deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Bike Store deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XBV6RD5SZF not found.
File C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe not found.
C:\WINDOWS\Bxebya.exe moved successfully.
Bitte ein neues OTL-Log, was treibt der Rechner?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 31.08.2010, 13:35   #20
LukasLauss
 
Malware, Trojaner? - Standard

Malware, Trojaner?


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.08.2010 14:31:34 - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 557,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 2,48 Gb Free Space | 12,69% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS
Drive E: | 54,99 Gb Total Space | 22,08 Gb Free Space | 40,15% Space Free | Partition Type: NTFS
Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LUKASL
Current User Name: Lukas L
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\UAService.exe ()
PRC - C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.)
PRC - C:\Programme\Browser MOUSE\mouse32a.exe ()
PRC - C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax)
PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)
PRC - C:\Programme\MSI\LAN Utility\DiagAP8169.exe ()
PRC - C:\Programme\Pinnacle\Studio PCTV\bin\Vision.exe (Pinnacle Systems)
PRC - C:\Programme\Pinnacle\Shared Files\Filter\server.exe (Pinnacle Systems)
PRC - C:\Programme\Pinnacle\Shared Files\Filter\VBI_Server2.exe (PRIVAT)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\quartz.dll (Microsoft Corporation)
MOD - C:\Programme\Browser MOUSE\mouDL32A.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (gupdate) Google Update Service (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UserAccess) -- C:\WINDOWS\system32\UAService.exe ()
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AdminSVCff) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva332) -- C:\WINDOWS\System32\XDva332.sys File not found
DRV - (XDva306) -- C:\WINDOWS\System32\XDva306.sys File not found
DRV - (sony_ssm.sys) -- C:\DOKUME~1\LUKASL~1\LOKALE~1\Temp\sony_ssm.sys File not found
DRV - (HWIONT) -- C:\Programme\MoreTV.353\HWIONT.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (cportclm) -- C:\DOKUME~1\LUKASL~1\LOKALE~1\Temp\cportclm.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (SSHDRV82) -- C:\WINDOWS\system32\drivers\SSHDRV82.sys ()
DRV - (litsgt) -- C:\WINDOWS\system32\drivers\litsgt.sys ()
DRV - (tansgt) -- C:\WINDOWS\system32\drivers\tansgt.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Windows (R) 2000 DDK provider)
DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)
DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows (R) 2000 DDK provider)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (pctvNT) -- C:\WINDOWS\system32\drivers\pctvw2k.sys (Pinnacle Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Plus!
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3
FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.5
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.14 23:07:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.14 23:07:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox 3.6 Beta 4\components [2010.08.27 20:54:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox 3.6 Beta 4\plugins [2010.08.27 20:54:07 | 000,000,000 | ---D | M]
 
[2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions
[2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.08.31 13:43:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions
[2010.04.27 20:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.20 14:30:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.04.27 20:52:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\beamgeraet@web.de
[2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\youtube2mp3@mondayx.de
[2010.01.24 20:25:10 | 000,001,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\searchplugins\ask.uk.xml
[2009.12.15 17:34:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.25 12:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.10.02 21:24:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll File not found
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DiagAP8169] C:\Programme\MSI\LAN Utility\DiagAP8169.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE ()
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe ()
O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Configuration Utility HW.15.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Lukas L\Startmenü\Programme\Autostart\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains:   ([]msn in Arbeitsplatz)
O15 - HKCU\..Trusted Domains: localhost ([]* in Lokales Intranet)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.13 16:42:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.08.14 08:49:42 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ]
O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell - "" = AutoRun
O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.30 13:35:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Gladius-v1.2.0
[2010.08.30 13:35:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Desktop\ShockAndAwe-v5.92
[2010.08.29 00:14:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.28 23:44:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Malwarebytes
[2010.08.28 23:43:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.28 23:43:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.28 23:43:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.28 23:43:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.28 23:42:30 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe
[2010.08.28 23:41:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe
[2010.08.28 23:34:43 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.15 00:05:38 | 000,000,000 | ---D | C] -- C:\Programme\Carambis
[2010.08.14 23:09:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\BattleForge
[2010.08.14 23:06:54 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.08.14 23:06:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.08.14 23:05:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010.08.08 21:09:01 | 000,000,000 | ---D | C] -- C:\Programme\DuckLife_at
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.31 14:30:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.31 14:29:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.31 14:29:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.31 14:24:37 | 004,194,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\NTUSER.DAT
[2010.08.31 14:24:37 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Lukas L\ntuser.ini
[2010.08.31 14:10:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.31 13:16:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.08.30 11:47:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.28 23:43:44 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.28 23:42:43 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe
[2010.08.28 23:42:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe
[2010.08.28 23:34:43 | 000,001,988 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk
[2010.08.28 23:34:21 | 001,402,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi
[2010.08.25 15:26:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.08.24 17:30:12 | 000,203,867 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp
[2010.08.23 19:28:10 | 070,017,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv
[2010.08.15 00:06:48 | 000,001,012 | ---- | M] () -- C:\WINDOWS\ATICIM.INI
[2010.08.15 00:04:46 | 049,877,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip
[2010.08.14 23:07:14 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.08.14 23:01:49 | 000,001,440 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk
[2010.08.14 22:13:49 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk
[2010.08.12 22:59:26 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 00:18:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.12 00:16:21 | 001,032,092 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 00:16:21 | 000,461,986 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.12 00:16:21 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 00:16:21 | 000,085,328 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.12 00:16:21 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010.08.10 00:05:00 | 004,286,722 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.08.08 21:19:18 | 000,001,514 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.28 23:43:44 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.28 23:34:43 | 000,001,988 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk
[2010.08.28 23:34:21 | 001,402,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi
[2010.08.24 17:30:07 | 000,203,867 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp
[2010.08.23 19:14:13 | 070,017,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv
[2010.08.15 00:06:48 | 000,001,012 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2010.08.15 00:01:58 | 049,877,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip
[2010.08.14 23:07:14 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.08.14 23:01:49 | 000,001,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk
[2010.08.14 22:13:49 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk
[2010.08.08 21:19:18 | 000,001,514 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk
[2010.05.20 17:44:47 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\$_hpcst$.hpc
[2010.04.02 15:51:56 | 000,000,510 | ---- | C] () -- C:\WINDOWS\PCTV.ini
[2010.04.02 15:51:53 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010.04.02 15:51:53 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010.04.02 15:51:53 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010.04.02 15:51:53 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010.04.02 15:51:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2010.04.02 15:51:50 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI
[2010.04.02 15:51:44 | 000,029,408 | ---- | C] () -- C:\WINDOWS\System32\Mcipctv.dll
[2010.04.02 14:40:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010.04.02 14:40:06 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2010.03.09 18:27:46 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.22 08:44:46 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV82.sys
[2009.10.22 08:44:09 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.09.26 12:42:13 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009.09.26 11:23:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.09.26 11:23:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.09.26 11:23:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.09.26 00:21:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009.09.17 16:09:30 | 000,000,177 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.09.13 13:10:38 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.08.24 11:05:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.08.14 09:02:47 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2009.08.14 09:02:47 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2009.08.13 19:54:25 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2007.01.12 17:48:16 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2001.08.23 14:00:00 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.08.2010 14:31:34 - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 557,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 2,48 Gb Free Space | 12,69% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS
Drive E: | 54,99 Gb Total Space | 22,08 Gb Free Space | 40,15% Space Free | Partition Type: NTFS
Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LUKASL
Current User Name: Lukas L
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"57764:TCP" = 57764:TCP:*:Enabled:Pando Media Booster
"57764:UDP" = 57764:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"56897:TCP" = 56897:TCP:*:Enabled:Pando Media Booster
"56897:UDP" = 56897:UDP:*:Enabled:Pando Media Booster
"1890:TCP" = 1890:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update -- (AccSys GmbH)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Spiele\DoW\W40k.exe" = D:\Spiele\DoW\W40k.exe:*:Enabled:W40k -- (THQ Canada Inc.)
"D:\Spiele\TQIT\Tqit.exe" = D:\Spiele\TQIT\Tqit.exe:*:Enabled:Tqit -- ()
"D:\Spiele\HdRDSuM2\game.dat" = D:\Spiele\HdRDSuM2\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"F:\Spiele\SMC4\Civilization4.exe" = F:\Spiele\SMC4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"E:\World of Warcraft\Launcher.exe" = E:\World of Warcraft\Launcher.exe:*:Enabled:Launcher -- (Blizzard Entertainment)
"E:\S4League\patcher_s4.exe" = E:\S4League\patcher_s4.exe:*:Enabled:S4League -- File not found
"E:\S4League\HShield\HSUpdate.exe" = E:\S4League\HShield\HSUpdate.exe:*:Enabled:HSUpdate -- File not found
"E:\S4League\HShield\hslogmgr.exe" = E:\S4League\HShield\hslogmgr.exe:*:Enabled:hslogmgr -- File not found
"E:\S4League\HShield\ahnrpt.exe" = E:\S4League\HShield\ahnrpt.exe:*:Enabled:ahnrpt -- File not found
"E:\S4League\S4Client.exe" = E:\S4League\S4Client.exe:*:Enabled:S4Client -- File not found
"E:\League of Legends\Air\LolClient.exe" = E:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"E:\League of Legends\Game\League of Legends.exe" = E:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
"C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe" = C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe:*:Enabled:YuLeech -- File not found
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Programme\BitLord\BitLord.exe" = C:\Programme\BitLord\BitLord.exe:*:Enabled:BitLord -- (BitLord - The Ultimate Torrent Downloader)
"E:\Age of Empires 2\age2_x1.exe" = E:\Age of Empires 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"E:\BattleForge\Bootstrapper.exe" = E:\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher -- (EA Phenomic)
"E:\BattleForge\BattleForge.exe" = E:\BattleForge\BattleForge.exe:*:Enabled:BattleForge™ -- (EA Phenomic)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{11BBAE1C-27AE-4ABA-A54C-9FFE3844CCEC}" = GMX Firefox Paket
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8BAD4440-26D7-4A40-B844-066D2AF3550C}" = Two Worlds
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{E2BE1618-AF5F-4F7D-8484-42E080EDF609}" = AGEIA PhysX v7.01.12
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15BACA-8F2E-421C-A214-F9065EA15A92}" = LAN Utility
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitLord" = BitLord 1.1
"Browser MOUSE" = Browser MOUSE
"DivX Setup.divx.com" = DivX-Setup
"DuckLife_is1" = DuckLife
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.026
"GMX Firefox Browser Update" = GMX Firefox Browser Update
"Google Updater" = Google Updater
"Ideal DVD to iPod Converter_is1" = Ideal DVD to iPod Converter V2.5.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00
"LimeWire" = LimeWire 5.5.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"miroMEDIA_PCTV_Tools" = Studio PCTV
"miroVIDEO PCTV" = Studio PCTV
"MoreTV" = MoreTV 3.53
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Muiltmedia keyboard Utility 1.3" = Muiltmedia keyboard Utility 1.3
"Mumble" = Mumble and Murmur
"NVIDIAnForce" = NVIDIA Windows 2000/XP nForce Drivers
"PhotoScape" = PhotoScape
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.08.2010 06:01:56 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
 
Error - 30.08.2010 06:01:56 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
 
Error - 30.08.2010 06:02:18 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
 is: A connection with the server could not be established  .
 
Error - 30.08.2010 06:02:18 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
 
Error - 30.08.2010 06:02:18 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
 
Error - 30.08.2010 06:02:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
 is: A connection with the server could not be established  .
 
Error - 30.08.2010 06:02:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
 
Error - 30.08.2010 06:02:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
 
Error - 30.08.2010 06:13:23 | Computer Name = LUKASL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Wow.exe, Version 3.3.5.12340, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.08.2010 08:31:06 | Computer Name = LUKASL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul explorer.exe, Version 6.0.2900.5512, Fehleradresse 0x0001f9ea.
 
[ System Events ]
Error - 31.08.2010 04:52:02 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 31.08.2010 07:57:17 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 31.08.2010 07:59:17 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 31.08.2010 08:06:10 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 31.08.2010 08:11:28 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 31.08.2010 08:12:02 | Computer Name = LUKASL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.0.0.27 für die Netzwerkkarte mit der Netzwerkadresse
 0018E74C9D88 wurde durch  den DHCP-Server 10.0.0.138 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 31.08.2010 08:17:50 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 31.08.2010 08:21:42 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 31.08.2010 08:27:19 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 31.08.2010 08:30:09 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
 
< End of report >
--- --- ---
Alt 31.08.2010, 16:02   #21
Chris4You
 
Malware, Trojaner? - Standard

Malware, Trojaner?


Hi,

sieht sehr viel besser aus, hängst Du an einem Router?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138

Da muss noch was gefixt werden:

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = dword:0x00

:Commands
[emptytemp]
[Reboot]
Was macht der Rechner, zeigt er noch Auffälligkeiten?

Lass zur Sicherheit noch SAS laufen:
Anleitung&Download hier: http://www.trojaner-board.de/51871-a...tispyware.html

chris

chris
__________________
--> Malware, Trojaner?

Antwort
Seite 2 von 2 1 2

Themen zu Malware, Trojaner?
adobe, antivir, antivir guard, avira, bho, browser, desktop, einstellungen, firefox, frage, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, limewire, malware, mozilla, pando media booster, plug-in, senden, software, studio, system, trojaner, trojaner?, windows, windows xp, wireless lan


« PC friert nach ca. 2 Minuten ein, keine Aktion mehr möglich | Bitte dieses Logfile in Augenschein nehmen »


Ähnliche Themen: Malware, Trojaner?


  1. malware und trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2015 (11)
  2. V9 Trojaner u. Malware auf dem PC
    Log-Analyse und Auswertung - 16.09.2015 (7)
  3. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  4. BKA-Trojaner und Malware
    Log-Analyse und Auswertung - 29.03.2013 (9)
  5. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  6. Trojaner und Malware
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (1)
  7. Malware Trojaner auf PC
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (16)
  8. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  9. Trojaner + Malware was tun?!
    Log-Analyse und Auswertung - 11.08.2011 (4)
  10. VLCsetup.exe Malware Trojaner? Malware Dropper!!
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (2)
  11. Malware Trojaner ?
    Log-Analyse und Auswertung - 30.12.2009 (10)
  12. Trojaner/Malware?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (1)
  13. Zig Trojaner und Malware
    Plagegeister aller Art und deren Bekämpfung - 30.08.2009 (31)
  14. Trojaner+Malware P2P
    Log-Analyse und Auswertung - 28.10.2008 (1)
  15. HELP...Trojaner und Malware auf´m PC!
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (8)
  16. Trojaner/Malware
    Plagegeister aller Art und deren Bekämpfung - 10.08.2008 (1)
  17. Trojaner/Malware per PDF
    Plagegeister aller Art und deren Bekämpfung - 18.07.2008 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware, Trojaner? - Hi, die Einträge sind noch da, hast du das :OTL mitkopiert? Es sieht nicht so aus... chris - Malware, Trojaner?...
Archiv
Du betrachtest: Malware, Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130