Trojaner, Virus ?

Kartoffelita · 28.09.2010, 21:17

Hallo,

ich weiß leider nicht, was ich habe, aber dass ich mir irgendwas eingefangen habe ist sicher.

Bei mir erscheint ein Pop Up (habe nen Screenshot hochgeladen), den ich wegklicken kann und der immer wieder auftaucht. Davon abgesehen, dass dieses Pop Up immer wieder erscheint, funktioniert mein Laptop vollkommen normal. Einzig wenn ich den Task Manager öffnen will, wird stattdessen dieses Pop Up geöffnet.
Antivir hat nichts gefunden, und HijackThis zeigt mir nichts als bedenklich an. Ich kenne auch die meisten der angezeigten Datein bzw. steht dran, dass sie zu Windows gehören etc.

Die einzige, die ich nicht kenne und die auch bei Hijack nicht erkannt wird ist Ohi.exe. Auf der Seite virusscan.jotti.org erkennen 5 Scanner diese Datei als Malware (siehe Screenshot). Löschen kann ich die Datei nicht - wenn ich das versuche, heißt es die Anwendung wird gerade ausgeführt und muss erst geschlossen werden. Auf den Task Manager kann ich aber aus oben genannten Gründen nicht öffnen.

Ich hab hier im Forum nach der Datei/dem Problem gesucht, aber leider nix gefunden. Falls ich doppelt und dreifach poste tut's mir leid, ich kenn mich aber auch nicht besonders aus...

Kann mir jemand sagen, was ich da auf dem PC habe und wie ich es wieder loswerde?? Vielen Dank schon mal im Voraus!!

Hier die Logfile von HijackThis (weiß nciht ob das weiterhilft, aber vorsichtshalber post ich es mal):
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:05:53, on 28.09.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Users\***\AppData\Roaming\hotfix.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Users\***\AppData\Local\Temp\Ohi.exe
C:\Users\***\Downloads\HiJackThis204.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Flock\flock.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Users\***\Downloads\NPE_150dt.exe
C:\Users\***\Desktop\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
 
--
End of file - 10475 bytes

--- --- ---

cosinus · 29.09.2010, 10:30

Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Kartoffelita · 29.09.2010, 16:43

Hi, danke für deine Hilfe!
Hier der Malware Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4715

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

29.09.2010 17:41:15
mbam-log-2010-09-29 (17-41-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|)
Durchsuchte Objekte: 318577
Laufzeit: 2 Stunde(n), 16 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\Downloads\C6E1E60AD7EDB454\C6E1E60AD7EDB454 (Rootkit.Agent) -> No action taken.
C:\Users\***\Downloads\C6E1E60AD7EDB454\C6E1E60AD7EDB454.x86 (Rootkit.Agent) -> No action taken.
C:\Users\***\Favorites\Antivirus Scan.url (Rogue.Link) -> No action taken.
C:\Users\***\Documents\My Documents.url (Trojan.Zlob) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> No action taken.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

Kartoffelita · 29.09.2010, 16:49

So und hier die OTL Logfiles

Nr1:OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.09.2010 17:44:39 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\akb\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,24 Gb Total Space | 73,79 Gb Free Space | 25,51% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 1,63 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 120,03 Mb Total Space | 103,98 Mb Free Space | 86,63% Space Free | Partition Type: FAT
 
Computer Name: AKB-PC
Current User Name: akb
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FlockHTML] -- C:\Program Files\Flock\flock.exe (Flock, Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\FLOCK\FLOCK.EXE -requestPending -osint -url "%1" (Flock, Inc.)
https [open] -- C:\PROGRA~1\FLOCK\FLOCK.EXE -requestPending -osint -url "%1" (Flock, Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93AFF6C4-7149-491A-A96A-5220A9CCDBC6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F8C2C574-D99D-430F-A375-48383F42C869}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B8FBEE-0CE0-4BC4-A7CC-27DC6D471D48}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{1320C213-69B3-4F1D-89F5-C4E6ABCF113D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{133A9FB0-DBD0-486E-A5A6-A16D6EB3CF13}" = protocol=17 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe | 
"{16E3A47E-375E-43E9-BE6D-2762DCF1C57A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{4195F7A7-E32A-41A2-B62F-ACE256EB86AA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{92FF157B-E949-4E6D-90FF-19ABC57931B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{956C1D42-E172-4B43-B186-5D2923DA421B}" = protocol=6 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe | 
"{BA39CC57-A502-4CB5-9224-E413A2392940}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BAD7AC09-3C2E-4446-B3AE-2FE8CCDC759E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{C1883AA0-0674-4BBE-A38E-AAAAC4DECEC8}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{DE37F91C-2B78-4EA5-9A40-90852CC76678}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{DF8986D1-8419-4A41-9E61-BEB4361E19CF}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{F1A3433B-2A50-40F1-9FC4-534D54B04B02}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"TCP Query User{0776A21E-AA8B-4F68-8FD5-3CB5569F5DC8}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{357BBF7A-8286-448F-924F-3051EC097864}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{40421F8E-74CA-450B-A452-38EB8F272D31}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{66ACE862-25A3-431F-B1C1-BA4E4628413D}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{D444E4E3-55A0-4E9A-90A8-30EB26852415}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{D69C2DD7-41C6-4962-897E-668C5D71C893}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{EBF0733A-A26C-44A4-8D37-5AF41D9CEED5}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{1160D3ED-8001-4440-A62E-65B2D03F81C8}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{218A368A-4DCE-4F08-84E4-865AE6B80367}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{527A3558-9C23-42F5-A55C-B669F70A0CDE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{CDECFA41-8725-4E87-848C-F3BE926EE688}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{D775DA78-49CD-42FF-A6E3-A3E5A8DBF42A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{EB8D5131-1460-4EE3-A38D-E4FE6BF1477E}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{F6A86BAA-107C-4011-9A2F-87BDB1FB6F08}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01B10898-0693-5E45-8C0B-CB4B0C2CB5C9}" = CCC Help Spanish
"{01E71682-7A62-31B6-2E19-82C4C2C410C3}" = CCC Help Korean
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{05F5ADF7-B9BF-E5AC-FDA4-C412C150763F}" = Catalyst Control Center Localization Greek
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0892BA56-B55A-EA45-74A7-C728BEFCEE4A}" = Catalyst Control Center Localization Norwegian
"{0BCE001B-D952-7242-1378-6B3188B7CDB6}" = Catalyst Control Center Localization Swedish
"{111CE1DA-F2B6-B449-8BDC-BFA807EEF343}" = Catalyst Control Center Localization Thai
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1550A772-F3DF-9DCA-70E4-5BA5FEDBDDEE}" = CCC Help Norwegian
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B835521-00CB-B242-2072-DA41AE7E9F11}" = CCC Help Turkish
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{246771C5-5589-C809-90A3-95D380CAEB0C}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{280235E3-D1FB-408A-A1D5-C77BA584FBBA}" = BlService Web Update
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2ACA4FB1-A1DB-BACF-05D8-9F654ED1F6F9}" = CCC Help Danish
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{335901DF-7FC7-76E9-AEFB-3BD15D5C1B8E}" = Catalyst Control Center Localization German
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{369B36BE-3D64-4641-9AEA-808D436FE133}" = Microsoft Picture It! Photo Premium 7.0
"{37F36B08-76D1-58D0-0B62-C873B3F1E04A}" = Catalyst Control Center Graphics Full Existing
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43519E32-0AC9-ACBF-0AC9-000CEDEBCAFB}" = CCC Help Russian
"{440EE84D-A37A-E283-D538-0A4E94AC6243}" = Catalyst Control Center Localization Dutch
"{456B2B42-C082-8B6F-923C-2C8920ECF559}" = Catalyst Control Center Localization Czech
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{48382386-BA53-3B91-668C-DE3F4969C00C}" = ccc-core-static
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{49521D72-2856-C7B9-F54E-26B116606B0D}" = Catalyst Control Center Localization Hungarian
"{50C5DCCD-C82F-3D45-AAC8-1E094717FF9B}" = CCC Help Czech
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{54F98E59-AC27-F6D6-8DF3-29E38BB1AFF9}" = Catalyst Control Center Localization Korean
"{57921C23-454B-1B45-6C32-B1A8BFC76875}" = Catalyst Control Center Localization French
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5C9B4046-4B37-3595-7BAF-1FFF58F2BA88}" = Catalyst Control Center Core Implementation
"{61C2601F-D1F4-6CC3-858B-80A54A1C1360}" = CCC Help Greek
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E25BE3B-8E16-3A78-2BA7-1482A2D4743F}" = CCC Help English
"{6F26A541-E756-4C24-A36B-EFD3C6217EAF}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7491471D-DA69-6E11-623D-F3BCAF65F922}" = CCC Help Italian
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789EC9D6-5A0D-3CCA-957D-D0523BDE1638}" = ATI Catalyst Install Manager
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F82D79D-81EF-DC6C-69FF-A45C282B1986}" = CCC Help Swedish
"{81ACE059-6894-21DE-E3AB-E8D6AF38B5C4}" = Catalyst Control Center Localization Portuguese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8572742E-08EA-FCEF-458A-4CE90851E804}" = Catalyst Control Center Localization Russian
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8ABD26-50FA-2D1B-2B3D-72DEF1E800D0}" = ccc-utility
"{8F0CFF10-034C-EE7E-3B2D-8C7F117BB3A6}" = Catalyst Control Center Localization Finnish
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9075DF27-7C34-D2D5-4E66-970E0E99E320}" = Catalyst Control Center Graphics Light
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9858B284-0ACC-3EB1-BBF7-B0D1A5D0C2FD}" = CCC Help Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A85A260-CC99-8DA9-0D03-60C12BE82189}" = CCC Help Polish
"{9D6C29FF-850B-9425-7B34-B21526874121}" = Catalyst Control Center Graphics Previews Vista
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9EBF6795-816C-06EB-BF29-06317FD5A730}" = Catalyst Control Center Localization Chinese Standard
"{9F2D3FB4-895E-A9F2-5B3A-118EDCE4E409}" = CCC Help Chinese Traditional
"{A2F6EEA0-DBCD-2389-BA8D-9A16DB60FAD8}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5737DB-03C3-1526-F31E-D45A588D8459}" = Catalyst Control Center Localization Japanese
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{ADBFC909-D682-10E2-43C6-790F25FA3296}" = CCC Help Finnish
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B5DA1D7B-9494-A847-F185-EE4B8C48D905}" = CCC Help Hungarian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BD2CC796-A584-9399-098A-2C2F291ABD1A}" = Catalyst Control Center Localization Spanish
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C05A2E05-73A2-2672-7B82-59F3932AF6AD}" = CCC Help Thai
"{C1C9D5E7-761D-817F-DBF2-1E77E20121BB}" = CCC Help Portuguese
"{C39B346D-1E0D-CB23-CAC5-78CD5CBB495A}" = Catalyst Control Center Localization Italian
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5E794F3-2EAC-CA94-79ED-1E3E3267F40B}" = CCC Help Chinese Standard
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9690E1F-06A0-559B-37D2-B573DA95CA54}" = Catalyst Control Center Localization Danish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF217146-C889-3CB8-1490-07DA0DDB1318}" = CCC Help French
"{D68147A7-E42F-DA4B-209A-38CCC53702EC}" = Catalyst Control Center Localization Chinese Traditional
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F7D7E6EA-2B25-ABB1-0F4A-F39764C2D15B}" = Skins
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FAF0230B-8A11-8052-AFC9-5DB998020FD5}" = Catalyst Control Center Localization Polish
"{FC7C3B82-C7CB-125A-23FE-EE268799F5E3}" = Catalyst Control Center Localization Turkish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.0.43
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"Creative Media Lite" = Creative Media Lite
"Dicez_is1" = Dicez
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Flock (2.6.1)" = Flock (2.6.1)
"Free Audio Converter_is1" = Free Audio Converter version 1.1
"FreeDoko" = FreeDoko 0.7.5
"ftp-uploader" = ftp-uploader
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PDF Blender" = PDF Blender
"phase5" = phase5
"RealPlayer 6.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Spyware Terminator_is1" = Spyware Terminator
"Stickies 6.5a" = Stickies 6.5a
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoLAN" = VideoLAN VLC media player 0.7.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZENStoneUG" = Creative ZEN Stone User's Guide
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Kartoffelita · 29.09.2010, 16:50

und Nr2:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.09.2010 17:44:39 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\akb\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,24 Gb Total Space | 73,79 Gb Free Space | 25,51% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 1,63 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 120,03 Mb Total Space | 103,98 Mb Free Space | 86,63% Space Free | Partition Type: FAT
 
Computer Name: AKB-PC
Current User Name: akb
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\akb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Flock\flock.exe (Flock, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\akb\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.10.02 12:12:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.2\extensions\\Components: C:\Program Files\Flock\components [2010.08.04 07:25:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2010.08.04 07:25:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Components: C:\Program Files\Flock\components [2010.08.04 07:25:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Plugins: C:\Program Files\Flock\plugins [2010.08.04 07:25:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2010.08.04 07:25:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2010.08.04 07:25:07 | 000,000,000 | ---D | M]
 
[2008.11.25 22:41:31 | 000,000,000 | ---D | M] -- C:\Users\akb\AppData\Roaming\mozilla\Extensions
[2008.11.25 22:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\akb\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Users\akb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: navigram.com ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\akb\Pictures\Backgrounds\IMG_0245.JPG
O24 - Desktop BackupWallPaper: C:\Users\akb\Pictures\Backgrounds\IMG_0245.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a6c59f3a-b947-11dd-935c-0021866689f5}\Shell\AutoRun\command - "" = .\Recycler\S-1-5-21-8402864756-053255762-3886314338-500\~WRL6931.tmp
O33 - MountPoints2\{a6c59f3a-b947-11dd-935c-0021866689f5}\Shell\explore\command - "" = .\Recycler\S-1-5-21-8402864756-053255762-3886314338-500\~WRL6931.tmp
O33 - MountPoints2\{a6c59f3a-b947-11dd-935c-0021866689f5}\Shell\Open\command - "" = .\Recycler\S-1-5-21-8402864756-053255762-3886314338-500\~WRL6931.tmp
O33 - MountPoints2\{d12f8269-56a5-11df-a42c-0021866689f5}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.29 14:15:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\akb\Desktop\OTL.exe
[2010.09.29 00:03:53 | 000,000,000 | ---D | C] -- C:\Users\akb\AppData\Roaming\Malwarebytes
[2010.09.29 00:03:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.29 00:03:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.29 00:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.29 00:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.28 23:55:29 | 000,000,000 | ---D | C] -- C:\Users\akb\AppData\Roaming\Spyware Terminator
[2010.09.28 23:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.09.28 23:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.09.28 23:44:29 | 000,000,000 | ---D | C] -- C:\Users\akb\AppData\Local\Temp
[2010.09.28 21:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.09.28 21:51:04 | 000,000,000 | ---D | C] -- C:\Users\akb\AppData\Local\NPE
[2010.09.28 21:50:30 | 005,719,408 | ---- | C] (Symantec Corporation) -- C:\Users\akb\Desktop\NPE_150dt.exe
[2010.09.28 21:46:50 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.09.28 21:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010.09.28 21:30:17 | 000,000,000 | ---D | C] -- C:\Users\akb\DoctorWeb
[2010.09.28 19:34:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\akb\Desktop\HiJackThis204.exe
[2010.09.25 13:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.09.15 16:29:07 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.29 17:43:40 | 003,407,872 | -HS- | M] () -- C:\Users\akb\ntuser.dat
[2010.09.29 17:41:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.29 17:41:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.29 17:41:02 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.09.29 17:20:02 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.09.29 14:34:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.29 14:15:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\akb\Desktop\OTL.exe
[2010.09.29 14:11:12 | 001,439,514 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.29 14:11:12 | 000,633,824 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.29 14:11:12 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.29 14:11:12 | 000,127,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.29 14:11:12 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.29 14:05:12 | 000,000,340 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.09.29 14:04:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.29 14:04:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.29 14:04:32 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.29 00:50:44 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.29 00:50:38 | 000,524,288 | -HS- | M] () -- C:\Users\akb\ntuser.dat{e51c23ef-bbc0-11dd-9ece-0021866689f5}.TMContainer00000000000000000001.regtrans-ms
[2010.09.29 00:50:38 | 000,065,536 | -HS- | M] () -- C:\Users\akb\ntuser.dat{e51c23ef-bbc0-11dd-9ece-0021866689f5}.TM.blf
[2010.09.29 00:50:19 | 003,439,230 | -H-- | M] () -- C:\Users\akb\AppData\Local\IconCache.db
[2010.09.29 00:03:29 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 23:55:29 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.09.28 21:57:06 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A26BB9D-0A07-45AE-9DE5-2BEF4382D534}.job
[2010.09.28 21:50:35 | 005,719,408 | ---- | M] (Symantec Corporation) -- C:\Users\akb\Desktop\NPE_150dt.exe
[2010.09.28 19:34:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\akb\Desktop\HiJackThis204.exe
[2010.09.28 17:41:46 | 000,006,944 | ---- | M] () -- C:\Users\akb\AppData\Local\d3d9caps.dat
[2010.09.28 17:24:32 | 000,015,496 | ---- | M] () -- C:\Users\akb\Documents\cc_20100928_172414.reg
[2010.09.28 17:17:27 | 000,141,824 | ---- | M] () -- C:\Users\akb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.28 17:14:12 | 000,000,139 | ---- | M] () -- C:\Users\akb\AppData\Roaming\jsdfgs.bat
[2010.09.26 12:33:32 | 000,000,820 | ---- | M] () -- C:\Users\akb\AppData\Roaming\wklnhst.dat
[2010.09.22 17:20:29 | 001,310,339 | ---- | M] () -- C:\Users\akb\BLM_Flyer_2010_d.pdf
[2010.09.14 14:24:20 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010.09.08 09:16:26 | 000,112,456 | ---- | M] () -- C:\Users\akb\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.08 09:15:32 | 000,403,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.09.29 00:03:29 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 23:55:29 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.09.28 17:24:18 | 000,015,496 | ---- | C] () -- C:\Users\akb\Documents\cc_20100928_172414.reg
[2010.09.28 17:15:28 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.09.28 17:15:23 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.09.28 17:14:12 | 000,000,139 | ---- | C] () -- C:\Users\akb\AppData\Roaming\jsdfgs.bat
[2010.09.22 17:20:23 | 001,310,339 | ---- | C] () -- C:\Users\akb\BLM_Flyer_2010_d.pdf
[2010.04.05 14:42:32 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.04.05 14:42:32 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.03.24 20:32:09 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.24 20:32:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.03.08 23:59:57 | 000,006,944 | ---- | C] () -- C:\Users\akb\AppData\Local\d3d9caps.dat
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.20 18:22:54 | 014,566,424 | ---- | C] () -- C:\ProgramData\vlc-0.9.4-win32.exe
[2008.09.23 19:49:07 | 000,000,820 | ---- | C] () -- C:\Users\akb\AppData\Roaming\wklnhst.dat
[2008.09.17 17:41:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.09.17 17:33:36 | 000,141,824 | ---- | C] () -- C:\Users\akb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.16 14:53:31 | 000,000,000 | ---- | C] () -- C:\Users\akb\AppData\Local\QSwitch.txt
[2008.09.16 14:53:31 | 000,000,000 | ---- | C] () -- C:\Users\akb\AppData\Local\DSwitch.txt
[2008.09.16 14:53:31 | 000,000,000 | ---- | C] () -- C:\Users\akb\AppData\Local\AtStart.txt
[2008.08.04 00:42:49 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.05.09 00:14:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.05.03 00:38:24 | 000,000,748 | ---- | C] () -- C:\Windows\SetBrowser.ini
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >

--- --- ---

cosinus · 30.09.2010, 13:05

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O33 - MountPoints2\{a6c59f3a-b947-11dd-935c-0021866689f5}\Shell\AutoRun\command - "" = .\Recycler\S-1-5-21-8402864756-053255762-3886314338-500\~WRL6931.tmp
O33 - MountPoints2\{a6c59f3a-b947-11dd-935c-0021866689f5}\Shell\explore\command - "" = .\Recycler\S-1-5-21-8402864756-053255762-3886314338-500\~WRL6931.tmp
O33 - MountPoints2\{a6c59f3a-b947-11dd-935c-0021866689f5}\Shell\Open\command - "" = .\Recycler\S-1-5-21-8402864756-053255762-3886314338-500\~WRL6931.tmp
O33 - MountPoints2\{d12f8269-56a5-11df-a42c-0021866689f5}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe -- File not found
[2010.09.28 21:50:30 | 005,719,408 | ---- | C] (Symantec Corporation) -- C:\Users\akb\Desktop\NPE_150dt.exe
[2010.09.29 17:41:02 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.09.29 17:20:02 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.09.28 17:14:12 | 000,000,139 | ---- | M] () -- C:\Users\akb\AppData\Roaming\jsdfgs.bat
[2010.09.14 14:24:20 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Kartoffelita · 30.09.2010, 16:59

Ahoi,

hier die Logdatei von OTL

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6c59f3a-b947-11dd-935c-0021866689f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6c59f3a-b947-11dd-935c-0021866689f5}\ not found.
File .\Recycler\S-1-5-21-8402864756-053255762-3886314338-500\~WRL6931.tmp not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6c59f3a-b947-11dd-935c-0021866689f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6c59f3a-b947-11dd-935c-0021866689f5}\ not found.
File .\Recycler\S-1-5-21-8402864756-053255762-3886314338-500\~WRL6931.tmp not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6c59f3a-b947-11dd-935c-0021866689f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6c59f3a-b947-11dd-935c-0021866689f5}\ not found.
File .\Recycler\S-1-5-21-8402864756-053255762-3886314338-500\~WRL6931.tmp not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d12f8269-56a5-11df-a42c-0021866689f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d12f8269-56a5-11df-a42c-0021866689f5}\ not found.
File G:\Get_Started_for_Win.exe not found.
C:\Users\akb\Desktop\NPE_150dt.exe moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Users\akb\AppData\Roaming\jsdfgs.bat moved successfully.
C:\Users\Public\Documents\Games.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: akb
->Temp folder emptied: 43014 bytes
->Temporary Internet Files folder emptied: 62531349 bytes
->Java cache emptied: 81518053 bytes
->Flash cache emptied: 8303 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76280419 bytes
RecycleBin emptied: 63752591 bytes

Total Files Cleaned = 271,00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09302010_175118

Files\Folders moved on Reboot...
C:\Users\akb\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 30.09.2010, 17:23

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Kartoffelita · 30.09.2010, 20:04

Hier die Combofix.txt

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-30.01 - akb 30.09.2010  20:46:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3069.1800 [GMT 2:00]
ausgeführt von:: c:\users\akb\Desktop\cofi.exe.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\vlc-0.9.4-win32.exe
c:\users\akb\Documents\My Documents.url

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-28 bis 2010-09-30  ))))))))))))))))))))))))))))))
.

2010-09-30 18:53 . 2010-09-30 18:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-30 15:51 . 2010-09-30 15:51	--------	d-----w-	C:\_OTL
2010-09-29 12:31 . 2010-06-22 12:57	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-28 22:03 . 2010-09-28 22:03	--------	d-----w-	c:\users\akb\AppData\Roaming\Malwarebytes
2010-09-28 22:03 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-28 22:03 . 2010-09-28 22:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-28 22:03 . 2010-09-28 22:03	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-28 22:03 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-28 21:55 . 2010-09-28 21:55	6144	----a-w-	c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-09-28 21:55 . 2010-09-28 21:55	5632	----a-w-	c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-09-28 21:55 . 2010-09-30 15:49	--------	d-----w-	c:\programdata\Spyware Terminator
2010-09-28 21:55 . 2010-09-28 21:57	--------	d-----w-	c:\users\akb\AppData\Roaming\Spyware Terminator
2010-09-28 21:55 . 2010-09-28 21:55	142592	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2010-09-28 21:55 . 2010-09-28 21:56	--------	d-----w-	c:\program files\Spyware Terminator
2010-09-28 21:44 . 2010-09-30 18:54	--------	d-----w-	c:\users\akb\AppData\Local\Temp
2010-09-28 19:51 . 2010-09-28 19:51	--------	d-----w-	c:\programdata\Norton
2010-09-28 19:51 . 2010-09-28 22:47	--------	d-----w-	c:\users\akb\AppData\Local\NPE
2010-09-28 19:46 . 2009-06-30 08:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2010-09-28 19:46 . 2010-09-28 19:46	--------	d-----w-	c:\program files\Panda Security
2010-09-28 19:30 . 2010-09-28 19:30	--------	d-----w-	c:\users\akb\DoctorWeb
2010-09-15 14:29 . 2010-04-16 16:10	501760	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 14:29 . 2010-08-17 13:32	126464	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 14:29 . 2010-04-05 16:08	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:25 . 2010-05-27 19:16	738816	----a-w-	c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 18:54 . 2008-09-17 15:39	--------	d-----w-	c:\users\akb\AppData\Roaming\Skype
2010-09-30 18:43 . 2009-10-25 19:34	--------	d-----w-	c:\users\akb\AppData\Roaming\stickies
2010-09-30 17:17 . 2008-06-13 12:22	633824	----a-w-	c:\windows\system32\perfh007.dat
2010-09-30 17:17 . 2008-06-13 12:22	127776	----a-w-	c:\windows\system32\perfc007.dat
2010-09-30 15:55 . 2008-09-17 15:41	--------	d-----w-	c:\users\akb\AppData\Roaming\skypePM
2010-09-30 15:53 . 2009-01-28 13:51	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-30 15:52 . 2008-06-13 02:37	1076	----a-w-	c:\windows\bthservsdp.dat
2010-09-28 22:42 . 2008-12-25 21:30	--------	d-----w-	c:\program files\QuickTime
2010-09-28 15:41 . 2009-03-08 21:59	6944	----a-w-	c:\users\akb\AppData\Local\d3d9caps.dat
2010-09-28 14:51 . 2009-09-15 18:29	--------	d-----w-	c:\users\akb\AppData\Roaming\BitTorrent
2010-09-26 21:24 . 2008-11-27 13:36	--------	d-----w-	c:\program files\BitTorrent
2010-09-26 10:33 . 2008-09-23 17:49	820	----a-w-	c:\users\akb\AppData\Roaming\wklnhst.dat
2010-09-25 11:29 . 2009-05-16 07:27	--------	d-----w-	c:\program files\Google
2010-09-25 10:29 . 2008-09-17 15:50	--------	d-----w-	c:\program files\Trillian
2010-09-18 09:59 . 2009-03-07 20:27	1	----a-w-	c:\users\akb\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-17 05:19 . 2008-06-13 04:07	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-10 18:25 . 2008-09-20 17:34	--------	d-----w-	c:\users\akb\AppData\Roaming\dvdcss
2010-09-08 07:16 . 2008-09-16 12:53	112456	----a-w-	c:\users\akb\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-31 22:13 . 2009-08-17 00:52	--------	d-----w-	c:\users\akb\AppData\Roaming\Wexui
2010-08-31 17:08 . 2009-12-26 10:20	--------	d-----w-	c:\users\akb\AppData\Roaming\Zevuma
2010-08-16 01:07 . 2008-06-13 03:55	--------	d-----w-	c:\program files\Microsoft Works
2010-08-07 12:55 . 2010-08-07 12:54	1330904	----a-w-	c:\programdata\Creative\Software Update\cache\Creative ZEN Stone Firmware 1.06.01__\ZENStone_PCFW_US_1_06_01.exe
2010-08-04 05:25 . 2008-09-16 15:49	--------	d-----w-	c:\program files\Flock
2008-06-13 12:27 . 2008-06-13 12:27	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-03-27 21898024]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-09-28 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

c:\users\akb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-1-16 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-09-28 142592]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-09-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-16 07:27]

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{8A26BB9D-0A07-45AE-9DE5-2BEF4382D534}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: navigram.com\www
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-30 20:54
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  CTZDetec.exe = c:\program files\Creative\Creative Media Lite\CTZDetec.exe?"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Zeit der Fertigstellung: 2010-09-30  20:55:50
ComboFix-quarantined-files.txt  2010-09-30 18:55

Vor Suchlauf: 8 Verzeichnis(se), 76.849.356.800 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 76.787.978.240 Bytes frei

- - End Of File - - 510DAE6F1B749E6757FF5FB186CDA858

--- --- ---

cosinus · 30.09.2010, 20:06

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Trojaner, Virus ?

Plagegeister aller Art und deren Bekämpfung: Trojaner, Virus ?

Trojaner, Virus ?

Trojaner, Virus ?

Trojaner, Virus ?

Trojaner, Virus ?

Trojaner, Virus ?

Trojaner, Virus ?

Trojaner, Virus ?

Trojaner, Virus ?

Trojaner, Virus ?

Trojaner, Virus ?

Ähnliche Themen: Trojaner, Virus ?