|
Plagegeister aller Art und deren Bekämpfung: Rootkit auf PC und Internet Störungen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.10.2010, 17:40 | #1 |
| Rootkit auf PC und Internet Störungen. Hey Leute! Hab ein relativ großes Problem und weiß echt nicht mehr weiter. Hab schon ein paar Forenbeiträge gefunden aber zu 100% passen die Aussagen ja nie. Also folgendes Problem habe ich: Mein Avast meldet bei jedem Hochfahren das ein Rootkit gefunden wurde (Name: win32:malob-cb [cryp]) . Ich lösche die Datei doch sie kommt scheibar immer wieder neu. Ich habe es mit den verschiedensten Programmen versucht aber bekomme das Ding nicht weg. Hab mal HijackThis drüber laufen lassen und folgendes kam dabei heraus: joHiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:13:59, on 08.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Dokumente und Einstellungen\Jerome Spiele\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Programme\Pando Networks\Media Booster\PMB.exe D:\Photoshop\PhotoshopElementsFileAgent.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe D:\Alcohol\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\ICQ7.2\ICQ.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Jerome Spiele\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) O1 - Hosts: AmsServer O1 - Hosts: AmsServer O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Vyuvevez] rundll32.exe "C:\WINDOWS\ikucivirebanupe.dll",Startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Dokumente und Einstellungen\Jerome Spiele\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Isimupewukuwup] rundll32.exe "C:\WINDOWS\mscodkbc.dll",Startup O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SIMBAR={F42F4331-BA6A-4535-9B88-2864CBEAFB69}; GTB6.4; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 3.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"hxxp://www.liquid.se/pong/" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Jerome Spiele\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Jerome Spiele\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236294227859 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238773095215&h=6853b74ae968eb33ca1ee7fe57355f2b/&filename=jinstall-6u13-windows-i586-jc.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - hxxp://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Photoshop\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9eb488ef1d69a) (gupdate1c9eb488ef1d69a) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\PC Tools Security\pctsSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Programme\Tunngle\TnglCtrl.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 16305 bytes weiß nicht genau ob ich das jetzt richtig gemacht habe oder nicht Ich habe meine Dateien schon gesichert von da her ist es mir auch egal ob ich mein System platt machen muss aber ich würde nur gerne wissen ob es umbedingt nötig ist. Vorallem zeigt Avast auch an, dass der Arbeitsspeicher nen Virus drauf hat. Ist der dann auch noch da wenn ich das System neu mache? Zum Schluss eine 3. Frage (ich weiß ich bin unverschämt ) Mein Internet hat seit ca. einer Woche immer wieder Störungen. Seltsam ist, das bei den Ströungen das Internet nicht ganz weg ist, sondern nur verdammt langsam läuft. Programme wie ICQ oder Skype laden überhaupt nicht mehr und die Internetseiten bauen sich nur sehr langsam auf. Bei meinem "Status von Lanverbindung" werden viel mehr Bytes Gesendet als Empfangen wird. Den Virus habe ich ca. seit letzter Woche Montag drauf und das Internetproblem seit letzter Woche Donnerstag, haben beide dinge etwas miteinander zu tun? Was auch seltsam ist, ist dass nicht nur mein PC das Internetproblem hat. Die Pc´s im ganzen Haus haben diese Störung (2 Lan PC´s und 1 WLan Laptop). Meine Wii kann sich auch nichtmehr ins Internet einwählen. Habe mit 1&1 telefoniert doch die haben nach mehreren Messungen gemeint, dass bei mir das volle Signal ankommt und auch der Router ohne probleme läuft. Es sei angeblich etwas auf unseren Pc´s, was ich mir aber schlecht vorstellen kann da ja selbst die Wii sich nicht mit dem Internet verbinden kann. So das war´s erstmal ich hoffe ich hab euch jetzt nicht totgelabert Wäre cool wenn ihr mir bald helfen könntet. Gruß Stone Edit: Jetzt kam gerade wieder eine Meldung von Avast : Malware wurde gefunden Datei-Name: C:\WINDOWS\TEMP\10680ca3f598d Malware-Name: Win32:Bubak [Rtk] Malware-Typ: Rootkit VPS Version: 101008-0, 08.10.2010 hab den jetzt wieder gelöscht aber die Malware ist eh immernoch drauf Geändert von StoneCold565 (08.10.2010 um 17:54 Uhr) |
08.10.2010, 20:37 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit auf PC und Internet Störungen. Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
09.10.2010, 14:08 | #3 |
| Rootkit auf PC und Internet Störungen. so hab beide Programme durchlaufen lassen:
__________________OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.10.2010 14:49:40 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\****\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 73,28 Gb Total Space | 1,70 Gb Free Space | 2,31% Space Free | Partition Type: NTFS Drive D: | 71,86 Gb Total Space | 6,06 Gb Free Space | 8,44% Space Free | Partition Type: NTFS Drive E: | 3,90 Gb Total Space | 0,21 Gb Free Space | 5,50% Space Free | Partition Type: FAT32 Drive F: | 149,04 Gb Total Space | 1,19 Gb Free Space | 0,80% Space Free | Partition Type: NTFS Drive G: | 5,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 465,65 Gb Total Space | 382,41 Gb Free Space | 82,12% Space Free | Partition Type: FAT32 Computer Name: **** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Dokumente und Einstellungen\****\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - D:\Photoshop\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe () PRC - D:\Alcohol\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Alwil Software\Avast4\AhJsctNs.dll (ALWIL Software) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (sdCoreService) -- C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (sdAuxService) -- C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor7.0) -- D:\Photoshop\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (StyleXPService) -- C:\Programme\TGTSoft\StyleXP\StyleXPService.exe () SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (StarWindService) -- D:\Alcohol\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) SRV - (btwdins) -- C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (MySql) -- C:\mysql\bin\mysqld-nt.exe () ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (SetupNTGLM7X) -- G:\NTGLM7X.sys File not found DRV - (oreans32) -- C:\WINDOWS\System32\drivers\oreans32.sys File not found DRV - (NTACCESS) -- G:\NTACCESS.sys File not found DRV - (MSICPL) -- G:\install4\MSICPL.sys File not found DRV - (GMSIPCI) -- G:\INSTALL\GMSIPCI.SYS File not found DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools) DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (s816mdm) -- C:\WINDOWS\system32\drivers\s816mdm.sys (MCCI Corporation) DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s816mgmt.sys (MCCI Corporation) DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\WINDOWS\system32\drivers\s816unic.sys (MCCI) DRV - (s816obex) -- C:\WINDOWS\system32\drivers\s816obex.sys (MCCI Corporation) DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\WINDOWS\system32\drivers\s816nd5.sys (MCCI Corporation) DRV - (s816mdfl) -- C:\WINDOWS\system32\drivers\s816mdfl.sys (MCCI Corporation) DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\WINDOWS\system32\drivers\s816bus.sys (MCCI Corporation) DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (rockusb) -- C:\WINDOWS\system32\drivers\rockusb.sys (Fuzhou Rockchip Electronics Co,Ltd.) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (StyleXPHelper) -- C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe (Windows (R) 2000 DDK provider) DRV - (sony_ssm.sys) -- C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\sony_ssm.sys (Sony DADC Austria AG.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (Vax347b) -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys ( ) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\Pfmodnt.sys (Creative Technology Ltd.) DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\lhidke.sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\lmouke.sys (Logitech, Inc.) DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\lhidusbk.sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\l8042mou.sys (Logitech, Inc.) DRV - (MVDCODEC) -- C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI Technologies Inc.) DRV - (Vax347s) -- C:\WINDOWS\System32\Drivers\Vax347s.sys ( ) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (WIDCOMM, Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Labtec Inc.) DRV - (PID_08A0) Labtec WebCam Pro(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Labtec Inc.) DRV - (PRISM_A00) -- C:\WINDOWS\system32\drivers\PRISMA00.sys () DRV - (UKBFLT) -- C:\WINDOWS\system32\drivers\UKBFLT.sys (Chicony) DRV - (WBUSB) -- C:\WINDOWS\system32\drivers\wbusb.sys (Winbond Electronics Corp.) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.66311 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.4.15 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {FE4AEA3E-02E6-4A1B-89C8-4D56F9CA2D34}:1.9.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{FE4AEA3E-02E6-4A1B-89C8-4D56F9CA2D34}: C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\{FE4AEA3E-02E6-4A1B-89C8-4D56F9CA2D34} [2010.09.22 19:08:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.22 14:29:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.09 14:14:49 | 000,000,000 | ---D | M] [2009.07.06 14:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Extensions [2010.10.08 20:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\extensions [2010.04.27 20:17:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.29 13:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.25 13:37:54 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.08.10 20:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.19 16:46:37 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.04 15:07:59 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-1.xml [2010.06.28 22:20:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-10.xml [2010.06.29 13:24:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-11.xml [2010.07.27 11:44:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-12.xml [2010.09.11 16:43:31 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-13.xml [2010.09.22 14:30:01 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-14.xml [2009.08.25 13:51:59 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-2.xml [2009.11.13 18:37:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-3.xml [2009.11.14 21:38:40 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-4.xml [2010.02.19 16:12:57 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-5.xml [2010.03.18 19:34:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-6.xml [2010.03.24 00:54:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-7.xml [2010.04.06 02:55:39 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-8.xml [2010.06.19 16:47:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin-9.xml [2010.06.29 13:24:04 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin.gif [2010.06.29 13:24:04 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin.src [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcqq60h.default\searchplugins\icqplugin.xml [2010.10.08 20:43:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.10 14:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2006.06.21 12:47:49 | 000,000,000 | ---D | M] (WhenU) -- C:\Programme\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34} [2009.07.22 11:22:56 | 000,000,000 | ---D | M] (**** MediaBar) -- C:\Programme\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [2008.12.11 03:21:54 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Programme\Mozilla Firefox\plugins\npijjiCHPlugin.dll [2008.09.10 09:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Programme\Mozilla Firefox\plugins\npijjiFFPlugin1.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.03.18 19:34:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.18 19:34:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.18 19:34:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.18 19:34:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.18 19:34:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.06.09 15:32:56 | 000,000,845 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 support.alcohol-soft.com O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: AmsServer O1 - Hosts: AmsServer O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (IE Toolbar) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - Reg Error: Value error. File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (**** MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\**** Applications\**** MediaBar\****MediaBar.dll (****) O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (**** MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\**** Applications\**** MediaBar\****MediaBar.dll (****) O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Vyuvevez] C:\WINDOWS\ikucivirebanupe.DLL File not found O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe () O4 - HKCU..\Run: [Isimupewukuwup] C:\WINDOWS\mscodkbc.DLL File not found O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKCU..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (IE Toolbar) O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236294227859 (WUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238773095215&h=6853b74ae968eb33ca1ee7fe57355f2b/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://arcade.icq.com/carlo/zuma/popcaploader_v5.cab (PopCapLoader Object) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Value error. File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2004.10.20 18:36:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.06.28 13:56:54 | 000,000,074 | R--- | M] () - G:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2010.01.26 17:15:22 | 000,000,191 | ---- | M] () - M:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{a3669c67-6665-11d9-822a-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{a3669c67-6665-11d9-822a-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a3669c67-6665-11d9-822a-806d6172696f}\Shell\AutoRun\command - "" = H:\autoplay.exe -- File not found O33 - MountPoints2\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\Shell\AutoRun\command - "" = hh start.chm O33 - MountPoints2\{b1151ac2-d22b-11df-b5d8-001109b2b078}\Shell\AutoRun\command - "" = M:\Get_Started_for_Win.exe -- [2009.12.18 19:52:24 | 023,663,725 | ---- | M] (Adobe Systems, Inc.) O33 - MountPoints2\{c8e05e86-372d-11d9-bcc7-00038a000015}\Shell\AutoRun\command - "" = H:\OEMBranding.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.09 14:26:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010.10.09 14:16:18 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\**** ****\Desktop\OTL.exe [2010.10.09 12:16:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Malwarebytes [2010.10.09 12:16:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.09 12:16:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.09 12:16:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.09 12:16:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.06 14:00:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Uniblue [2010.10.06 14:00:50 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.10.03 14:24:19 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\**** ****\Desktop\HiJackThis204.exe [2010.09.28 13:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.09.28 13:49:55 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys [2010.09.28 13:49:55 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys [2010.09.28 13:49:54 | 000,247,824 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2010.09.28 13:49:46 | 000,237,632 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2010.09.28 13:49:46 | 000,159,296 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2010.09.28 13:49:30 | 000,087,400 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys [2010.09.28 13:49:30 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys [2010.09.28 13:49:29 | 000,123,968 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys [2010.09.28 13:49:29 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010.09.28 13:49:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.09.28 13:48:47 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security [2010.09.28 13:48:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools [2010.09.28 13:48:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\PC Tools [2010.09.28 13:45:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2010.09.25 19:45:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center [2010.09.25 13:45:53 | 000,000,000 | ---D | C] -- C:\!KillBox [2010.09.24 12:05:17 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.09.24 12:01:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software [2010.09.24 12:00:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2010.09.24 11:50:49 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Dokumente und Einstellungen\**** ****\Desktop\KillBox.exe [2010.09.24 02:58:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore [2010.09.23 22:49:41 | 011,772,872 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**** ****\Desktop\windows-kb890830-v3.11.exe [2010.09.22 19:08:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\{FE4AEA3E-02E6-4A1B-89C8-4D56F9CA2D34} [2010.09.21 02:23:37 | 000,000,000 | ---D | C] -- C:\Neuer Ordner (2) [2010.09.10 18:29:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\DVDVideoSoft [2005.10.18 19:21:20 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys [2005.10.18 19:21:20 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys [2004.10.20 19:17:28 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [7 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.09 14:51:14 | 000,565,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.10.09 14:49:29 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.09 14:27:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.09 14:25:52 | 000,192,569 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.10.09 14:25:45 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.09 14:25:44 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.10.09 14:25:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.10.09 14:25:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.09 14:24:43 | 019,398,656 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\ntuser.dat [2010.10.09 14:24:31 | 000,001,366 | ---- | M] () -- C:\WINDOWS\win.ini [2010.10.09 14:24:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.10.09 14:24:31 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2010.10.09 14:16:26 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\**** ****\Desktop\OTL.exe [2010.10.09 12:16:04 | 000,000,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.08 21:13:00 | 000,000,136 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\default.pls [2010.10.08 21:12:53 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.08 21:11:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.10.08 21:11:02 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.10.08 16:01:20 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for **** ****.job [2010.10.08 15:25:17 | 000,192,512 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.07 14:09:35 | 004,526,080 | ---- | M] () -- C:\FRITZ.Box_Fon_WLAN_7113.60.04.68.image [2010.10.06 14:00:53 | 000,000,733 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.10.06 13:50:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat [2010.10.03 14:24:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\**** ****\Desktop\HiJackThis204.exe [2010.10.03 13:55:40 | 000,464,720 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.03 13:55:40 | 000,446,294 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.03 13:55:40 | 000,087,128 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.03 13:55:40 | 000,073,500 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.03 12:23:19 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.09.28 13:50:13 | 000,649,940 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB [2010.09.28 13:49:43 | 000,001,618 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk [2010.09.28 13:45:24 | 000,507,360 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Desktop\sdsetup.exe [2010.09.27 19:13:59 | 000,008,192 | ---- | M] () -- C:\Kirbys Fun Pak (E).srm [2010.09.27 19:07:06 | 000,002,048 | ---- | M] () -- C:\Diddy Kong Quest (D, F, E).srm [2010.09.27 19:06:58 | 002,845,553 | ---- | M] () -- C:\Kirbys Fun Pak (E).zip [2010.09.27 16:14:37 | 000,102,453 | ---- | M] () -- C:\Diddy Kong Quest (D, F, E).000 [2010.09.27 15:43:28 | 002,998,548 | ---- | M] () -- C:\Diddy Kong Quest (D, F, E).zip [2010.09.26 20:35:38 | 000,002,048 | ---- | M] () -- C:\Donkey Kong Country (D, F, E).srm [2010.09.26 20:34:17 | 000,008,192 | ---- | M] () -- C:\Zelda 3 (D).srm [2010.09.26 20:05:36 | 000,713,910 | ---- | M] () -- C:\Zelda 3 (D).zip [2010.09.26 16:55:47 | 000,121,375 | ---- | M] () -- C:\Donkey Kong Country (D, F, E).000 [2010.09.26 16:49:19 | 000,117,119 | ---- | M] () -- C:\Donkey Kong Country (D, F, E).001 [2010.09.24 18:34:45 | 000,008,192 | ---- | M] () -- C:\Super Metroid (E).srm [2010.09.24 18:15:12 | 000,100,334 | ---- | M] () -- C:\Super Metroid (E).000 [2010.09.24 14:32:57 | 001,579,444 | ---- | M] () -- C:\Super Metroid (E).zip [2010.09.24 12:53:40 | 002,616,448 | ---- | M] () -- C:\Donkey Kong Country (D, F, E).zip [2010.09.24 12:05:15 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.09.24 11:50:49 | 000,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Dokumente und Einstellungen\**** ****\Desktop\KillBox.exe [2010.09.23 22:49:43 | 011,772,872 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**** ****\Desktop\windows-kb890830-v3.11.exe [2010.09.23 18:50:46 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kwezamew.dat [2010.09.23 01:44:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fcariyiy.bin [2010.09.20 07:14:07 | 005,836,118 | -H-- | M] () -- C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.09.17 00:29:11 | 001,082,358 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.15 21:10:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.09.10 18:29:38 | 000,000,910 | ---- | M] () -- C:\Dokumente und Einstellungen\**** ****\Desktop\DVDVideoSoft Free Studio.lnk [7 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.09 12:16:04 | 000,000,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.08 21:11:02 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010.10.08 21:11:02 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010.10.07 14:09:21 | 004,526,080 | ---- | C] () -- C:\FRITZ.Box_Fon_WLAN_7113.60.04.68.image [2010.10.06 14:01:01 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.10.06 14:00:53 | 000,000,733 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.09.28 13:49:56 | 000,649,940 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB [2010.09.28 13:49:43 | 000,001,618 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk [2010.09.28 13:46:00 | 000,507,360 | ---- | C] () -- C:\Dokumente und Einstellungen\**** ****\Desktop\sdsetup.exe [2010.09.27 19:13:59 | 000,008,192 | ---- | C] () -- C:\Kirbys Fun Pak (E).srm [2010.09.27 19:07:06 | 000,002,048 | ---- | C] () -- C:\Diddy Kong Quest (D, F, E).srm [2010.09.27 19:06:54 | 002,845,553 | ---- | C] () -- C:\Kirbys Fun Pak (E).zip [2010.09.27 16:14:37 | 000,102,453 | ---- | C] () -- C:\Diddy Kong Quest (D, F, E).000 [2010.09.27 15:43:24 | 002,998,548 | ---- | C] () -- C:\Diddy Kong Quest (D, F, E).zip [2010.09.26 20:34:17 | 000,008,192 | ---- | C] () -- C:\Zelda 3 (D).srm [2010.09.26 20:05:35 | 000,713,910 | ---- | C] () -- C:\Zelda 3 (D).zip [2010.09.24 18:15:12 | 000,100,334 | ---- | C] () -- C:\Super Metroid (E).000 [2010.09.24 17:20:22 | 000,008,192 | ---- | C] () -- C:\Super Metroid (E).srm [2010.09.24 14:32:54 | 001,579,444 | ---- | C] () -- C:\Super Metroid (E).zip [2010.09.24 14:00:25 | 000,117,119 | ---- | C] () -- C:\Donkey Kong Country (D, F, E).001 [2010.09.24 13:11:42 | 000,002,048 | ---- | C] () -- C:\Donkey Kong Country (D, F, E).srm [2010.09.24 13:11:39 | 000,121,375 | ---- | C] () -- C:\Donkey Kong Country (D, F, E).000 [2010.09.24 12:53:35 | 002,616,448 | ---- | C] () -- C:\Donkey Kong Country (D, F, E).zip [2010.09.24 12:06:58 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.09.22 19:14:03 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.09.22 19:08:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kwezamew.dat [2010.09.22 19:08:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fcariyiy.bin [2010.06.25 14:56:42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010.06.25 14:56:42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010.06.25 14:56:42 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010.05.09 18:14:09 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010.03.15 23:11:11 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.12.07 16:16:44 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\setup_ldm.iss [2009.07.19 13:47:55 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D8A14DDDC1.sys [2009.07.19 13:47:52 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009.03.06 00:57:19 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Dit.INI [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.04.17 21:30:14 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2007.12.28 16:11:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2007.12.28 15:58:35 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll [2007.12.28 15:58:32 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2007.12.28 15:58:31 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll [2007.12.28 15:58:31 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll [2007.12.28 15:58:31 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys [2007.12.28 15:58:31 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys [2007.12.01 13:04:49 | 000,000,045 | ---- | C] () -- C:\WINDOWS\‚¨‚Å‚ñ.INI [2007.11.20 16:23:20 | 000,000,122 | ---- | C] () -- C:\WINDOWS\wa.INI [2007.11.17 17:10:23 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2007.06.28 18:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.06.28 18:43:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.06.28 18:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.06.28 18:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.06.28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.03.06 18:10:40 | 000,000,018 | ---- | C] () -- C:\WINDOWS\ssetup.ini [2007.03.06 16:41:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI [2007.01.29 23:56:45 | 000,000,270 | ---- | C] () -- C:\WINDOWS\cncscore.ini [2007.01.11 23:48:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.01.07 17:53:59 | 000,845,312 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2007.01.07 17:53:59 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2006.12.20 19:19:54 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2006.12.20 19:19:53 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2006.11.15 20:20:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2006.11.02 15:58:59 | 000,017,191 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006.10.29 21:39:59 | 000,000,087 | ---- | C] () -- C:\WINDOWS\GBA.ini [2006.09.19 21:05:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI [2006.08.22 20:08:25 | 000,001,719 | ---- | C] () -- C:\WINDOWS\vba.ini [2006.06.17 21:14:22 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.04.29 17:25:40 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll [2006.04.28 23:10:43 | 000,000,196 | ---- | C] () -- C:\WINDOWS\gfscore.ini [2006.04.25 22:40:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI [2006.04.24 23:02:38 | 000,003,237 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.03.18 15:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2006.03.12 21:21:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\MixBKS.INI [2006.03.12 20:54:46 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2006.03.12 20:54:24 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini [2006.03.12 20:54:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2006.03.12 20:54:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006.03.12 20:54:23 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll [2006.03.12 20:54:12 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2006.03.03 21:21:47 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.02.24 13:41:39 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006.02.23 14:54:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliardsDemo.INI [2006.01.31 20:08:23 | 000,000,200 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI [2005.12.25 00:02:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2005.11.22 18:37:54 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2005.10.18 16:05:40 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2005.09.24 16:01:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\CIV.INI [2005.09.22 21:32:15 | 000,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll [2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll [2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll [2005.08.10 12:45:29 | 000,000,827 | ---- | C] () -- C:\WINDOWS\WinPolis32.ini [2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2005.08.09 15:14:50 | 000,002,653 | ---- | C] () -- C:\WINDOWS\winpolis.ini [2005.08.02 23:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2005.06.24 20:48:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI [2005.05.16 19:02:27 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005.03.21 09:47:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2005.03.21 09:47:35 | 000,000,572 | ---- | C] () -- C:\WINDOWS\Sierra.ini [2005.03.04 22:41:05 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2005.02.27 13:09:34 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL [2005.01.24 16:32:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\WETTENDA.INI [2005.01.22 21:23:29 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll [2005.01.22 21:23:28 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll [2005.01.15 11:48:23 | 000,192,512 | ---- | C] () -- C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.01.14 22:01:31 | 000,000,226 | ---- | C] () -- C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\wklnhst.dat [2005.01.14 22:01:31 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004.11.14 15:36:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2004.11.14 15:22:01 | 000,000,016 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2004.11.12 12:17:58 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\C3A5F9DBA9.sys [2004.10.20 20:50:02 | 000,000,774 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004.10.20 20:28:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.10.20 19:53:49 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini [2004.10.20 19:17:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2004.10.20 19:10:04 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2004.10.20 19:10:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll [2004.10.20 19:10:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll [2004.10.20 19:10:04 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll [2004.10.20 19:10:04 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini [2004.10.20 18:40:34 | 000,000,871 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.10.20 18:40:19 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.10.20 18:19:55 | 000,002,350 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004.10.20 18:19:23 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\ole6g1fz.dll [2004.10.01 09:11:20 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2004.09.28 23:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004.09.28 20:20:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll [2004.09.28 20:20:27 | 000,380,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\PRISMA00.sys [2004.03.31 18:13:32 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2004.03.31 18:13:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2004.03.31 18:13:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll [2004.03.31 18:13:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll [2004.03.31 18:13:32 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys [2004.03.31 18:13:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll [2004.03.31 18:13:30 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2004.03.31 18:13:30 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2003.01.09 20:03:05 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini [1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997.09.04 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1997.09.04 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997.09.04 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VADE232.DLL [1997.09.04 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 48 bytes -> C:\WINDOWS:853D0B9701FA16D0 @Alternate Data Stream - 195 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1048AE9D @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C6EBC69 < End of report > Exras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.10.2010 14:49:40 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\**** ****\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 73,28 Gb Total Space | 1,70 Gb Free Space | 2,31% Space Free | Partition Type: NTFS Drive D: | 71,86 Gb Total Space | 6,06 Gb Free Space | 8,44% Space Free | Partition Type: NTFS Drive E: | 3,90 Gb Total Space | 0,21 Gb Free Space | 5,50% Space Free | Partition Type: FAT32 Drive F: | 149,04 Gb Total Space | 1,19 Gb Free Space | 0,80% Space Free | Partition Type: NTFS Drive G: | 5,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 465,65 Gb Total Space | 382,41 Gb Free Space | 82,12% Space Free | Partition Type: FAT32 Computer Name: **** Current User Name: **** **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "56233:TCP" = 56233:TCP:*:Enabled:Pando Media Booster "56233:UDP" = 56233:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "56233:TCP" = 56233:TCP:*:Enabled:Pando Media Booster "56233:UDP" = 56233:UDP:*:Enabled:Pando Media Booster "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found "C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 -- File not found "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found "C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found "C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found "C:\Programme\Ahead\SIPPS\SIPPS.exe" = C:\Programme\Ahead\SIPPS\SIPPS.exe:*:enabled:SIPPS -- (Ahead) "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a -- File not found "C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found "C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 -- File not found "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found "C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found "C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found "C:\Programme\Ahead\SIPPS\SIPPS.exe" = C:\Programme\Ahead\SIPPS\SIPPS.exe:*:enabled:SIPPS -- (Ahead) "D:\****\Call of Duty\CoDMP.exe" = D:\****\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- File not found "D:\****\Die Schlacht um Mittelerde(tm)\game.dat" = D:\****\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde (tm) -- File not found "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a -- File not found "D:\****\Warcraft III\Warcraft III.exe" = D:\****\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment) "D:\****\Warcraft III\war3.exe" = D:\****\Warcraft III\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment) "D:\****\Twisted Metal 2\TM2.EXE" = D:\****\Twisted Metal 2\TM2.EXE:*:Enabled:Twisted Metal 2 -- File not found "F:\****\Kazaa Lite\clean.kmd" = F:\****\Kazaa Lite\clean.kmd:*:Enabled:clean -- File not found "D:\****\Worms Forts Demo\WF.exe" = D:\****\Worms Forts Demo\WF.exe:*:Enabled:WF -- File not found "C:\Programme\Microsoft Games\Age of Empires\Empires.exe" = C:\Programme\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires -- File not found "D:\****\Condition Zero\czero.exe" = D:\****\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher -- File not found "D:\****\Steam\Steam.exe" = D:\****\Steam\Steam.exe:*:Enabled:Steam -- File not found "D:\****\World of Warcraft\WoW-1.4.0-deDE-downloader.exe" = D:\****\World of Warcraft\WoW-1.4.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OXMJQJS5\WoW-1.4.2.4375-to-0.5.0-deDE-downloader[1].exe" = C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OXMJQJS5\WoW-1.4.2.4375-to-0.5.0-deDE-downloader[1].exe:*:Enabled:Blizzard Downloader -- File not found "D:\****\World of Warcraft\WoW-1.4.2.4375-to-0.5.0-deDE-downloader.exe" = D:\****\World of Warcraft\WoW-1.4.2.4375-to-0.5.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\Dokumente und Einstellungen\**** ****\Eigene Dateien\wtv\wtvClient0.90.02\wtvClient.exe" = C:\Dokumente und Einstellungen\**** ****\Eigene Dateien\wtv\wtvClient0.90.02\wtvClient.exe:*:Enabled:wtvClient -- () "C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found "D:\****\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-deDE-downloader.exe" = D:\****\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für ****44bv16-webcache-zip.zip\****44bv16-webcache-zip\****.exe" = C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für ****44bv16-webcache-zip.zip\****44bv16-webcache-zip\****.exe:*:Enabled:**** -- (hxxp://www.****-project.net) "F:\****.de\****.exe" = F:\****.de\****.exe:*:Enabled:**** -- File not found "C:\Programme\MAIET\Gunz\Gunz.exe" = C:\Programme\MAIET\Gunz\Gunz.exe:*:Enabled:Gunz -- File not found "E:\mIRC\mirc.exe" = E:\mIRC\mirc.exe:*:Enabled:mIRC -- File not found "D:\****\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-deDE-downloader.exe" = D:\****\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\Valve\Steam\Steam.exe" = C:\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "D:\****\Die Schlacht um Mittelerde(tm)\patchget.dat" = D:\****\Die Schlacht um Mittelerde(tm)\patchget.dat:*:Enabled:patchgrabber -- File not found "D:\****\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-deDE-downloader.exe" = D:\****\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\Valve\Condition Zero\czero.exe" = C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher -- (Valve) "D:\****\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-deDE-downloader.exe" = D:\****\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Rar$EX00.937\volley.exe" = C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Rar$EX00.937\volley.exe:*:Enabled:volley -- File not found "C:\Diablo\Diablo.exe" = C:\Diablo\Diablo.exe:*:Enabled:Diablo -- File not found "D:\****\Die Schlacht um Mittelerde II\game.dat" = D:\****\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found "C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "F:\B\****\****.exe" = F:\B\****\****.exe:*:Enabled:**** -- (Free Peers, Inc.) "C:\Programme\****\****.exe" = C:\Programme\****\****.exe:*:Enabled:**** -- (www.****.com) "C:\mIRC\mirc.exe" = C:\mIRC\mirc.exe:*:Enabled:mIRC -- File not found "D:\****\Die Schlacht um Mittelerde II\patchget.dat" = D:\****\Die Schlacht um Mittelerde II\patchget.dat:*:Enabled:patchgrabber -- File not found "F:\StubInstaller.exe" = F:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found "C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Programme\SHOUTcast\sc_serv.exe" = C:\Programme\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv -- () "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found "F:\wtv\wtvClient.exe" = F:\wtv\wtvClient.exe:*:Enabled:wtvClient -- () "C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) "D:\****\Empire Earth\Empire Earth.exe" = D:\****\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth -- File not found "D:\****\Empire Earth II\EE2.exe" = D:\****\Empire Earth II\EE2.exe:*:Disabled:Empire Earth II -- File not found "D:\CS 1.6\hl.exe" = D:\CS 1.6\hl.exe:*:Disabled:Half-Life Launcher -- File not found "C:\Valve\Steam\SteamApps\stonecold5656\counter-strike\hl.exe" = C:\Valve\Steam\SteamApps\stonecold5656\counter-strike\hl.exe:*:Disabled:Half-Life Launcher -- (Valve) "C:\Programme\MAIET\Gunz\GunzLauncher.exe" = C:\Programme\MAIET\Gunz\GunzLauncher.exe:*:Disabled:NewApp MFC ?? ???? -- File not found "D:\****\****.exe" = D:\****\****.exe:*:Enabled:**** -- File not found "C:\Dokumente und Einstellungen\**** ****\Desktop\Neuer Ordner\empires2.exe" = C:\Dokumente und Einstellungen\**** ****\Desktop\Neuer Ordner\empires2.exe:*:Enabled:Age of Empires II -- File not found "G:\TM2.EXE" = G:\TM2.EXE:*:Enabled:TM2.EXE -- File not found "C:\Programme\Sony Interactive\Twisted Metal 2\TM2.EXE" = C:\Programme\Sony Interactive\Twisted Metal 2\TM2.EXE:*:Enabled:Twisted Metal 2 -- File not found "C:\Team17\Worms Armageddon\WA.exe" = C:\Team17\Worms Armageddon\WA.exe:*:Enabled:Worms Armageddon -- File not found "C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- File not found "C:\ijji\ENGLISH\u_gunz.exe" = C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader> -- File not found "C:\Programme\Garena\Garena.exe" = C:\Programme\Garena\Garena.exe:*:Enabled:Garena -- (Garena Interactive PTE LTD) "F:\Age of Empires 2\empires2.exe" = F:\Age of Empires 2\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation) "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "D:\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp -- () "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\wtvClient.exe" = C:\wtvClient.exe:*:Enabled:wtvClient -- File not found "D:\WTV\wtvClient.exe" = D:\WTV\wtvClient.exe:*:Enabled:wtvClient -- () "C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Rar$EX00.875\volley.exe" = C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Rar$EX00.875\volley.exe:*:Enabled:volley -- () "C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Rar$EX89.079\blobby-server.exe" = C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Rar$EX89.079\blobby-server.exe:*:Enabled:blobby-server -- () "C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Rar$EX00.376\volley.exe" = C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Temp\Rar$EX00.376\volley.exe:*:Enabled:volley -- File not found "C:\Programme\**** Applications\****\****.exe" = C:\Programme\**** Applications\****\****.exe:*:Enabled:**** -- File not found "C:\WTV\wtvClient.exe" = C:\WTV\wtvClient.exe:*:Enabled:wtvClient -- () "C:\Westwood\AR2\patchgetmd.dat" = C:\Westwood\AR2\patchgetmd.dat:*:Enabled:patchgrabber -- File not found "C:\Programme\Clusterball\Clusterball.exe" = C:\Programme\Clusterball\Clusterball.exe:*:Disabled:Clusterball -- (Daydream Software AB) "C:\Westwood\AR2\gamemd.exe" = C:\Westwood\AR2\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge -- File not found "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found "D:\Photoshop\AdobePhotoshopElementsMediaServer.exe" = D:\Photoshop\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- (Adobe Systems Incorporated) "C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found "C:\Dokumente und Einstellungen\**** ****\Desktop\wtvClient.exe" = C:\Dokumente und Einstellungen\**** ****\Desktop\wtvClient.exe:*:Enabled:wtvClient -- File not found "C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Dokumente und Einstellungen\**** ****\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "D:\LevelR\LevelR.bin" = D:\LevelR\LevelR.bin:*:Enabled:Game -- File not found "C:\Programme\StarCraft II Beta\StarCraft II.exe" = C:\Programme\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Programme\StarCraft II Beta\Support\BlizzardDownloader.exe" = C:\Programme\StarCraft II Beta\Support\BlizzardDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\StarCraft II Beta\Versions\Base15250\SC2.exe" = C:\Programme\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment) "D:\****\UT2004\System\UT2004.exe" = D:\****\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- () "C:\Programme\StarCraft II Beta\Versions\Base15392\SC2.exe" = C:\Programme\StarCraft II Beta\Versions\Base15392\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment) "C:\SIERRA\Empire Earth\Empire Earth.exe" = C:\SIERRA\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- () "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "M:\EE\EE2.exe" = M:\EE\EE2.exe:*:Enabled:Empire Earth II -- File not found "M:\Company of Heroes\RelicDownloader\RelicDownloader.exe" = M:\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found "M:\Company of Heroes\RelicCOH.exe" = M:\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH -- File not found "C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) "C:\Dokumente und Einstellungen\**** ****\Desktop\Neuer Ordner\wtvClient.exe" = C:\Dokumente und Einstellungen\**** ****\Desktop\Neuer Ordner\wtvClient.exe:*:Enabled:wtvClient -- () "M:\StarCraft II\StarCraft II.exe" = M:\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- File not found "M:\StarCraft II\Versions\Base15405\SC2.exe" = M:\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- File not found "C:3\StarCraft II\Versions\Base15405\SC2.exe" = C:3\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:SC2.exe ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{10162E91-BB26-AF99-909C-E840C15890E8}" = Catalyst Control Center Graphics Full Existing "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{17BADF87-3597-46FE-8D74-69C4FA78883E}" = Gothic 3 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{29C0E9C5-7718-D07B-633F-FD5BE27BBCE5}" = ccc-core-preinstall "{2A5782B3-9767-5DF6-8F5A-4900CD698845}" = Catalyst Control Center Graphics Light "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}" = CA Licensing "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{38EC695A-64CD-7C76-3C21-9ECB49880C70}" = Catalyst Control Center Core Implementation "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC "{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer "{47E0F183-E938-A97E-A3CF-9FD4D9893439}" = ccc-core-static "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere "{508D86EE-931E-4DEA-0BF8-25E30CE9EB42}" = ccc-utility "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}" = Labtec WebCam "{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}" = ATI Catalyst Control Center "{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{734BB64A-5A3D-4624-867D-6358B7068496}" = Sound Blaster Live! 24-bit "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A81A7E3-7391-ADFF-9014-F8F45F0337F6}" = CCC Help English "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}" = ConsumerUpdate "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{805C099D-2A20-DBF8-780C-52CA10916A14}" = Catalyst Control Center Graphics Full New "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{8E79A5A3-AA5F-DA1F-4BF2-EEC290A08709}" = Skins "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP "{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.6 "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 "{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI "{AC76BA86-7AD7-1031-7646-A70000000000}" = Adobe Reader 7.0 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator "{C064F50C-4B08-3136-48F5-B92130A47267}" = Catalyst Control Center Graphics Previews Common "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5223522-2B12-4522-B165-99EE6C88771E}" = eTrust Antivirus Registration "{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1955A3A-EA24-4682-8641-43B5B688B09A}" = USB Wireless Keyboard Driver "{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.4 "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E98D6792-FC51-4187-9448-CA9BF893384E}" = Bluetooth Software "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120% "{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL 2.0 "{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires "{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0 "{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1AF0731-AA7A-4F7A-B34B-DA3E8A319C34}" = XDream Command Center "{F2AD071E-2E86-4E8A-AA66-E8E222F84CDE}_is1" = Replay Explorer 3.0.2 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03 "Actionball" = Actionball "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player "Advanced SystemCare 3_is1" = Advanced SystemCare 3 "Agere Systems Soft Modem" = Agere Systems PCI Soft Modem "All ATI Software" = ATI - Software Uninstall Utility "AllToAVI" = AllToAVI v4 r5394 "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.4 "AURC_is1" = Audacity Recovery Utility "avast!" = avast! Antivirus "Battle.net" = Battle.net "**** MediaBar" = MediaBar 2.0 "****" = **** 1.1 "briblo" = briblo Screen Saver "CamStudio" = CamStudio "C-Media Audio Driver" = C-Media High Definition Audio Driver "Commopoly" = Commopoly "Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero "Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem "Debut" = Debut Video Capture Software "Desktop Maestro_is1" = Desktop Maestro 3.0 "Diablo II" = Diablo II "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "DVD Shrink_is1" = DVD Shrink 3.2 "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EndItAll_is1" = EndItAll 2.0 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FlashFXP v3.02 (Build 1045) Scene Edition" = FlashFXP v3.02 (Build 1045) Scene Edition "FLV Player" = FLV Player 2.0 (build 25) "Fraps" = Fraps "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Screen To Video_is1" = Free Screen To Video V 1.2 "Free Studio_is1" = Free Studio version 4.8 "Free YouTube Download_is1" = Free YouTube Download 2.9 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "GameSpy Arcade" = GameSpy Arcade "Gothic II" = Gothic II "ICQToolbar" = ICQ Toolbar "ICQ-Tools_is1" = mehr ICQ Statussymbole "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "InterActual Player" = InterActual Player "IrfanView" = IrfanView (remove only) "Kollektion für Erwachsene" = Kollektion für Erwachsene "Kollektion für Teenager" = Kollektion für Teenager "LabtecDrv" = Labtec® WebCam-Treiber "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Key" = Messenger Key 7.9 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mIRC" = mIRC "Moppi Flower Saver Installer_is1" = Moppi Flower Saver 1.0 "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "mplayer.com" = mplayer.com "MSNINST" = MSN "MySQL Servers and Clients 3.23.52" = MySQL Servers and Clients 3.23.52 "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "Office8.0" = Microsoft Office 97, Professional Edition "QuickTime" = QuickTime "RebirthRO01/10/2009/ FULL-CLIENT" = RebirthRO "Red Alert" = Red Alert Windows 95 "SCDNAS" = SHOUTcast DNAS (remove only) "Shockwave" = Shockwave "SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only) "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "softonic-de3 Toolbar" = softonic-de3 Toolbar "Sprühböden" = Sprühböden "Spyware Doctor" = Spyware Doctor 8.0 "StarCraft II" = StarCraft II "StarCraft II Beta" = StarCraft II Beta "Steam" = Steam "StyleXP" = StyleXP (remove only) "SysInfo" = Creative-Systeminformationen "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Tunngle beta_is1" = Tunngle beta "TV Movie ClickRecorder" = TV Movie ClickRecorder "Uninstall_is1" = Uninstall 1.0.0.1 "Unterwäsche für Teenager" = Unterwäsche für Teenager "Urban Operations" = Urban Operations "UT2004" = Unreal Tournament 2004 "VDMSound" = VDMSound "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 1.0.3 "Warkeys" = Warkeys 1.4.2.0b "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WE Unlimited_is1" = WE Unlimited 1.20 "Winamp" = Winamp "WinAVIVideoConverter_is1" = WinAVIVideoConverter "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Connect" = Windows Media Connect "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPolis" = WinPolis "WinRAR archiver" = WinRAR Archivierer "WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood "World of Warcraft" = World of Warcraft "xp-AntiSpy" = xp-AntiSpy 3.96-2 "Yahoo! Companion" = Yahoo! Toolbar "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced PDF Password Recovery" = Advanced PDF Password Recovery (remove only) "ijji FireFox Launcher" = ijji FireFox Launcher 1.0 "ijji.com" = ijji "Octoshape Streaming Services" = Octoshape Streaming Services "Warcraft III" = Warcraft III: All Products "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 08.11.2009 17:58:39 | Computer Name = **** | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of hxxp://www.wer-kennt-wen.de/gallery/image/ghvec3iav072n4zx3so5cu908kf/?now=1257717519531/ failed, 0000A413. Error - 13.11.2009 11:04:11 | Computer Name = **** | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of hxxp://apps.facebook.com/onthefarm/gifts_send.php?fb_sig_locale=de_DE&fb_sig_in_new_facebook=1&fb_sig_time=1258124564.1159&fb... failed, 0000A413. Error - 14.11.2009 08:57:50 | Computer Name = **** | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of hxxp://apps.facebook.com/onthefarm/gifts_send.php?fb_sig_locale=de_DE&fb_sig_in_new_facebook=1&fb_sig_time=1258203376.2148&fb... failed, 0000A413. Error - 15.11.2009 19:01:57 | Computer Name = **** | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of hxxp://apps.facebook.com/onthefarm/gifts.php?ref=interstitial failed, 0000A413. Error - 15.11.2009 19:02:09 | Computer Name = **** | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of hxxp://apps.facebook.com/onthefarm/index.php?ref=tab failed, 0000A413. Error - 23.05.2010 07:48:36 | Computer Name = **** | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOKUMENTE UND EINSTELLUNGEN\**** ****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\MICROSOFT\INTERNET EXPLORER\RECOVERY\LAST ACTIVE\RECOVERYSTORE.{1F554212-611D-11DF-B53B-001109B2B078}.DAT failed, 00000005. Error - 05.10.2010 18:07:48 | Computer Name = **** | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. Error - 06.10.2010 07:45:35 | Computer Name = **** | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. Error - 06.10.2010 08:00:15 | Computer Name = **** | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. Error - 07.10.2010 07:39:04 | Computer Name = **** | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. [ Application Events ] Error - 23.09.2010 08:14:27 | Computer Name = **** | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 23.09.2010 08:14:49 | Computer Name = **** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul ikucivirebanupe.dll, Version 0.0.0.0, Fehleradresse 0x000126d7. Error - 23.09.2010 10:06:40 | Computer Name = **** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 23.09.2010 10:06:40 | Computer Name = **** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 24.09.2010 06:01:22 | Computer Name = **** | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 28.09.2010 07:21:51 | Computer Name = **** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010f1e. Error - 02.10.2010 10:03:11 | Computer Name = **** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 06.10.2010 10:58:11 | Computer Name = **** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung divx plus player.exe, Version 10.1.2.50, fehlgeschlagenes Modul ir50_32.dll, Version 5.2562.15.55, Fehleradresse 0x0004e000. Error - 06.10.2010 13:37:37 | Computer Name = **** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x083f9290. Error - 08.10.2010 13:03:31 | Computer Name = **** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x06aa9290. [ System Events ] Error - 07.10.2010 07:39:15 | Computer Name = **** | Source = Service Control Manager | ID = 7034 Description = Dienst "MySql" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 07.10.2010 07:39:15 | Computer Name = **** | Source = Service Control Manager | ID = 7034 Description = Dienst "WMDM PMSP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 07.10.2010 07:39:15 | Computer Name = **** | Source = Service Control Manager | ID = 7034 Description = Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.10.2010 07:05:46 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Winbond Generic USB Controller" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error - 08.10.2010 07:08:11 | Computer Name = **** | Source = Service Control Manager | ID = 7034 Description = Dienst "SecuROM User Access Service (V7)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.10.2010 07:08:11 | Computer Name = **** | Source = Service Control Manager | ID = 7034 Description = Dienst "TunngleService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.10.2010 07:08:11 | Computer Name = **** | Source = Service Control Manager | ID = 7034 Description = Dienst "MySql" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.10.2010 07:08:11 | Computer Name = **** | Source = Service Control Manager | ID = 7034 Description = Dienst "WMDM PMSP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.10.2010 07:08:11 | Computer Name = **** | Source = Service Control Manager | ID = 7034 Description = Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 09.10.2010 08:22:34 | Computer Name = **** | Source = Service Control Manager | ID = 7034 Description = Dienst "SecuROM User Access Service (V7)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > danke schonmal für die Hilfe |
09.10.2010, 18:29 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit auf PC und Internet Störungen.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
09.10.2010, 18:46 | #5 |
| Rootkit auf PC und Internet Störungen. aso sorry wusste nicht das du den auch brauchast: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4784 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.10.2010 14:14:49 mbam-log-2010-10-09 (14-14-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|M:\|) Durchsuchte Objekte: 378802 Laufzeit: 1 Stunde(n), 51 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 13 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e1b2879-88ff-11d3-8d96-d7acac95951a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***** *****\Lokale Einstellungen\Temp\cmdo.exe (Malware.Tool) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\plugins\NPMyGlSh.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\apiqfw.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\apiqfw.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***** *****\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully. C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regedit.com (Worm.Alcra) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taskkill.com (Worm.P2P) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully. |
09.10.2010, 19:29 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit auf PC und Internet Störungen.Zitat:
__________________ --> Rootkit auf PC und Internet Störungen. |
09.10.2010, 20:03 | #7 |
| Rootkit auf PC und Internet Störungen. kA weiß ich nit hab garkeine Ahnung wie ich sowas einstelle oder eingestellt habe. |
09.10.2010, 21:01 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit auf PC und Internet Störungen. Ahja, und Du hast Alcohol auf Deinen Rechner? Originalversionen machen keine solchen Einträge in die hosts Datei
__________________ Logfiles bitte immer in CODE-Tags posten |
09.10.2010, 21:24 | #9 |
| Rootkit auf PC und Internet Störungen. Das ist eine Originalversion... hab ich von der PC-Welt DVD. Ausgabe 11/08 da waren 25 Kaufprogramme drauf. Unter anderem auch Alcohol. Aber es wäre cool wenn du mir bei meinen Fragen helfen könntest mein Internet läuft immernoch so langsam und die Malware ist auch noch drauf :/ |
10.10.2010, 19:14 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit auf PC und Internet Störungen. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O4 - HKLM..\Run: [Vyuvevez] C:\WINDOWS\ikucivirebanupe.DLL File not found O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe () O4 - HKCU..\Run: [Isimupewukuwup] C:\WINDOWS\mscodkbc.DLL File not found O32 - AutoRun File - [2010.06.28 13:56:54 | 000,000,074 | R--- | M] () - G:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2010.01.26 17:15:22 | 000,000,191 | ---- | M] () - M:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{a3669c67-6665-11d9-822a-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{a3669c67-6665-11d9-822a-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a3669c67-6665-11d9-822a-806d6172696f}\Shell\AutoRun\command - "" = H:\autoplay.exe -- File not found O33 - MountPoints2\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\Shell\AutoRun\command - "" = hh start.chm O33 - MountPoints2\{b1151ac2-d22b-11df-b5d8-001109b2b078}\Shell\AutoRun\command - "" = M:\Get_Started_for_Win.exe -- [2009.12.18 19:52:24 | 023,663,725 | ---- | M] (Adobe Systems, Inc.) O33 - MountPoints2\{c8e05e86-372d-11d9-bcc7-00038a000015}\Shell\AutoRun\command - "" = H:\OEMBranding.exe -- File not found [2010.09.22 19:08:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\{FE4AEA3E-02E6-4A1B-89C8-4D56F9CA2D34} [2010.09.23 18:50:46 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kwezamew.dat [2010.09.23 01:44:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fcariyiy.bin [2007.12.01 13:04:49 | 000,000,045 | ---- | C] () -- C:\WINDOWS\‚¨‚Å‚ñ.INI @Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 48 bytes -> C:\WINDOWS:853D0B9701FA16D0 @Alternate Data Stream - 195 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1048AE9D @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C6EBC69 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
10.10.2010, 23:30 | #11 |
| Rootkit auf PC und Internet Störungen. ok alles gemacht wie du gesagt hast : All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Vyuvevez deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinSys2 deleted successfully. C:\WINDOWS\system32\WinSys2.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Isimupewukuwup deleted successfully. File move failed. G:\Autorun.inf scheduled to be moved on reboot. File M:\autorun.inf not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3669c67-6665-11d9-822a-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3669c67-6665-11d9-822a-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3669c67-6665-11d9-822a-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3669c67-6665-11d9-822a-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3669c67-6665-11d9-822a-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3669c67-6665-11d9-822a-806d6172696f}\ not found. File H:\autoplay.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a99bd6a9-3d7f-11d9-bd1c-806d6172696f}\ not found. File hh start.chm not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1151ac2-d22b-11df-b5d8-001109b2b078}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1151ac2-d22b-11df-b5d8-001109b2b078}\ not found. File M:\Get_Started_for_Win.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8e05e86-372d-11d9-bcc7-00038a000015}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8e05e86-372d-11d9-bcc7-00038a000015}\ not found. File H:\OEMBranding.exe not found. Folder C:\Dokumente und Einstellungen\**** ****\Lokale Einstellungen\Anwendungsdaten\{FE4AEA3E-02E6-4A1B-89C8-4D56F9CA2D34}\ not found. C:\WINDOWS\Kwezamew.dat moved successfully. C:\WINDOWS\Fcariyiy.bin moved successfully. C:\WINDOWS\‚¨‚Å‚ñ.INI moved successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF deleted successfully. ADS C:\WINDOWS:853D0B9701FA16D0 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1048AE9D deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C6EBC69 deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 81920 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 82054 bytes User: **** **** ->Temp folder emptied: 4702902149 bytes ->Temporary Internet Files folder emptied: 1130614446 bytes ->Java cache emptied: 266083 bytes ->FireFox cache emptied: 93396836 bytes ->Flash cache emptied: 2655 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 30989320 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 29796601 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 394783 bytes Windows Temp folder emptied: 8636251 bytes RecycleBin emptied: 7153 bytes Total Files Cleaned = 5.719,00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10102010_235801 Files\Folders moved on Reboot... File move failed. G:\Autorun.inf scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_298.dat moved successfully. Registry entries deleted on Reboot... |
11.10.2010, 09:34 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit auf PC und Internet Störungen. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Rootkit auf PC und Internet Störungen. |
100%, antivirus, avast!, bho, converter, desktop, excel, frage, google, helper, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, langsam, media center, mp3, object, pando media booster, plug-in, problem, rootkit, rundll, security, sehr langsam, softonic deutsch toolbar, software, störungen, system, system neu, windows, windows xp, wlan |