Bifrost_1.2.1.exe , hartnäckig die 2te

contrakt · 07.01.2011, 04:21

Guten morgen,
ich bin neu hier im forum und hab mich direkt mal bisschen durchgelesen
betreffend meines problems
aber leider keine lösung gefunden die ich selber hinkrieg.
und zwar geht es darum das mein cousin an meinem rechner war
und sich dieses video angesehen hat und wollte es wohl nachmachen

ww*.youtube.com/user/anubismacht#p/u/7/bGj7cJwvNts

so schlau wie er ist hat er direkt den link in der beschreibung benutzt um sich das prog zu ziehen.
der link :

ww*.xup.in/dl,90423945/Bifrost_1.2.1.exe/

hat es dann wie gesagt geloaded und "gestartet"
naja darauf hin nach nem neustart ging nix mehr
kein taskmgr , kann keine regedit ausführen usw.
und bräuchte jetzt hilfe den mist wieder loszuwerden.
hoffe bin hier richtig und krieg schnelle antwort.
danke schonma im vorraus.
und sorry für fehler etc. und wenn ich falsch gepostet hab ><

cosinus · 07.01.2011, 20:58

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

contrakt · 11.01.2011, 18:43

ok danke schonma =]
werd das jetzt die tage machen
hatte leider keine zeit bis jetzt
wegen schule ^^
aber ihc machs heute oder morgen danke =]

contrakt · 17.01.2011, 14:03

soo hier schonma otl
malware mach ihc gleich ^^

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.01.2011 04:37:56 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Dokumente und Einstellungen\contrakt\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 127,99 Gb Total Space | 16,48 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
 
Computer Name: SELIM | User Name: contrakt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\contrakt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\winfiles.exe ()
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\contrakt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_dbc0250.dll ()
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (pccsmcfd) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (kwflower) -- C:\WINDOWS\System32\DRIVERS\kwflower.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (cpuz132) -- C:\DOKUME~1\contrakt\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (SSHDRV85) -- C:\WINDOWS\system32\drivers\SSHDRV85.sys ()
DRV - (kvpndev) -- C:\WINDOWS\system32\drivers\kvpndrv.sys (Kerio Technologies Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AF15BDA) -- C:\WINDOWS\system32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (naecd) -- C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Temp\naecd.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Bing:
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-682003330-706699826-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-682003330-706699826-839522115-1004\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-682003330-706699826-839522115-1004\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll File not found
IE - HKU\S-1-5-21-682003330-706699826-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.battlefieldheroes.com/playnow"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.04 16:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.22 21:25:03 | 000,000,000 | ---D | M]
 
[2009.12.22 13:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Extensions
[2010.12.06 19:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Firefox\Profiles\r8rpiba4.default\extensions
[2010.12.06 19:47:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Firefox\Profiles\r8rpiba4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.04 11:24:44 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Firefox\Profiles\r8rpiba4.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.06 19:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.22 21:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009.09.29 12:13:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.02.25 22:35:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.25 22:35:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.25 22:35:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.25 22:35:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.25 22:35:57 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.18 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HKLM] C:\directory\CyberGate\install\server.exe ()
O4 - HKLM..\Run: [IRReceive] C:\Programme\IRReceive\IRReceive.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-682003330-706699826-839522115-1004..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-682003330-706699826-839522115-1004..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-682003330-706699826-839522115-1004..\Run: [HKCU] C:\directory\CyberGate\install\server.exe ()
O4 - HKU\S-1-5-21-682003330-706699826-839522115-1004..\Run: [Steam] c:\programme\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-682003330-706699826-839522115-1004..\Run: [Yahoo Messengger] C:\WINDOWS\system32\winfiles.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\contrakt\Startmenü\Programme\Autostart\Xfire.lnk = C:\Programme\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\directory\CyberGate\install\server.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-706699826-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-682003330-706699826-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\directory\CyberGate\install\server.exe ()
O7 - HKU\S-1-5-21-682003330-706699826-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-682003330-706699826-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223058224483 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (winfiles.exe) - C:\WINDOWS\System32\winfiles.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.03 18:02:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d1387f6-947d-11dd-9373-0011432c9c0d}\Shell\AutoRun\command - "" = bar311.exe %1
O33 - MountPoints2\{1d1387f6-947d-11dd-9373-0011432c9c0d}\Shell\Explore\command - "" = bar311.exe %1
O33 - MountPoints2\{1d1387f6-947d-11dd-9373-0011432c9c0d}\Shell\Open\command - "" = bar311.exe %1
O33 - MountPoints2\{23db37ef-56d8-11de-94a9-0011432c9c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{23db37ef-56d8-11de-94a9-0011432c9c0d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23db37ef-56d8-11de-94a9-0011432c9c0d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{74a7fee1-916d-11dd-9366-e6ef83570792}\Shell - "" = AutoRun
O33 - MountPoints2\{74a7fee1-916d-11dd-9366-e6ef83570792}\Shell\Auto\command - "" = winamp6_full_emusic.exe
O33 - MountPoints2\{74a7fee1-916d-11dd-9366-e6ef83570792}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac193d86-c6fd-11dd-93ce-0011432c9c0d}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe -- File not found
O33 - MountPoints2\{ac193d86-c6fd-11dd-93ce-0011432c9c0d}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe -- File not found
O33 - MountPoints2\{dba76274-a782-11dd-9399-0011432c9c0d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dba76274-a782-11dd-9399-0011432c9c0d}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.07 04:00:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\contrakt\Desktop\OTL.exe
[2011.01.07 02:51:28 | 000,000,000 | ---D | C] -- C:\directory
[2011.01.07 02:45:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.04 16:02:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Eigene Dateien\Ac0ntr4kt
[2011.01.02 21:26:39 | 000,000,000 | ---D | C] -- C:\Programme\JoWooD
[2011.01.02 20:48:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Anwendungsdaten\Oblivion
[2010.12.30 18:56:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Eigene Dateien\NFS Carbon
[2010.12.30 18:47:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts
[2010.12.30 18:39:53 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts
[2010.12.30 10:04:51 | 000,000,000 | ---D | C] -- C:\Programme\EACOM
[2010.12.30 05:15:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Eigene Dateien\Ascaron Entertainment
[2010.12.30 04:50:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\EA GAMES
[2010.12.30 04:22:50 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES
[2010.12.30 03:23:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Anwendungsdaten\NFS Underground 2
[2010.12.20 20:57:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Eigene Dateien\My Games
[2010.12.20 20:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Watson
[2010.12.16 01:28:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010.12.16 01:22:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010.12.14 23:14:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Desktop\covers
[2010.12.08 15:44:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Games
[2010.12.08 15:37:23 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.07 03:59:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\contrakt\Desktop\OTL.exe
[2011.01.07 03:57:43 | 000,000,103 | RHS- | M] () -- C:\WINDOWS\System32\autorun.ini
[2011.01.07 03:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.07 03:23:59 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskmgr.exe
[2011.01.07 02:37:33 | 000,000,103 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\autorun.inf
[2011.01.07 02:36:52 | 000,578,748 | RHS- | M] () -- C:\WINDOWS\winfiles.exe
[2011.01.07 02:36:52 | 000,578,748 | RHS- | M] () -- C:\WINDOWS\System32\winfiles.exe
[2011.01.07 02:36:52 | 000,578,748 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\winfiles.exe
[2011.01.05 17:42:38 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.02 23:56:32 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010.12.30 18:47:51 | 000,000,058 | ---- | M] () -- C:\WINDOWS\nfsc_patch.ini
[2010.12.19 16:08:41 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2010.12.16 03:26:26 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.12.16 03:23:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.07 02:39:31 | 000,578,748 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\winfiles.exe
[2011.01.07 02:39:31 | 000,000,103 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\autorun.inf
[2011.01.07 02:37:04 | 000,000,103 | RHS- | C] () -- C:\WINDOWS\System32\autorun.ini
[2011.01.07 02:37:03 | 000,578,748 | RHS- | C] () -- C:\WINDOWS\winfiles.exe
[2011.01.07 02:37:03 | 000,578,748 | RHS- | C] () -- C:\WINDOWS\System32\winfiles.exe
[2011.01.02 23:56:32 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010.12.30 18:47:51 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.03.16 20:34:07 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2010.03.08 02:37:49 | 000,015,412 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll
[2010.01.12 16:29:43 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.01.06 20:38:41 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.01.06 20:38:41 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.01.06 20:38:29 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\$_hpcst$.hpc
[2009.12.22 13:42:01 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\PnkBstrK.sys
[2009.12.22 12:10:29 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.12.22 12:10:29 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.12.22 12:10:29 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.05.09 09:54:49 | 000,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.04.29 20:13:30 | 000,138,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.04.23 19:33:54 | 000,000,190 | ---- | C] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\AVSDVDPlayer.m3u
[2009.04.23 19:31:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.23 19:31:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.12.28 20:39:30 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2008.12.28 20:39:30 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\02E04082C1.sys
[2008.12.24 12:03:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL
[2008.12.16 14:40:59 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.12.01 19:12:35 | 000,001,700 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008.12.01 19:11:27 | 000,000,445 | ---- | C] () -- C:\WINDOWS\MUMA.INI
[2008.12.01 19:11:27 | 000,000,217 | ---- | C] () -- C:\WINDOWS\MAGIXCLK.INI
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.10.05 17:08:39 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV85.sys
[2008.10.03 18:54:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.10.03 18:47:54 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.16 01:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.09.01 20:08:38 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80_1.2.3.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2010.11.14 20:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2009.07.15 15:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008.10.04 21:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2010.12.08 21:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS
[2010.04.09 16:59:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2010.01.06 20:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.07.15 20:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2010.11.04 23:58:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\.#
[2008.12.16 14:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DAEMON Tools
[2010.11.15 15:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DAEMON Tools Lite
[2008.12.16 14:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DAEMON Tools Pro
[2010.02.17 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\FFSJ
[2010.01.19 13:19:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\GameRanger
[2010.12.30 21:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\ICQ
[2009.12.21 13:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Juce VST Host
[2009.10.25 22:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Leadertech
[2008.10.28 19:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\OpenOffice.org
[2008.10.03 18:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Opera
[2010.01.06 20:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\PC Suite
[2010.01.06 20:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Samsung
[2010.11.14 21:37:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\temp
[2010.04.05 17:53:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\TS3Client
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.04 23:58:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\.#
[2008.12.21 15:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Adobe
[2009.04.26 13:03:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\ArcSoft
[2010.04.09 17:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\ATI
[2008.12.28 20:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Corel
[2008.12.16 14:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DAEMON Tools
[2010.11.15 15:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DAEMON Tools Lite
[2008.12.16 14:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DAEMON Tools Pro
[2008.10.07 15:55:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DivX
[2010.02.17 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\FFSJ
[2010.01.19 13:19:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\GameRanger
[2009.03.19 21:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Help
[2010.12.30 21:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\ICQ
[2008.10.03 18:05:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Identities
[2009.12.21 13:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Juce VST Host
[2009.10.25 22:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Leadertech
[2008.10.03 19:15:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Macromedia
[2009.12.21 13:00:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Microsoft
[2009.12.22 13:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla
[2008.10.28 19:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\OpenOffice.org
[2008.10.03 18:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Opera
[2010.01.06 20:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\PC Suite
[2010.04.07 17:55:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Real
[2010.01.06 20:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Samsung
[2009.01.27 21:33:29 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\SecuROM
[2008.10.28 19:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Sun
[2010.04.25 16:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\teamspeak2
[2010.11.14 21:37:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\temp
[2010.04.05 17:53:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\TS3Client
[2011.01.07 04:25:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3
[2010.12.27 20:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\vlc
[2011.01.06 16:38:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Winamp
[2008.10.04 12:21:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\WinRAR
[2011.01.07 03:58:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Xfire
 
< %APPDATA%\*.exe /s >
[2010.12.10 21:56:50 | 001,248,992 | ---- | M] (GameRanger Technologies) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\GameRanger\GameRanger\GameRanger.exe
[2010.02.26 12:00:30 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Firefox\Profiles\r8rpiba4.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2010.01.06 20:46:54 | 002,392,064 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.10.03 19:27:23 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.10.03 19:27:23 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2008.03.08 02:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-9_xp32_dd_ccc_wdm_enu_68898\SBDrv\RAID7xx\x86\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2008.10.03 19:27:23 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.03 19:27:23 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 08:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 08:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 08:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 08:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 08:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 08:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 08:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.14 20:34:40 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.10.03 19:53:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.10.03 19:53:03 | 000,610,304 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.10.03 19:53:03 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.11 05:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\taskmgr.exe:SummaryInformation

< End of report >

--- --- ---

contrakt · 17.01.2011, 14:04

so jetzt noch das "extra"

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.01.2011 04:25:46 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Dokumente und Einstellungen\contrakt\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 127,99 Gb Total Space | 16,48 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
 
Computer Name: SELIM | User Name: contrakt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-682003330-706699826-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Xfire\xfire.exe" = C:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Programme\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Programme\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Ascaron Entertainment\Sacred Underworld\sacred.exe" = C:\Programme\Ascaron Entertainment\Sacred Underworld\sacred.exe:*:Enabled:Sacred -- File not found
"C:\Programme\Ascaron Entertainment\Sacred Underworld\gameserver.exe" = C:\Programme\Ascaron Entertainment\Sacred Underworld\gameserver.exe:*:Enabled:Sacred Gameserver -- File not found
"C:\Programme\Corel\DVD9\WinDVD.exe" = C:\Programme\Corel\DVD9\WinDVD.exe:*:Enabled:WinDVD -- (Corel Corporation)
"C:\Programme\Bethesda Softworks\Fallout 3\Fallout3ng.exe" = C:\Programme\Bethesda Softworks\Fallout 3\Fallout3ng.exe:*:Enabled:Fallout3 -- File not found
"C:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe" = C:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server -- (Ascaron Entertainment GmbH)
"C:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe" = C:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2 -- (Ascaron Entertainment GmbH)
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found
"C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat" = C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:*:Enabled:Der Herr der Ringe™, Aufstieg des Hexenkönigs™ -- File not found
"C:\Dateien\Spiele\left 4 dead\left4dead.exe" = C:\Dateien\Spiele\left 4 dead\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Dateien\Spiele\left 4 dead\hl2.exe" = C:\Dateien\Spiele\left 4 dead\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Programme\Softnyx\RakionIS\Bin\rakion.bin" = C:\Programme\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion -- File not found
"C:\Programme\Softnyx\WolfTeam\Wolfteam.bin" = C:\Programme\Softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- File not found
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms EU\NMService.exe" = C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Dokumente und Einstellungen\contrakt\Desktop\cs2d_0101\CounterStrike2D.exe" = C:\Dokumente und Einstellungen\contrakt\Desktop\cs2d_0101\CounterStrike2D.exe:*:Enabled:CounterStrike2D -- File not found
"C:\Dokumente und Einstellungen\contrakt\Desktop\miniracer\MiniRacer\engine.exe" = C:\Dokumente und Einstellungen\contrakt\Desktop\miniracer\MiniRacer\engine.exe:*:Enabled:engine -- File not found
"C:\Dokumente und Einstellungen\contrakt\Desktop\nexuiz-20\nexuiz-20\Nexuiz\nexuiz.exe" = C:\Dokumente und Einstellungen\contrakt\Desktop\nexuiz-20\nexuiz-20\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz -- File not found
"C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\GameRanger\GameRanger\GameRanger.exe" = C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)
"C:\Dateien\Spiele\cs2d_0101\CounterStrike2D.exe" = C:\Dateien\Spiele\cs2d_0101\CounterStrike2D.exe:*:Enabled:CounterStrike2D -- File not found
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Valve\hl.exe" = C:\Programme\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\UT2004\System\UT2004.exe" = C:\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\Programme\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Programme\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Programme\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Programme\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Programme\Steam\steamapps\cagatayboy\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\cagatayboy\counter-strike\hl.exe:*:Enabled:Counter-Strike -- File not found
"C:\Programme\Steam\steamapps\contraktkiller666\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\contraktkiller666\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Programme\Alaplaya\LOCO\System\LOCO.exe" = C:\Programme\Alaplaya\LOCO\System\LOCO.exe:*:Enabled:LOCO -- File not found
"C:\AeriaGames\Rohan\rohanclient.exe" = C:\AeriaGames\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game -- File not found
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- File not found
"C:\Nexon\Vindictus\en-US\NMService.exe" = C:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Programme\Microsoft Games\Age of Mythology\aom.exe" = C:\Programme\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology -- (Ensemble Studios)
"C:\Dateien\Sonstige\left 4 dead\left4dead.exe" = C:\Dateien\Sonstige\left 4 dead\left4dead.exe:*:Enabled:left4dead -- ()
"C:\Programme\Microsoft Games\Age of Mythology\aomx.exe" = C:\Programme\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Programme\EA GAMES\Need for Speed Underground 2\speed2.exe" = C:\Programme\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2 -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E460998-5C2C-4ACF-A9AA-3629BD9C06C2}" = Samsung PC Studio
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 22
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{38AD6EA4-BBC1-4A95-B792-9950D48E2171}" = Kerio Visual C++ 2005 redistributable permanent package
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97B78FAE-5E46-4E56-9B25-37862F5EC568}" = IRReceive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"ClassicPro" = ClassicPro© v1.14
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{97B78FAE-5E46-4E56-9B25-37862F5EC568}" = IRReceive
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"PunkBusterSvc" = PunkBuster Services
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2004" = Unreal Tournament 2004
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-682003330-706699826-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2011 21:58:21 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 06.01.2011 21:58:21 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 06.01.2011 21:58:21 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 06.01.2011 22:57:46 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 06.01.2011 22:57:46 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 06.01.2011 22:57:46 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 06.01.2011 22:57:47 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 06.01.2011 23:23:48 | Computer Name = SELIM | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.20.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.01.2011 23:24:58 | Computer Name = SELIM | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.20.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.01.2011 23:25:16 | Computer Name = SELIM | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.20.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 06.01.2011 21:49:49 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 06.01.2011 21:49:49 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 06.01.2011 21:49:49 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 06.01.2011 21:49:49 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 06.01.2011 21:49:49 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 06.01.2011 21:49:49 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 06.01.2011 21:49:49 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 06.01.2011 21:49:49 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 06.01.2011 23:28:47 | Computer Name = SELIM | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 06.01.2011 23:28:47 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
 
< End of report >

--- --- ---

contrakt · 17.01.2011, 14:05

hoffe ihr könnt damit schonma was anfangen ><

cosinus · 17.01.2011, 14:42

Und die Logs von Malwarebytes?

contrakt · 18.01.2011, 14:53

ich werd wohl erst freitag schaffen die malware logs zu posten ><
hab leider von heute (in 5min) an keine inet mehr bis freitag.
und leider hab ich es noch nicht geschafftden scan laufen zu lassen.
sry ich werds freitag direkt posten!

contrakt · 26.01.2011, 17:47

so noch ma aktualiesierte otl

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.01.2011 16:11:20 - Run 2
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Dokumente und Einstellungen\contrakt\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 127,99 Gb Total Space | 14,77 Gb Free Space | 11,54% Space Free | Partition Type: NTFS
Drive K: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 7,46 Gb Total Space | 5,61 Gb Free Space | 75,16% Space Free | Partition Type: FAT32
 
Computer Name: SELIM | User Name: contrakt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\WINDOWS\winnt.exe ()
PRC - C:\Dokumente und Einstellungen\contrakt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\winfiles.exe ()
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\contrakt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_dbc0250.dll ()
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (pccsmcfd) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (kwflower) -- C:\WINDOWS\System32\DRIVERS\kwflower.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (cpuz132) -- C:\DOKUME~1\contrakt\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (SSHDRV85) -- C:\WINDOWS\system32\drivers\SSHDRV85.sys ()
DRV - (kvpndev) -- C:\WINDOWS\system32\drivers\kvpndrv.sys (Kerio Technologies Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AF15BDA) -- C:\WINDOWS\system32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (naecd) -- C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Temp\naecd.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.live.com/sphome.aspx
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.live.com
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.battlefieldheroes.com/playnow"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.04 16:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.22 21:25:03 | 000,000,000 | ---D | M]
 
[2009.12.22 13:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Extensions
[2010.12.06 19:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Firefox\Profiles\r8rpiba4.default\extensions
[2010.12.06 19:47:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Firefox\Profiles\r8rpiba4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.04 11:24:44 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Firefox\Profiles\r8rpiba4.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.06 19:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.22 21:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009.09.29 12:13:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.02.25 22:35:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.25 22:35:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.25 22:35:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.25 22:35:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.25 22:35:57 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.18 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HKLM] C:\directory\CyberGate\install\server.exe ()
O4 - HKLM..\Run: [IRReceive] C:\Programme\IRReceive\IRReceive.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HKCU] C:\directory\CyberGate\install\server.exe ()
O4 - HKCU..\Run: [Steam] c:\programme\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Yahoo Messengger] C:\WINDOWS\system32\winfiles.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\contrakt\Startmenü\Programme\Autostart\Xfire.lnk = C:\Programme\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\directory\CyberGate\install\server.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\directory\CyberGate\install\server.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223058224483 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (winfiles.exe) - C:\WINDOWS\System32\winfiles.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.03 18:02:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d1387f6-947d-11dd-9373-0011432c9c0d}\Shell\AutoRun\command - "" = bar311.exe %1
O33 - MountPoints2\{1d1387f6-947d-11dd-9373-0011432c9c0d}\Shell\Explore\command - "" = bar311.exe %1
O33 - MountPoints2\{1d1387f6-947d-11dd-9373-0011432c9c0d}\Shell\Open\command - "" = bar311.exe %1
O33 - MountPoints2\{74a7fee1-916d-11dd-9366-e6ef83570792}\Shell - "" = AutoRun
O33 - MountPoints2\{74a7fee1-916d-11dd-9366-e6ef83570792}\Shell\Auto\command - "" = winamp6_full_emusic.exe
O33 - MountPoints2\{74a7fee1-916d-11dd-9366-e6ef83570792}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac193d86-c6fd-11dd-93ce-0011432c9c0d}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe -- File not found
O33 - MountPoints2\{ac193d86-c6fd-11dd-93ce-0011432c9c0d}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe -- File not found
O33 - MountPoints2\{dba76274-a782-11dd-9399-0011432c9c0d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dba76274-a782-11dd-9399-0011432c9c0d}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {UU71WAGP-2L57-A506-TB4T-5SC61S5L4084} - C:\directory\CyberGate\install\server.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Unable to start service SrService!
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.18 16:34:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Inkscape
[2011.01.16 20:42:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Tracing
[2011.01.16 04:15:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Desktop\Children of Cybertron
[2011.01.16 03:21:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Bethesda Softworks
[2011.01.16 01:24:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Desktop\oblivion
[2011.01.14 20:58:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Anwendungsdaten\Risen
[2011.01.14 20:58:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Eigene Dateien\Risen
[2011.01.14 20:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
[2011.01.14 20:56:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2011.01.14 20:53:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Risen
[2011.01.14 20:21:47 | 000,000,000 | ---D | C] -- C:\Programme\Deep Silver
[2011.01.11 19:08:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\InstallShield Installation Information
[2011.01.07 04:00:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\contrakt\Desktop\OTL.exe
[2011.01.07 02:51:28 | 000,000,000 | ---D | C] -- C:\directory
[2011.01.02 20:48:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Anwendungsdaten\Oblivion
[2010.12.30 18:56:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Eigene Dateien\NFS Carbon
[2010.12.30 18:47:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts
[2010.12.30 18:39:53 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts
[2010.12.30 10:04:51 | 000,000,000 | ---D | C] -- C:\Programme\EACOM
[2010.12.30 05:15:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Eigene Dateien\Ascaron Entertainment
[2010.12.30 04:50:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\EA GAMES
[2010.12.30 04:22:50 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES
[2010.12.30 03:23:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\contrakt\Lokale Einstellungen\Anwendungsdaten\NFS Underground 2
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.26 16:09:49 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2011.01.26 15:22:24 | 000,000,103 | RHS- | M] () -- C:\WINDOWS\System32\autorun.ini
[2011.01.26 15:21:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.23 16:53:56 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.21 13:53:52 | 000,281,088 | ---- | M] () -- C:\WINDOWS\winnt.exe
[2011.01.16 06:41:46 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\contrakt\Desktop\OblivionLauncher.lnk
[2011.01.16 03:35:48 | 000,000,833 | ---- | M] () -- C:\Dokumente und Einstellungen\contrakt\Desktop\Oblivion.lnk
[2011.01.14 20:56:47 | 000,281,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011.01.14 20:56:47 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011.01.14 20:53:33 | 000,001,692 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Risen.lnk
[2011.01.12 16:16:08 | 000,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.01.07 03:59:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\contrakt\Desktop\OTL.exe
[2011.01.07 03:23:59 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskmgr.exe
[2011.01.07 02:37:33 | 000,000,103 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\autorun.inf
[2011.01.07 02:36:52 | 000,578,748 | RHS- | M] () -- C:\WINDOWS\winfiles.exe
[2011.01.07 02:36:52 | 000,578,748 | RHS- | M] () -- C:\WINDOWS\System32\winfiles.exe
[2011.01.07 02:36:52 | 000,578,748 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\winfiles.exe
[2011.01.02 23:56:32 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010.12.30 18:47:51 | 000,000,058 | ---- | M] () -- C:\WINDOWS\nfsc_patch.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.16 06:41:46 | 000,000,873 | ---- | C] () -- C:\Dokumente und Einstellungen\contrakt\Desktop\OblivionLauncher.lnk
[2011.01.16 03:42:56 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011.01.16 03:35:48 | 000,000,833 | ---- | C] () -- C:\Dokumente und Einstellungen\contrakt\Desktop\Oblivion.lnk
[2011.01.14 20:56:47 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011.01.14 20:56:47 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011.01.14 20:53:33 | 000,001,692 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Risen.lnk
[2011.01.07 02:39:31 | 000,578,748 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\winfiles.exe
[2011.01.07 02:39:31 | 000,000,103 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\autorun.inf
[2011.01.07 02:37:04 | 000,000,103 | RHS- | C] () -- C:\WINDOWS\System32\autorun.ini
[2011.01.07 02:37:03 | 000,578,748 | RHS- | C] () -- C:\WINDOWS\winfiles.exe
[2011.01.07 02:37:03 | 000,578,748 | RHS- | C] () -- C:\WINDOWS\System32\winfiles.exe
[2011.01.02 23:56:32 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010.12.30 18:47:51 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.03.16 20:34:07 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2010.03.08 02:37:49 | 000,015,412 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll
[2010.01.12 16:29:43 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.01.06 20:38:41 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.01.06 20:38:41 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.01.06 20:38:29 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\$_hpcst$.hpc
[2009.12.22 13:42:01 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\PnkBstrK.sys
[2009.12.22 12:10:29 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.12.22 12:10:29 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.12.22 12:10:29 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.05.09 09:54:49 | 000,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.04.29 20:13:30 | 000,138,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.04.23 19:33:54 | 000,000,190 | ---- | C] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\AVSDVDPlayer.m3u
[2009.04.23 19:31:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.23 19:31:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.12.28 20:39:30 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2008.12.28 20:39:30 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\02E04082C1.sys
[2008.12.24 12:03:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL
[2008.12.16 14:40:59 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.12.01 19:12:35 | 000,001,700 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008.12.01 19:11:27 | 000,000,445 | ---- | C] () -- C:\WINDOWS\MUMA.INI
[2008.12.01 19:11:27 | 000,000,217 | ---- | C] () -- C:\WINDOWS\MAGIXCLK.INI
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.10.05 17:08:39 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV85.sys
[2008.10.03 18:54:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.10.03 18:47:54 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.16 01:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.09.01 20:08:38 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80_1.2.3.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.04 23:58:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\.#
[2008.12.21 15:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Adobe
[2009.04.26 13:03:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\ArcSoft
[2010.04.09 17:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\ATI
[2008.12.28 20:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Corel
[2008.12.16 14:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DAEMON Tools
[2010.11.15 15:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DAEMON Tools Lite
[2008.12.16 14:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DAEMON Tools Pro
[2008.10.07 15:55:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\DivX
[2010.02.17 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\FFSJ
[2010.01.19 13:19:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\GameRanger
[2009.03.19 21:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Help
[2010.12.30 21:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\ICQ
[2008.10.03 18:05:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Identities
[2011.01.18 16:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Inkscape
[2006.03.07 17:41:39 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\install
[2011.01.11 19:08:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\InstallShield Installation Information
[2009.12.21 13:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Juce VST Host
[2009.10.25 22:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Leadertech
[2008.10.03 19:15:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Macromedia
[2009.12.21 13:00:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Microsoft
[2009.12.22 13:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla
[2008.10.28 19:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\OpenOffice.org
[2008.10.03 18:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Opera
[2010.01.06 20:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\PC Suite
[2010.04.07 17:55:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Real
[2010.01.06 20:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Samsung
[2009.01.27 21:33:29 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\SecuROM
[2008.10.28 19:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Sun
[2010.04.25 16:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\teamspeak2
[2010.11.14 21:37:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\temp
[2010.04.05 17:53:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\TS3Client
[2011.01.26 16:13:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3
[2010.12.27 20:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\vlc
[2011.01.23 18:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Winamp
[2008.10.04 12:21:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\WinRAR
[2011.01.26 15:25:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Xfire
 
< %APPDATA%\*.exe /s >
[2010.12.10 21:56:50 | 001,248,992 | ---- | M] (GameRanger Technologies) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\GameRanger\GameRanger\GameRanger.exe
[2006.02.05 07:47:18 | 000,281,088 | RHS- | M] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\install\server.exe
[2010.02.26 12:00:30 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Mozilla\Firefox\Profiles\r8rpiba4.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2010.01.06 20:46:54 | 002,392,064 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3\290680054CD0C9AB\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3\290680054CD0C9AB\Launchpad Removal.exe
[2008.05.04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3\290680054CD0C9AB\LaunchPad.exe
[2007.10.23 09:44:48 | 000,054,584 | ---- | M] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3\290680054CD0C9AB\U3AccessGrant.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.10.03 19:27:23 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.10.03 19:27:23 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2008.03.08 02:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-9_xp32_dd_ccc_wdm_enu_68898\SBDrv\RAID7xx\x86\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2008.10.03 19:27:23 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.03 19:27:23 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 08:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 08:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 08:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 08:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 08:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 08:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 08:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.14 20:34:40 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.10.03 19:53:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.10.03 19:53:03 | 000,610,304 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.10.03 19:53:03 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.11 05:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\taskmgr.exe:SummaryInformation

< End of report >

--- --- ---

contrakt · 26.01.2011, 17:48

so die extra von otl

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.01.2011 16:11:27 - Run 2
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Dokumente und Einstellungen\contrakt\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 127,99 Gb Total Space | 14,77 Gb Free Space | 11,54% Space Free | Partition Type: NTFS
Drive K: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 7,46 Gb Total Space | 5,61 Gb Free Space | 75,16% Space Free | Partition Type: FAT32
 
Computer Name: SELIM | User Name: contrakt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Xfire\xfire.exe" = C:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Programme\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Programme\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Ascaron Entertainment\Sacred Underworld\sacred.exe" = C:\Programme\Ascaron Entertainment\Sacred Underworld\sacred.exe:*:Enabled:Sacred -- File not found
"C:\Programme\Ascaron Entertainment\Sacred Underworld\gameserver.exe" = C:\Programme\Ascaron Entertainment\Sacred Underworld\gameserver.exe:*:Enabled:Sacred Gameserver -- File not found
"C:\Programme\Corel\DVD9\WinDVD.exe" = C:\Programme\Corel\DVD9\WinDVD.exe:*:Enabled:WinDVD -- (Corel Corporation)
"C:\Programme\Bethesda Softworks\Fallout 3\Fallout3ng.exe" = C:\Programme\Bethesda Softworks\Fallout 3\Fallout3ng.exe:*:Enabled:Fallout3 -- File not found
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found
"C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat" = C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:*:Enabled:Der Herr der Ringe™, Aufstieg des Hexenkönigs™ -- File not found
"C:\Dateien\Spiele\left 4 dead\left4dead.exe" = C:\Dateien\Spiele\left 4 dead\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Dateien\Spiele\left 4 dead\hl2.exe" = C:\Dateien\Spiele\left 4 dead\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Programme\Softnyx\RakionIS\Bin\rakion.bin" = C:\Programme\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion -- File not found
"C:\Programme\Softnyx\WolfTeam\Wolfteam.bin" = C:\Programme\Softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- File not found
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms EU\NMService.exe" = C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Dokumente und Einstellungen\contrakt\Desktop\cs2d_0101\CounterStrike2D.exe" = C:\Dokumente und Einstellungen\contrakt\Desktop\cs2d_0101\CounterStrike2D.exe:*:Enabled:CounterStrike2D -- File not found
"C:\Dokumente und Einstellungen\contrakt\Desktop\miniracer\MiniRacer\engine.exe" = C:\Dokumente und Einstellungen\contrakt\Desktop\miniracer\MiniRacer\engine.exe:*:Enabled:engine -- File not found
"C:\Dokumente und Einstellungen\contrakt\Desktop\nexuiz-20\nexuiz-20\Nexuiz\nexuiz.exe" = C:\Dokumente und Einstellungen\contrakt\Desktop\nexuiz-20\nexuiz-20\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz -- File not found
"C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\GameRanger\GameRanger\GameRanger.exe" = C:\Dokumente und Einstellungen\contrakt\Anwendungsdaten\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)
"C:\Dateien\Spiele\cs2d_0101\CounterStrike2D.exe" = C:\Dateien\Spiele\cs2d_0101\CounterStrike2D.exe:*:Enabled:CounterStrike2D -- File not found
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Valve\hl.exe" = C:\Programme\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\UT2004\System\UT2004.exe" = C:\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\Programme\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Programme\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Programme\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Programme\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Programme\Steam\steamapps\cagatayboy\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\cagatayboy\counter-strike\hl.exe:*:Enabled:Counter-Strike -- File not found
"C:\Programme\Steam\steamapps\contraktkiller666\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\contraktkiller666\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Programme\Alaplaya\LOCO\System\LOCO.exe" = C:\Programme\Alaplaya\LOCO\System\LOCO.exe:*:Enabled:LOCO -- File not found
"C:\AeriaGames\Rohan\rohanclient.exe" = C:\AeriaGames\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game -- File not found
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- File not found
"C:\Nexon\Vindictus\en-US\NMService.exe" = C:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Programme\Microsoft Games\Age of Mythology\aom.exe" = C:\Programme\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology -- (Ensemble Studios)
"C:\Dateien\Sonstige\left 4 dead\left4dead.exe" = C:\Dateien\Sonstige\left 4 dead\left4dead.exe:*:Enabled:left4dead -- ()
"C:\Programme\Microsoft Games\Age of Mythology\aomx.exe" = C:\Programme\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Programme\EA GAMES\Need for Speed Underground 2\speed2.exe" = C:\Programme\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2 -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E460998-5C2C-4ACF-A9AA-3629BD9C06C2}" = Samsung PC Studio
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 22
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{38AD6EA4-BBC1-4A95-B792-9950D48E2171}" = Kerio Visual C++ 2005 redistributable permanent package
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97B78FAE-5E46-4E56-9B25-37862F5EC568}" = IRReceive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"ClassicPro" = ClassicPro© v1.14
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{97B78FAE-5E46-4E56-9B25-37862F5EC568}" = IRReceive
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"PunkBusterSvc" = PunkBuster Services
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2004" = Unreal Tournament 2004
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.01.2011 11:33:37 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 25.01.2011 14:36:00 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 25.01.2011 14:36:00 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 25.01.2011 14:36:02 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 25.01.2011 14:36:02 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 25.01.2011 16:13:33 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nfsc.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul nfsc.exe, Version 0.0.0.0, Fehleradresse 0x0029d0b1.
 
Error - 26.01.2011 10:22:34 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 26.01.2011 10:22:34 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 26.01.2011 10:22:35 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 26.01.2011 10:22:35 | Computer Name = SELIM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 11.0.1156.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
[ System Events ]
Error - 25.01.2011 10:13:35 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 25.01.2011 10:32:44 | Computer Name = SELIM | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
Error - 25.01.2011 11:32:20 | Computer Name = SELIM | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 25.01.2011 11:32:20 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 25.01.2011 14:35:25 | Computer Name = SELIM | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 25.01.2011 14:35:25 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 26.01.2011 10:21:47 | Computer Name = SELIM | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 26.01.2011 10:21:47 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 26.01.2011 11:13:32 | Computer Name = SELIM | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 26.01.2011 11:13:32 | Computer Name = SELIM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
 
< End of report >

--- --- ---

contrakt · 26.01.2011, 17:49

so Malwarebytes logs

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

26.01.2011 17:38:23
mbam-log-2011-01-26 (17-38-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 264041
Laufzeit: 1 Stunde(n), 10 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 2
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\WINDOWS\system32\winfiles.exe (Backdoor.Bot) -> 244 -> No action taken.
c:\WINDOWS\system32\winfiles.exe (Backdoor.Bot) -> 1672 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{UU71WAGP-2L57-A506-TB4T-5SC61S5L4084} (Worm.Rebhip) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{UU71WAGP-2L57-A506-TB4T-5SC61S5L4084} (Worm.Rebhip) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Worm.Rebhip) -> Value: HKLM -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Worm.Rebhip) -> Value: Policies -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Worm.Rebhip) -> Value: HKCU -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Worm.Rebhip) -> Value: Policies -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger (Backdoor.Bot) -> Value: Yahoo Messengger -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Bot) -> Bad: (winfiles.exe) Good: () -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe winfiles.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infizierte Verzeichnisse:
c:\directory\cybergate (Trojan.PWS) -> No action taken.
c:\directory\cybergate\install (Trojan.PWS) -> No action taken.

Infizierte Dateien:
c:\directory\cybergate\install\server.exe (Worm.Rebhip) -> No action taken.
c:\dokumente und einstellungen\contrakt\anwendungsdaten\install\server.exe (Worm.Rebhip) -> No action taken.
c:\WINDOWS\winnt.exe (Worm.Rebhip) -> No action taken.
c:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\winfiles.exe (Backdoor.Bot) -> No action taken.
c:\dokumente und einstellungen\contrakt\lokale einstellungen\Temp\xxxyyyzzz.dat (Malware.Trace) -> No action taken.
c:\WINDOWS\winfiles.exe (Backdoor.Bot) -> No action taken.

contrakt · 26.01.2011, 17:50

das letzte auch von MalB

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

26.01.2011 17:38:33
mbam-log-2011-01-26 (17-38-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 264041
Laufzeit: 1 Stunde(n), 10 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 2
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\WINDOWS\system32\winfiles.exe (Backdoor.Bot) -> 244 -> Failed to unload process.
c:\WINDOWS\system32\winfiles.exe (Backdoor.Bot) -> 1672 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{UU71WAGP-2L57-A506-TB4T-5SC61S5L4084} (Worm.Rebhip) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{UU71WAGP-2L57-A506-TB4T-5SC61S5L4084} (Worm.Rebhip) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Worm.Rebhip) -> Value: HKLM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Worm.Rebhip) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Worm.Rebhip) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Worm.Rebhip) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger (Backdoor.Bot) -> Value: Yahoo Messengger -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Bot) -> Bad: (winfiles.exe) Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe winfiles.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\directory\cybergate (Trojan.PWS) -> Quarantined and deleted successfully.
c:\directory\cybergate\install (Trojan.PWS) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\directory\cybergate\install\server.exe (Worm.Rebhip) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\contrakt\anwendungsdaten\install\server.exe (Worm.Rebhip) -> Quarantined and deleted successfully.
c:\WINDOWS\winnt.exe (Worm.Rebhip) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winfiles.exe (Backdoor.Bot) -> Delete on reboot.
c:\dokumente und einstellungen\contrakt\lokale einstellungen\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\winfiles.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

contrakt · 26.01.2011, 17:52

also nach dem ich mb laufen lassen hab
und hat der halt die ganzen infizierten daten gelöscht
und dann nen neustart gemacht
und so wies bis jetzt aussieht ist der trojaner weg.
taskmanager geht wieder
ausführen auch
also alles wieder beim alten.
kann ich darauf vertrauen ?

cosinus · 26.01.2011, 19:22

Zitat:

Datenbank Version: 5363

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.
Poste auch alle anderen Logs, die im Reiter Logdateien auftauchen.

contrakt · 26.01.2011, 19:36

hier der neue log

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5610

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

26.01.2011 19:32:50
mbam-log-2011-01-26 (19-32-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 268950
Laufzeit: 1 Stunde(n), 4 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

17.01.2011, 14:42	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bifrost_1.2.1.exe , hartnäckig die 2te Und die Logs von Malwarebytes? __________________ Logfiles bitte immer in CODE-Tags posten

Bifrost_1.2.1.exe , hartnäckig die 2te

Plagegeister aller Art und deren Bekämpfung: Bifrost_1.2.1.exe , hartnäckig die 2te