| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Brauche dringend Hilfe tr/kazy.mekml.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.04.2011, 00:11
| #1 |
 |  Brauche dringend Hilfe tr/kazy.mekml.1 Hallo zusammen, Ich muss am Mittwoch eine wichtige präsentationsarbeit abgeben und wie es das Schicksal so will hab ich jetzt den oben genannten Trojaner. Das Problem ist Firefox und ander Programme hängen sich dauernd auf =>keine Rückmeldung hab jetzt geschafft malewarebytes und otl runterzuladen... Wie soll ich weitervorgehen da ja oft dann keine Rückmeldung angezeigt wird und irgendwann der pc runter fährt... Ich hoffe auf eure Hilfe MfG hainz habe es endlich geschafft ohne abstürzen malewarebytes durchzuführen den quik scan versuche jetzt gleich den kompletten scan hier der log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6415 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 22.04.2011 09:34:58 mbam-log-2011-04-22 (09-34-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167124 Laufzeit: 7 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 2980 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. hier der log vom kompletten scan : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6417 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 22.04.2011 10:33:11 mbam-log-2011-04-22 (10-33-11).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|) Durchsuchte Objekte: 333753 Laufzeit: 51 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files (x86)\image-line\toxic biohazard\toxic biohazard.dll (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\Users\karl-heinz\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\OIJ38P3U\readme[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. log vom otl scan:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.04.2011 10:42:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Karl-Heinz\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,63 Gb Total Space | 384,45 Gb Free Space | 55,03% Space Free | Partition Type: NTFS Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirScheduler) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.03 10:51:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.03 10:51:31 | 000,000,000 | ---D | M] [2008.09.29 04:18:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Extensions [2011.04.03 10:24:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions [2009.09.27 17:01:06 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.03.25 23:48:29 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\moveplayer@movenetworks.com [2011.04.16 17:31:30 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-1.xml [2009.07.23 18:56:08 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-10.xml [2009.08.10 17:16:38 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-11.xml [2009.09.11 17:50:03 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-12.xml [2009.10.29 19:40:58 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-13.xml [2009.12.21 13:51:12 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-14.xml [2010.01.10 19:00:41 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-15.xml [2010.02.22 09:38:00 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-16.xml [2010.04.04 19:36:11 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-17.xml [2011.04.03 10:53:05 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-18.xml [2008.11.16 02:44:27 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-2.xml [2008.12.23 15:03:12 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-3.xml [2009.02.08 19:32:10 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-4.xml [2009.03.06 20:34:23 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-5.xml [2009.03.29 01:24:06 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-6.xml [2009.04.23 02:12:29 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-7.xml [2009.04.28 22:41:52 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-8.xml [2009.06.13 13:03:45 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-9.xml [2008.09.29 04:19:02 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin.xml [2011.04.03 10:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.07.14 19:52:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [WMPNSCFG] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Auto\command - "" = auto.exe O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Explore\command - "" = MS-DOS.com O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Open\command - "" = MS-DOS.com O33 - MountPoints2\{6eaa7920-a272-11dd-a4f1-0022150e595e}\Shell\AutoRun\command - "" = G:\setupSNK.exe O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell - "" = AutoRun O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 00:25:36 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\AppData\Roaming\Malwarebytes [2011.04.22 00:25:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.22 00:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.22 00:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.22 00:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.22 00:24:11 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 23:34:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe [2011.04.21 23:19:07 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.16 18:09:35 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\Documents\PU [2011.04.03 11:48:11 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\Desktop\Ger Best [2011.04.03 11:36:50 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\Desktop\Samples Nano Studio [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.22 10:42:07 | 001,635,848 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.22 10:42:07 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.22 10:42:07 | 000,655,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.22 10:42:07 | 000,157,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.22 10:42:07 | 000,128,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.22 10:40:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe [2011.04.22 10:36:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 10:36:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 10:36:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 00:25:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 00:24:13 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 23:21:43 | 000,000,120 | ---- | M] () -- C:\ProgramData\~43114248r [2011.04.21 23:21:43 | 000,000,104 | ---- | M] () -- C:\ProgramData\~43114248 [2011.04.21 23:19:11 | 000,000,583 | -H-- | M] () -- C:\Users\Karl-Heinz\Desktop\Windows Recovery.lnk [2011.04.21 23:19:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\43114248 [2011.04.21 23:18:54 | 000,487,424 | ---- | M] () -- C:\ProgramData\43114248.exe [2011.04.21 17:47:25 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job [2011.04.18 22:37:41 | 000,211,456 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.03 10:51:36 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.22 00:25:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 00:25:21 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.21 23:21:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~43114248r [2011.04.21 23:21:42 | 000,000,104 | ---- | C] () -- C:\ProgramData\~43114248 [2011.04.21 23:19:11 | 000,000,583 | -H-- | C] () -- C:\Users\Karl-Heinz\Desktop\Windows Recovery.lnk [2011.04.21 23:19:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\43114248 [2011.04.21 23:18:51 | 000,487,424 | ---- | C] () -- C:\ProgramData\43114248.exe [2011.04.03 10:51:36 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.02.26 15:17:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2008.11.21 17:57:41 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2008.10.25 12:33:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2008.10.03 20:10:01 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2008.09.29 14:56:15 | 000,000,098 | -H-- | C] () -- C:\Users\Karl-Heinz\AppData\Local\fusioncache.dat [2008.09.29 13:18:10 | 000,059,225 | ---- | C] () -- C:\Windows\War3Unin.dat [2008.09.29 12:15:20 | 001,524,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.09.29 12:13:46 | 000,189,672 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2008.09.29 12:13:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2008.09.29 12:13:43 | 000,070,968 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2008.09.29 06:26:50 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2008.09.29 06:26:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.09.29 05:47:55 | 000,211,456 | -H-- | C] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.29 04:18:33 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2008.09.29 04:18:32 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2008.09.29 04:18:31 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2008.09.29 04:18:31 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2008.09.29 04:10:46 | 000,032,124 | ---- | C] () -- C:\Windows\Ascd_log.ini [2008.09.29 04:10:30 | 000,031,749 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.09.29 04:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.29 02:39:43 | 000,000,732 | -H-- | C] () -- C:\Users\Karl-Heinz\AppData\Local\d3d9caps64.dat [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2008.08.21 03:36:01 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2008.11.07 16:48:55 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo [2008.10.03 20:12:17 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\concept design [2010.09.10 19:18:03 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\ICQ [2008.10.02 18:53:34 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Leadertech [2009.12.22 20:33:00 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2008.12.09 16:20:52 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Red Alert 3 Demo [2008.09.29 05:39:39 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\streamripper [2009.04.23 14:00:56 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\The Creative Assembly [2011.02.06 10:49:29 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\TuneUp Software [2009.06.26 16:48:34 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Ubisoft [2010.12.01 00:11:02 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\XMedia Recode [2011.04.22 10:35:22 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.21 17:47:25 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 10:42:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Karl-Heinz\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 384,45 Gb Free Space | 55,03% Space Free | Partition Type: NTFS
Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-688148533-2580855891-255624100-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4795CF89-B1B1-4173-9297-2F7426F9C0FE}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A418C75D-9024-4E11-A22A-A82D0211106C}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{B8EE4FB7-CAFE-4763-A247-994B7F5E20F9}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{DCF3D0DD-BCE2-4970-8878-5F029EC56562}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0013E-2429-4D68-BEFF-71520389FBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{038F9921-517D-4E7F-9270-1E1800D68EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{04CA754A-9611-4499-B457-053D170E70F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{05531DF7-36C8-4297-9F45-F20E48ED432B}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{0C833505-2D22-48E6-AD8A-9C49795BACEE}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{133CDE21-B4CE-46A5-B562-06AC274E9C73}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{1F376101-2553-4601-A65A-17361012CD43}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{27624122-CAAF-49ED-9296-D87B128F049B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A530776-EB40-4A19-A00F-8CFDF0B74D5E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3700E488-7A3C-4795-92F3-F42D27A41756}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{379D2A62-E84F-4A88-B1CA-F0A002CF006A}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{3CD4F43F-46BE-46CD-A7FD-CFF9DDE648BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{477C0F11-A013-4649-AF29-5B738BDAA89A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{48A2E67D-7A3F-49D9-833D-A51530AA8E24}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{4D036F3D-C6C1-47CA-8984-29875EFC016C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{54A31457-3265-4480-831E-00352B192AB4}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6413124A-0456-406E-B5EF-56192FD3060F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{656AE0FF-33AA-4D46-8BF4-8FDBFD247751}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{669C5421-3651-47DB-B8B0-61B033CB8A04}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{695C9B71-F7DC-430E-81F6-3B6771C0D673}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{6E054483-3B62-4AB0-A502-298D7E816485}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{727DA545-E96F-4385-A262-ACCD95B73D5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73B3122D-A601-4512-BA16-8E2DB78D456C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85DC83C9-0242-4CFE-9350-3B8D32FB0CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{86D38870-B961-4C92-94B7-BF214AE71346}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{8CC3B56B-2B07-4E91-AA8A-FF839213FE4F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{94B2E1E2-A059-4729-A9CB-42F8B2032F2B}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{96586A53-07C7-4F9A-A9C1-C6850DBB3DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{976BBA7F-D61A-4AB5-A0ED-755D6A049BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{9AA7A255-4839-4ECB-8933-C0432B69D230}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{A1DBE11F-92D5-4E32-96E8-A30B14ED272A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A3257C57-DFAB-4FED-94C1-16F5191BE43B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{AA0FF052-8097-4885-8BC4-482B0F313E09}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{AB0A58AD-A1B4-4E5C-AE95-1E697F26D39F}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"{AD1423C3-D89A-41D1-9985-D6C732AC766A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AD85B653-45BF-4243-B032-DD50C7A73E37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFB2AA8B-83ED-4B21-826A-EA7669A562DC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{B1B8CBB9-3721-4FCE-8B16-EAAF58D09AFD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B71296DC-3478-499B-9381-7377C9A59A99}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2D697E4-1995-4D37-837A-17F65361078A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{CD8942EF-9B37-4F9B-94CC-A33EFCE5E97C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D4A75635-713E-4197-8ED1-D9B93B6DE84A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA3F590E-DF19-4110-BA11-E091EB1272E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{E693E68B-0DB9-4327-9682-4DC264DEB520}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{E988D0F5-EB4A-4DF7-BD57-0BF6ADC76DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{EC3E2EA6-32A4-42CE-810E-5E7A49DC623A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{EF3D19C0-C7E7-4CE2-B9BF-EFAE3F2BCE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"TCP Query User{0D171672-77E1-49D4-B554-2F1460A7B9CA}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{21DA9733-115B-49A2-88C8-F4DE74E33E79}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{2A5A4DB7-2C9B-463F-901A-C1CD897E66F3}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"TCP Query User{2DCCAD41-DDE9-4C6F-A738-C0D588C4E2F9}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{2E41CA84-BD09-4B71-8EA4-6ABCDAAE4908}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"TCP Query User{426DE68E-93F4-494A-B17A-A0ED65231BD6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{565482C7-663A-4125-8581-3E564BB65E03}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{5D659CA3-6159-4252-895A-B02FC160D95B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{648E5E8E-05FC-4828-A9AC-961E3BEE50B9}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{6D7F0BBA-74B3-4A29-8223-2CD07F2771EB}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{7E1908A9-5C50-48C2-96A6-C50F73E0F43B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8C40472B-E0FB-4839-9ED0-59F354F65D38}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{94DEC41E-0DB7-453A-9E1E-46F79692FEF9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{96089E60-CFD2-4E9F-B30D-960BB85510A0}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{A6A40809-2426-4407-AB15-1C70F00F8970}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{ADFC9946-31E5-4792-937C-9749C875A51F}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{AE653E6D-D33F-4F0E-B220-734632CA385E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{C14C7134-4DE4-4085-BF34-B73802F92814}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{C61C6AE7-2255-4E71-A6BC-E8069A108470}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{D5B94E2D-1B20-40A9-A35F-624FEBFF9253}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{ED548B52-F299-4FBD-911A-B366EC8D37B1}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{F99753D3-0298-4B0B-ADC5-3FAC9D5447E1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{090B881B-6E11-4DAE-8660-C3D763FD954E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{3D55F525-0BC1-4E39-AD69-577E1898460E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{4B126A86-5593-43E5-8F9D-0F9F2BB01481}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{511A4EBC-A317-4390-8932-234FBD48BB5D}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{561A1960-4323-4EFB-977B-678AF705E054}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{58F3E71B-5E0D-4E0F-8ED0-9FFFF72589C3}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{5EC0AA9C-90CA-4DE4-B491-9B3FCA91A59D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{5F8F7802-4B87-47C9-96C2-8FE1650B259B}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{63193904-8B36-40EA-BF7D-0B824ADF62A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{642D1094-95A9-47BC-86D2-1B338CDB78AF}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"UDP Query User{7DEBAC66-3AFA-4D0D-AF1C-2D58308238C2}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"UDP Query User{7F20BF46-6D90-4246-AACC-07D89A24537A}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{8114E55D-E0D1-4316-B725-FFED3EA0BFDA}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{82787E3E-C54C-4867-8175-131A2B1BD48D}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{86A31524-02A2-407F-A8FF-2BBD55596514}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{9301C2C6-EE5B-4D7E-BEED-B3C6BB217603}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{9E615EC4-11F0-43D2-859A-43963640570A}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{A0D418DA-DCC2-43CA-80F1-82C4158A03D6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{A6DB83CE-328A-4D6A-994D-1D51156F1D28}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{B1E5B51E-4734-4881-8763-89E96251C93E}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{B8632CB1-97F6-4287-9F31-259ACF347F71}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{C227076C-F5ED-467D-B669-2174AAD87A6A}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{BAC38775-0DDE-AB4C-8260-844D54C96B91}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F38D5A27-B59F-7345-0DB1-1BC1BA68E6B1}" = ccc-utility64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{038117F4-2417-FB0E-3F12-B4604850FB9C}" = Catalyst Control Center Graphics Full Existing
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0E953BF9-C7C3-1919-CD44-874EB17338DC}" = Skins
"{19DDEE14-1A97-196F-B33B-5F069C929ACA}" = HydraVision
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}" = Command & Conquer 3 Tiberium Wars™ Demo
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{45B3A3BD-F90D-48FE-A147-D74878A51031}" = Nero 7 Essentials
"{4636E701-5410-4231-BF83-6B99DE575149}" = Sacred 2 Demo
"{46684480-0161-6798-EFEE-AE6083745D60}" = CCC Help English
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61F85D98-B2F7-F9B3-F706-CBE26666E447}" = Catalyst Control Center Graphics Full New
"{630E039E-FB55-9BCC-40FE-312AD9D7470B}" = Catalyst Control Center Core Implementation
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{712538AF-06AE-4F7F-B246-617034495FE6}" = ANNO 1404 (Demo)
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9F83E452-AD67-0474-B0AD-779254BE8174}" = Catalyst Control Center HydraVision Full
"{A29759FF-0FA3-2D4A-C122-92843A26B177}" = Catalyst Control Center Graphics Light
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA4A418C-4359-20D7-743A-9A864E2E0F0B}" = ccc-core-static
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7A03F82-CF59-6D98-C680-8897E78B8BB3}" = Catalyst Control Center Graphics Previews Common
"{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D24CD157-E4C4-4184-9465-B5C025E736AD}" = WORLD IN CONFLICT - DEMO
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{E2DF04C2-896D-BD6E-BE9B-30F738C3AEFD}" = Catalyst Control Center Graphics Previews Vista
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.51
"ASIO4ALL" = ASIO4ALL
"FL Studio 8" = FL Studio 8
"Fraps" = Fraps
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.0
"HD Tune_is1" = HD Tune 2.55
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"NanoStudio 1.12_is1" = NanoStudio 1.12
"PartyPoker" = PartyPoker
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StarCraft II" = StarCraft II
"Steam App 10620" = Empire: Total War Demo
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Streamripper" = Streamripper (Remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.8.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Ich hab jetzt alles was ich als Laie in dem Gebiet versuchen kann und was ich im Forum gelernt habe gemacht... wie soll ich jetzt weiter vor gehen? es kommt die ganze zeit immer das pop up von anti vir mit der trojaner meldung. und bei malewarebytes sind 5 trojaner in quarantäne danke im voraus für eure hilfe @ dr.dsl wie füge ich den text ein bei otl? werde jetzt das versuchen: :OTL O4 - Startup: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe () :Files C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe C:\Users\Karl-Heinz\AppData\Roaming\mixeruupack.exe C:\ProgramData\hAjBfNa06504 :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] der neue log nach dem neustart.....allerdings kommt die warnung von anti vir immernoch -.- was soll ich jetzt machen? All processes killed ========== OTL ========== File C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe not found. ========== FILES ========== File\Folder C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe not found. File\Folder C:\Users\Karl-Heinz\AppData\Roaming\mixeruupack.exe not found. File\Folder C:\ProgramData\hAjBfNa06504 not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Karl-Heinz ->Flash cache emptied: 204342 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Karl-Heinz ->Temp folder emptied: 9474362 bytes ->Temporary Internet Files folder emptied: 249819288 bytes ->FireFox cache emptied: 59934407 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1628618935 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1697123587 bytes Total Files Cleaned = 3.476,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04222011_144420 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEEZZ9RP\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H16OAY18\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPC7FTFI\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKY2LD5D\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. Registry entries deleted on Reboot... eben nochmal pc vom web getrennt und mit malewarefiles gescannt ergebnis: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6418 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 22.04.2011 15:32:59 mbam-log-2011-04-22 (15-32-59).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|) Durchsuchte Objekte: 327827 Laufzeit: 35 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\karl-heinz\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\43114248.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\karl-heinz\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\karl-heinz\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\karl-heinz\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. |
|
26.04.2011, 14:51
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Brauche dringend Hilfe tr/kazy.mekml.1Zitat:
OTL-Fix-Scripte sind indivuell für einen User in einer bestimmten Situation angepasst. Sie sind nicht übertragbar!! Poste bitte frische OTL-Logs! Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
27.04.2011, 18:05
| #3 |
| | Brauche dringend Hilfe tr/kazy.mekml.1 Hey erstmal vielen Dank das du mir hilfst!
__________________hier die logsOTL Logfile: Code:
ATTFilter OTL logfile created on: 27.04.2011 19:02:20 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Karl-Heinz\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,63 Gb Total Space | 387,81 Gb Free Space | 55,51% Space Free | Partition Type: NTFS Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirScheduler) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.03 10:51:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.03 10:51:31 | 000,000,000 | ---D | M] [2008.09.29 04:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Extensions [2011.04.03 10:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions [2009.09.27 17:01:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.03.25 23:48:29 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\moveplayer@movenetworks.com [2011.04.27 18:40:10 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-1.xml [2009.07.23 18:56:08 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-10.xml [2009.08.10 17:16:38 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-11.xml [2009.09.11 17:50:03 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-12.xml [2009.10.29 19:40:58 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-13.xml [2009.12.21 13:51:12 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-14.xml [2010.01.10 19:00:41 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-15.xml [2010.02.22 09:38:00 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-16.xml [2010.04.04 19:36:11 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-17.xml [2011.04.03 10:53:05 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-18.xml [2008.11.16 02:44:27 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-2.xml [2008.12.23 15:03:12 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-3.xml [2009.02.08 19:32:10 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-4.xml [2009.03.06 20:34:23 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-5.xml [2009.03.29 01:24:06 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-6.xml [2009.04.23 02:12:29 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-7.xml [2009.04.28 22:41:52 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-8.xml [2009.06.13 13:03:45 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-9.xml [2008.09.29 04:19:02 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin.xml [2011.04.03 10:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.07.14 19:52:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [WMPNSCFG] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Auto\command - "" = auto.exe O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Explore\command - "" = MS-DOS.com O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Open\command - "" = MS-DOS.com O33 - MountPoints2\{6eaa7920-a272-11dd-a4f1-0022150e595e}\Shell\AutoRun\command - "" = G:\setupSNK.exe O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell - "" = AutoRun O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 14:44:20 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.22 00:25:36 | 000,000,000 | ---D | C] -- C:\Users\Karl-Heinz\AppData\Roaming\Malwarebytes [2011.04.22 00:25:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.22 00:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.22 00:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.22 00:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.22 00:24:11 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 23:34:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe [2011.04.16 18:09:35 | 000,000,000 | ---D | C] -- C:\Users\Karl-Heinz\Documents\PU [2011.04.03 11:48:11 | 000,000,000 | ---D | C] -- C:\Users\Karl-Heinz\Desktop\Ger Best [2011.04.03 11:36:50 | 000,000,000 | ---D | C] -- C:\Users\Karl-Heinz\Desktop\Samples Nano Studio ========== Files - Modified Within 30 Days ========== [2011.04.27 18:30:04 | 001,635,848 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.27 18:30:04 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.27 18:30:04 | 000,655,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.27 18:30:04 | 000,157,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.27 18:30:04 | 000,128,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.27 18:25:26 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job [2011.04.27 18:22:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 18:22:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 18:22:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 14:35:36 | 000,504,657 | ---- | M] () -- C:\Users\Karl-Heinz\Desktop\unhide.exe [2011.04.22 10:40:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe [2011.04.22 00:25:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 00:24:13 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 23:21:43 | 000,000,120 | ---- | M] () -- C:\ProgramData\~43114248r [2011.04.21 23:21:43 | 000,000,104 | ---- | M] () -- C:\ProgramData\~43114248 [2011.04.21 23:19:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\43114248 [2011.04.18 22:37:41 | 000,211,456 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.03 10:51:36 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2011.04.22 14:35:33 | 000,504,657 | ---- | C] () -- C:\Users\Karl-Heinz\Desktop\unhide.exe [2011.04.22 00:25:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 00:25:21 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.21 23:21:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~43114248r [2011.04.21 23:21:42 | 000,000,104 | ---- | C] () -- C:\ProgramData\~43114248 [2011.04.21 23:19:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\43114248 [2011.04.03 10:51:36 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.02.26 15:17:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2008.11.21 17:57:41 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2008.10.25 12:33:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2008.10.03 20:10:01 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2008.09.29 14:56:15 | 000,000,098 | ---- | C] () -- C:\Users\Karl-Heinz\AppData\Local\fusioncache.dat [2008.09.29 13:18:10 | 000,059,225 | ---- | C] () -- C:\Windows\War3Unin.dat [2008.09.29 12:15:20 | 001,524,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.09.29 12:13:46 | 000,189,672 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2008.09.29 12:13:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2008.09.29 12:13:43 | 000,070,968 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2008.09.29 06:26:50 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2008.09.29 06:26:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.09.29 05:47:55 | 000,211,456 | ---- | C] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.29 04:18:33 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2008.09.29 04:18:32 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2008.09.29 04:18:31 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2008.09.29 04:18:31 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2008.09.29 04:10:46 | 000,032,124 | ---- | C] () -- C:\Windows\Ascd_log.ini [2008.09.29 04:10:30 | 000,031,749 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.09.29 04:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.29 02:39:43 | 000,000,732 | ---- | C] () -- C:\Users\Karl-Heinz\AppData\Local\d3d9caps64.dat [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2008.08.21 03:36:01 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2008.11.07 16:48:55 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo [2008.10.03 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\concept design [2010.09.10 19:18:03 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\ICQ [2008.10.02 18:53:34 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Leadertech [2009.12.22 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2008.12.09 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Red Alert 3 Demo [2008.09.29 05:39:39 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\streamripper [2009.04.23 14:00:56 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\The Creative Assembly [2011.02.06 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\TuneUp Software [2009.06.26 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Ubisoft [2010.12.01 00:11:02 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\XMedia Recode [2011.04.23 02:50:59 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.27 18:25:26 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.04.2011 19:02:20 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Karl-Heinz\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 387,81 Gb Free Space | 55,51% Space Free | Partition Type: NTFS
Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-688148533-2580855891-255624100-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4795CF89-B1B1-4173-9297-2F7426F9C0FE}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A418C75D-9024-4E11-A22A-A82D0211106C}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{B8EE4FB7-CAFE-4763-A247-994B7F5E20F9}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{DCF3D0DD-BCE2-4970-8878-5F029EC56562}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0013E-2429-4D68-BEFF-71520389FBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{038F9921-517D-4E7F-9270-1E1800D68EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{04CA754A-9611-4499-B457-053D170E70F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{05531DF7-36C8-4297-9F45-F20E48ED432B}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{0C833505-2D22-48E6-AD8A-9C49795BACEE}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{133CDE21-B4CE-46A5-B562-06AC274E9C73}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{1F376101-2553-4601-A65A-17361012CD43}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{27624122-CAAF-49ED-9296-D87B128F049B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A530776-EB40-4A19-A00F-8CFDF0B74D5E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3700E488-7A3C-4795-92F3-F42D27A41756}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{379D2A62-E84F-4A88-B1CA-F0A002CF006A}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{3CD4F43F-46BE-46CD-A7FD-CFF9DDE648BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{477C0F11-A013-4649-AF29-5B738BDAA89A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{48A2E67D-7A3F-49D9-833D-A51530AA8E24}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{4D036F3D-C6C1-47CA-8984-29875EFC016C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{54A31457-3265-4480-831E-00352B192AB4}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6413124A-0456-406E-B5EF-56192FD3060F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{656AE0FF-33AA-4D46-8BF4-8FDBFD247751}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{669C5421-3651-47DB-B8B0-61B033CB8A04}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{695C9B71-F7DC-430E-81F6-3B6771C0D673}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{6E054483-3B62-4AB0-A502-298D7E816485}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{727DA545-E96F-4385-A262-ACCD95B73D5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73B3122D-A601-4512-BA16-8E2DB78D456C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85DC83C9-0242-4CFE-9350-3B8D32FB0CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{86D38870-B961-4C92-94B7-BF214AE71346}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{8CC3B56B-2B07-4E91-AA8A-FF839213FE4F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{94B2E1E2-A059-4729-A9CB-42F8B2032F2B}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{96586A53-07C7-4F9A-A9C1-C6850DBB3DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{976BBA7F-D61A-4AB5-A0ED-755D6A049BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{9AA7A255-4839-4ECB-8933-C0432B69D230}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{A1DBE11F-92D5-4E32-96E8-A30B14ED272A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A3257C57-DFAB-4FED-94C1-16F5191BE43B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{AA0FF052-8097-4885-8BC4-482B0F313E09}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{AB0A58AD-A1B4-4E5C-AE95-1E697F26D39F}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"{AD1423C3-D89A-41D1-9985-D6C732AC766A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AD85B653-45BF-4243-B032-DD50C7A73E37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFB2AA8B-83ED-4B21-826A-EA7669A562DC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{B1B8CBB9-3721-4FCE-8B16-EAAF58D09AFD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B71296DC-3478-499B-9381-7377C9A59A99}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2D697E4-1995-4D37-837A-17F65361078A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{CD8942EF-9B37-4F9B-94CC-A33EFCE5E97C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D4A75635-713E-4197-8ED1-D9B93B6DE84A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA3F590E-DF19-4110-BA11-E091EB1272E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{E693E68B-0DB9-4327-9682-4DC264DEB520}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{E988D0F5-EB4A-4DF7-BD57-0BF6ADC76DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{EC3E2EA6-32A4-42CE-810E-5E7A49DC623A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{EF3D19C0-C7E7-4CE2-B9BF-EFAE3F2BCE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"TCP Query User{0D171672-77E1-49D4-B554-2F1460A7B9CA}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{21DA9733-115B-49A2-88C8-F4DE74E33E79}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{2A5A4DB7-2C9B-463F-901A-C1CD897E66F3}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"TCP Query User{2DCCAD41-DDE9-4C6F-A738-C0D588C4E2F9}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{2E41CA84-BD09-4B71-8EA4-6ABCDAAE4908}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"TCP Query User{426DE68E-93F4-494A-B17A-A0ED65231BD6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{565482C7-663A-4125-8581-3E564BB65E03}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{5D659CA3-6159-4252-895A-B02FC160D95B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{648E5E8E-05FC-4828-A9AC-961E3BEE50B9}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{6D7F0BBA-74B3-4A29-8223-2CD07F2771EB}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{7E1908A9-5C50-48C2-96A6-C50F73E0F43B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8C40472B-E0FB-4839-9ED0-59F354F65D38}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{94DEC41E-0DB7-453A-9E1E-46F79692FEF9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{96089E60-CFD2-4E9F-B30D-960BB85510A0}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{A6A40809-2426-4407-AB15-1C70F00F8970}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{ADFC9946-31E5-4792-937C-9749C875A51F}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{AE653E6D-D33F-4F0E-B220-734632CA385E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{C14C7134-4DE4-4085-BF34-B73802F92814}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{C61C6AE7-2255-4E71-A6BC-E8069A108470}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{D5B94E2D-1B20-40A9-A35F-624FEBFF9253}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{ED548B52-F299-4FBD-911A-B366EC8D37B1}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{F99753D3-0298-4B0B-ADC5-3FAC9D5447E1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{090B881B-6E11-4DAE-8660-C3D763FD954E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{3D55F525-0BC1-4E39-AD69-577E1898460E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{4B126A86-5593-43E5-8F9D-0F9F2BB01481}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{511A4EBC-A317-4390-8932-234FBD48BB5D}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{561A1960-4323-4EFB-977B-678AF705E054}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{58F3E71B-5E0D-4E0F-8ED0-9FFFF72589C3}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{5EC0AA9C-90CA-4DE4-B491-9B3FCA91A59D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{5F8F7802-4B87-47C9-96C2-8FE1650B259B}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{63193904-8B36-40EA-BF7D-0B824ADF62A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{642D1094-95A9-47BC-86D2-1B338CDB78AF}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"UDP Query User{7DEBAC66-3AFA-4D0D-AF1C-2D58308238C2}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"UDP Query User{7F20BF46-6D90-4246-AACC-07D89A24537A}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{8114E55D-E0D1-4316-B725-FFED3EA0BFDA}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{82787E3E-C54C-4867-8175-131A2B1BD48D}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{86A31524-02A2-407F-A8FF-2BBD55596514}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{9301C2C6-EE5B-4D7E-BEED-B3C6BB217603}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{9E615EC4-11F0-43D2-859A-43963640570A}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{A0D418DA-DCC2-43CA-80F1-82C4158A03D6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{A6DB83CE-328A-4D6A-994D-1D51156F1D28}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{B1E5B51E-4734-4881-8763-89E96251C93E}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{B8632CB1-97F6-4287-9F31-259ACF347F71}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{C227076C-F5ED-467D-B669-2174AAD87A6A}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{BAC38775-0DDE-AB4C-8260-844D54C96B91}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F38D5A27-B59F-7345-0DB1-1BC1BA68E6B1}" = ccc-utility64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{038117F4-2417-FB0E-3F12-B4604850FB9C}" = Catalyst Control Center Graphics Full Existing
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0E953BF9-C7C3-1919-CD44-874EB17338DC}" = Skins
"{19DDEE14-1A97-196F-B33B-5F069C929ACA}" = HydraVision
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}" = Command & Conquer 3 Tiberium Wars™ Demo
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{45B3A3BD-F90D-48FE-A147-D74878A51031}" = Nero 7 Essentials
"{4636E701-5410-4231-BF83-6B99DE575149}" = Sacred 2 Demo
"{46684480-0161-6798-EFEE-AE6083745D60}" = CCC Help English
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61F85D98-B2F7-F9B3-F706-CBE26666E447}" = Catalyst Control Center Graphics Full New
"{630E039E-FB55-9BCC-40FE-312AD9D7470B}" = Catalyst Control Center Core Implementation
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{712538AF-06AE-4F7F-B246-617034495FE6}" = ANNO 1404 (Demo)
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9F83E452-AD67-0474-B0AD-779254BE8174}" = Catalyst Control Center HydraVision Full
"{A29759FF-0FA3-2D4A-C122-92843A26B177}" = Catalyst Control Center Graphics Light
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA4A418C-4359-20D7-743A-9A864E2E0F0B}" = ccc-core-static
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7A03F82-CF59-6D98-C680-8897E78B8BB3}" = Catalyst Control Center Graphics Previews Common
"{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D24CD157-E4C4-4184-9465-B5C025E736AD}" = WORLD IN CONFLICT - DEMO
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{E2DF04C2-896D-BD6E-BE9B-30F738C3AEFD}" = Catalyst Control Center Graphics Previews Vista
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.51
"ASIO4ALL" = ASIO4ALL
"FL Studio 8" = FL Studio 8
"Fraps" = Fraps
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.0
"HD Tune_is1" = HD Tune 2.55
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"NanoStudio 1.12_is1" = NanoStudio 1.12
"PartyPoker" = PartyPoker
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StarCraft II" = StarCraft II
"Steam App 10620" = Empire: Total War Demo
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Streamripper" = Streamripper (Remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.8.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
27.04.2011, 18:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Brauche dringend Hilfe tr/kazy.mekml.1 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Explore\command - "" = MS-DOS.com
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Open\command - "" = MS-DOS.com
O33 - MountPoints2\{6eaa7920-a272-11dd-a4f1-0022150e595e}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell - "" = AutoRun
O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.04.21 23:21:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~43114248r
[2011.04.21 23:21:42 | 000,000,104 | ---- | C] () -- C:\ProgramData\~43114248
[2011.04.21 23:19:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\43114248
@Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.04.2011, 22:20
| #5 |
| | Brauche dringend Hilfe tr/kazy.mekml.1 hoffe mal es war richtig so hier der log: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d393322-d79e-11df-b34f-0022150e595e}\ not found. File auto.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d393322-d79e-11df-b34f-0022150e595e}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d393322-d79e-11df-b34f-0022150e595e}\ not found. File MS-DOS.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d393322-d79e-11df-b34f-0022150e595e}\ not found. File MS-DOS.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eaa7920-a272-11dd-a4f1-0022150e595e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eaa7920-a272-11dd-a4f1-0022150e595e}\ not found. File G:\setupSNK.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b19c8b-e471-11dd-8e2f-0022150e595e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b19c8b-e471-11dd-8e2f-0022150e595e}\ not found. File F:\LaunchU3.exe -a not found. C:\ProgramData\~43114248r moved successfully. C:\ProgramData\~43114248 moved successfully. C:\ProgramData\43114248 moved successfully. ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully. ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Karl-Heinz ->Temp folder emptied: 31832 bytes ->Temporary Internet Files folder emptied: 1455682 bytes ->FireFox cache emptied: 120934021 bytes ->Flash cache emptied: 1837 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3482 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 117,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04272011_231420 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEEZZ9RP\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H16OAY18\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPC7FTFI\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKY2LD5D\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
28.04.2011, 10:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Brauche dringend Hilfe tr/kazy.mekml.1 Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Brauche dringend Hilfe tr/kazy.mekml.1 |
|
30.04.2011, 07:49
| #7 |
| | Brauche dringend Hilfe tr/kazy.mekml.1 ok habe dasa tool ausgeführt .. es hat nichts gefunden. unhide habe ich bereits vorher schon ausgeführt gehabt wo ich selber das problem lösen wollte => alle ordner wieder da. was ist der nächste schritt? 2011/04/30 08:45:20.0745 1516 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/30 08:45:20.0964 1516 ================================================================================ 2011/04/30 08:45:20.0964 1516 SystemInfo: 2011/04/30 08:45:20.0964 1516 2011/04/30 08:45:20.0964 1516 OS Version: 6.0.6001 ServicePack: 1.0 2011/04/30 08:45:20.0964 1516 Product type: Workstation 2011/04/30 08:45:20.0964 1516 ComputerName: KARL-HEINZ-PC 2011/04/30 08:45:20.0964 1516 UserName: Karl-Heinz 2011/04/30 08:45:20.0964 1516 Windows directory: C:\Windows 2011/04/30 08:45:20.0964 1516 System windows directory: C:\Windows 2011/04/30 08:45:20.0964 1516 Running under WOW64 2011/04/30 08:45:20.0964 1516 Processor architecture: Intel x64 2011/04/30 08:45:20.0964 1516 Number of processors: 2 2011/04/30 08:45:20.0964 1516 Page size: 0x1000 2011/04/30 08:45:20.0964 1516 Boot type: Normal boot 2011/04/30 08:45:20.0964 1516 ================================================================================ 2011/04/30 08:45:21.0338 1516 Initialize success 2011/04/30 08:45:31.0541 2712 ================================================================================ 2011/04/30 08:45:31.0541 2712 Scan started 2011/04/30 08:45:31.0541 2712 Mode: Manual; 2011/04/30 08:45:31.0541 2712 ================================================================================ 2011/04/30 08:45:34.0021 2712 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys 2011/04/30 08:45:34.0551 2712 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 2011/04/30 08:45:34.0770 2712 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 2011/04/30 08:45:34.0910 2712 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 2011/04/30 08:45:34.0957 2712 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 2011/04/30 08:45:35.0113 2712 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys 2011/04/30 08:45:35.0207 2712 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 2011/04/30 08:45:35.0238 2712 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 2011/04/30 08:45:35.0269 2712 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 2011/04/30 08:45:35.0300 2712 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 2011/04/30 08:45:35.0331 2712 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 2011/04/30 08:45:35.0394 2712 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 2011/04/30 08:45:35.0456 2712 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 2011/04/30 08:45:35.0534 2712 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/30 08:45:35.0565 2712 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys 2011/04/30 08:45:35.0706 2712 atikmdag (6d88ada1d1ebd75e075ae167408a425c) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/04/30 08:45:35.0955 2712 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys 2011/04/30 08:45:36.0002 2712 avgntflt (025a17fc8e80d3905d109e3e9900e53c) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/30 08:45:36.0049 2712 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 2011/04/30 08:45:36.0065 2712 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/30 08:45:36.0096 2712 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/30 08:45:36.0127 2712 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 2011/04/30 08:45:36.0143 2712 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 2011/04/30 08:45:36.0174 2712 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 2011/04/30 08:45:36.0205 2712 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/30 08:45:36.0252 2712 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 2011/04/30 08:45:36.0283 2712 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 2011/04/30 08:45:36.0314 2712 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/30 08:45:36.0361 2712 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/30 08:45:36.0455 2712 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 2011/04/30 08:45:36.0564 2712 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys 2011/04/30 08:45:36.0611 2712 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 2011/04/30 08:45:36.0642 2712 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 2011/04/30 08:45:36.0673 2712 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/30 08:45:36.0704 2712 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys 2011/04/30 08:45:36.0735 2712 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys 2011/04/30 08:45:36.0798 2712 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 2011/04/30 08:45:36.0845 2712 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/30 08:45:36.0923 2712 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 2011/04/30 08:45:36.0969 2712 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys 2011/04/30 08:45:37.0079 2712 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 2011/04/30 08:45:37.0125 2712 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 2011/04/30 08:45:37.0172 2712 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys 2011/04/30 08:45:37.0281 2712 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys 2011/04/30 08:45:37.0313 2712 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/30 08:45:37.0344 2712 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 2011/04/30 08:45:37.0375 2712 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 2011/04/30 08:45:37.0406 2712 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/30 08:45:37.0422 2712 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys 2011/04/30 08:45:37.0469 2712 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/30 08:45:37.0500 2712 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/30 08:45:37.0547 2712 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/04/30 08:45:37.0625 2712 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 2011/04/30 08:45:37.0656 2712 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/30 08:45:37.0687 2712 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 2011/04/30 08:45:37.0765 2712 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 2011/04/30 08:45:37.0796 2712 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/30 08:45:37.0827 2712 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 2011/04/30 08:45:37.0859 2712 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys 2011/04/30 08:45:37.0921 2712 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 2011/04/30 08:45:37.0968 2712 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/30 08:45:37.0999 2712 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 2011/04/30 08:45:38.0046 2712 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 2011/04/30 08:45:38.0108 2712 IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys 2011/04/30 08:45:38.0155 2712 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 2011/04/30 08:45:38.0264 2712 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/30 08:45:38.0420 2712 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/30 08:45:38.0483 2712 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/30 08:45:38.0514 2712 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/30 08:45:38.0545 2712 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 2011/04/30 08:45:38.0576 2712 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 2011/04/30 08:45:38.0623 2712 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/30 08:45:38.0670 2712 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 2011/04/30 08:45:38.0717 2712 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 2011/04/30 08:45:38.0748 2712 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/30 08:45:38.0779 2712 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/30 08:45:38.0904 2712 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/30 08:45:39.0060 2712 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 2011/04/30 08:45:39.0107 2712 L1E (75a40635ebca9e69d6ebbdaa35e5ee1e) C:\Windows\system32\DRIVERS\L1E60x64.sys 2011/04/30 08:45:39.0169 2712 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/04/30 08:45:39.0200 2712 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/30 08:45:39.0247 2712 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/30 08:45:39.0278 2712 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/30 08:45:39.0325 2712 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/30 08:45:39.0356 2712 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 2011/04/30 08:45:39.0403 2712 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 2011/04/30 08:45:39.0450 2712 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 2011/04/30 08:45:39.0481 2712 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 2011/04/30 08:45:39.0512 2712 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/30 08:45:39.0559 2712 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/30 08:45:39.0590 2712 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/30 08:45:39.0621 2712 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 2011/04/30 08:45:39.0653 2712 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 2011/04/30 08:45:39.0684 2712 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/30 08:45:39.0715 2712 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/30 08:45:39.0746 2712 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys 2011/04/30 08:45:39.0793 2712 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/30 08:45:39.0840 2712 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/30 08:45:39.0887 2712 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/30 08:45:39.0980 2712 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 2011/04/30 08:45:40.0074 2712 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 2011/04/30 08:45:40.0183 2712 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 2011/04/30 08:45:40.0292 2712 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 2011/04/30 08:45:40.0401 2712 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/30 08:45:40.0604 2712 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/30 08:45:40.0698 2712 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 2011/04/30 08:45:40.0823 2712 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys 2011/04/30 08:45:41.0103 2712 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/30 08:45:41.0275 2712 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 2011/04/30 08:45:41.0400 2712 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys 2011/04/30 08:45:41.0493 2712 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys 2011/04/30 08:45:41.0649 2712 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/30 08:45:41.0883 2712 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys 2011/04/30 08:45:42.0117 2712 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/30 08:45:42.0227 2712 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/30 08:45:42.0351 2712 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/30 08:45:42.0476 2712 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 2011/04/30 08:45:42.0632 2712 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/30 08:45:42.0835 2712 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/30 08:45:43.0007 2712 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 2011/04/30 08:45:43.0116 2712 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys 2011/04/30 08:45:43.0256 2712 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/30 08:45:43.0615 2712 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys 2011/04/30 08:45:43.0911 2712 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 2011/04/30 08:45:44.0052 2712 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 2011/04/30 08:45:44.0161 2712 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 2011/04/30 08:45:44.0255 2712 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 2011/04/30 08:45:44.0660 2712 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/30 08:45:44.0801 2712 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 2011/04/30 08:45:44.0925 2712 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys 2011/04/30 08:45:45.0081 2712 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys 2011/04/30 08:45:45.0222 2712 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys 2011/04/30 08:45:45.0440 2712 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 2011/04/30 08:45:45.0612 2712 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 2011/04/30 08:45:46.0002 2712 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/30 08:45:46.0111 2712 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 2011/04/30 08:45:46.0298 2712 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/30 08:45:46.0626 2712 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 2011/04/30 08:45:46.0860 2712 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 2011/04/30 08:45:46.0922 2712 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/30 08:45:46.0985 2712 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/30 08:45:47.0078 2712 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/30 08:45:47.0156 2712 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/30 08:45:47.0219 2712 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/30 08:45:47.0281 2712 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/30 08:45:47.0359 2712 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/30 08:45:47.0484 2712 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 2011/04/30 08:45:47.0546 2712 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/30 08:45:47.0609 2712 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys 2011/04/30 08:45:47.0733 2712 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/30 08:45:47.0811 2712 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 2011/04/30 08:45:47.0905 2712 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/04/30 08:45:47.0983 2712 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/30 08:45:48.0045 2712 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys 2011/04/30 08:45:48.0108 2712 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 2011/04/30 08:45:48.0186 2712 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 2011/04/30 08:45:48.0248 2712 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/30 08:45:48.0326 2712 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/30 08:45:48.0342 2712 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 2011/04/30 08:45:48.0404 2712 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 2011/04/30 08:45:48.0451 2712 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 2011/04/30 08:45:48.0701 2712 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys 2011/04/30 08:45:48.0810 2712 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys 2011/04/30 08:45:48.0919 2712 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys 2011/04/30 08:45:49.0013 2712 srv2 (56e686e35fce7a1931eb05c226bbae81) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/30 08:45:49.0293 2712 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/30 08:45:49.0637 2712 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/30 08:45:49.0699 2712 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 2011/04/30 08:45:49.0808 2712 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 2011/04/30 08:45:49.0871 2712 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 2011/04/30 08:45:50.0058 2712 Tcpip (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\drivers\tcpip.sys 2011/04/30 08:45:50.0370 2712 Tcpip6 (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/30 08:45:50.0432 2712 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/30 08:45:50.0479 2712 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 2011/04/30 08:45:50.0526 2712 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 2011/04/30 08:45:50.0573 2712 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/30 08:45:50.0619 2712 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/30 08:45:50.0697 2712 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/30 08:45:50.0744 2712 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/30 08:45:50.0791 2712 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/30 08:45:50.0822 2712 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 2011/04/30 08:45:50.0869 2712 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/30 08:45:50.0931 2712 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/30 08:45:51.0087 2712 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 2011/04/30 08:45:51.0181 2712 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 2011/04/30 08:45:51.0259 2712 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 2011/04/30 08:45:51.0306 2712 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/30 08:45:51.0493 2712 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys 2011/04/30 08:45:51.0587 2712 usbccgp (66627c6008319def7909f21fb75a8991) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/30 08:45:51.0665 2712 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 2011/04/30 08:45:51.0727 2712 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/30 08:45:51.0789 2712 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/30 08:45:51.0899 2712 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 2011/04/30 08:45:51.0945 2712 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/30 08:45:51.0992 2712 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/30 08:45:52.0070 2712 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/30 08:45:52.0133 2712 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/30 08:45:52.0164 2712 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 2011/04/30 08:45:52.0195 2712 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 2011/04/30 08:45:52.0273 2712 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys 2011/04/30 08:45:52.0335 2712 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys 2011/04/30 08:45:52.0429 2712 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys 2011/04/30 08:45:52.0538 2712 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 2011/04/30 08:45:52.0585 2712 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 2011/04/30 08:45:52.0616 2712 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/30 08:45:52.0819 2712 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/30 08:45:52.0881 2712 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 2011/04/30 08:45:52.0975 2712 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/30 08:45:53.0287 2712 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys 2011/04/30 08:45:53.0537 2712 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/30 08:45:53.0739 2712 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/30 08:45:53.0911 2712 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/30 08:45:54.0114 2712 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys 2011/04/30 08:45:54.0332 2712 ================================================================================ 2011/04/30 08:45:54.0332 2712 Scan finished 2011/04/30 08:45:54.0332 2712 ================================================================================ |
|
01.05.2011, 12:09
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Brauche dringend Hilfe tr/kazy.mekml.1 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 22:13
| #9 |
| | Brauche dringend Hilfe tr/kazy.mekml.1 Der Download vom CC Cleaner hat leider nicht funktioniert kann ich trotzdem cofi.exe ausführen? bzw. kann/ darf man ihn auch von einer anderen seite laden? |
|
07.05.2011, 02:36
| #11 |
| | Brauche dringend Hilfe tr/kazy.mekml.1 hier der log Combofix Logfile: Code:
ATTFilter ComboFix 11-05-06.03 - Karl-Heinz 07.05.2011 3:25.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.4094.2661 [GMT 2:00]
ausgeführt von:: c:\users\Karl-Heinz\Desktop\cofi.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-07 bis 2011-05-07 ))))))))))))))))))))))))))))))
.
.
2011-05-07 01:31 . 2011-05-07 01:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-07 01:19 . 2011-05-07 01:20 -------- d-----w- C:\cofi
2011-05-07 01:08 . 2010-09-20 12:14 316416 ----a-w- c:\windows\system32\msshsq.dll
2011-05-07 01:08 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
2011-05-05 03:32 . 2011-03-03 15:06 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-05 03:32 . 2011-03-03 14:56 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-05-05 03:32 . 2011-03-03 13:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-05 03:32 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-05-04 22:00 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-05-04 21:58 . 2010-02-20 23:44 32768 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-04 21:58 . 2010-02-20 23:39 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2011-05-04 21:58 . 2010-02-20 23:42 33792 ----a-w- c:\windows\system32\httpapi.dll
2011-05-04 21:58 . 2010-02-20 23:37 31232 ----a-w- c:\windows\SysWow64\httpapi.dll
2011-05-04 21:58 . 2010-02-20 21:40 610304 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-04 21:55 . 2010-04-14 18:33 101376 ----a-w- c:\windows\system32\MSNP.ax
2011-05-04 21:55 . 2010-04-14 17:46 80896 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-05-04 21:55 . 2010-04-14 18:35 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-05-04 21:55 . 2010-04-14 18:35 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-05-04 21:55 . 2010-04-14 17:47 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-05-04 21:55 . 2010-04-14 17:47 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-05-04 21:54 . 2009-11-08 08:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-04 21:54 . 2009-11-08 08:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-04 21:54 . 2009-11-08 08:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-04 21:54 . 2009-11-08 08:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-04 21:54 . 2009-11-08 08:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-04 21:54 . 2009-11-08 08:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-04 21:54 . 2009-11-08 08:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-04 21:54 . 2009-11-08 08:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-04 21:54 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-04 21:54 . 2009-11-08 08:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-04 21:42 . 2009-11-03 22:42 35328 ----a-w- c:\windows\system32\drivers\de-DE\http.sys.mui
2011-05-04 21:41 . 2009-12-28 12:42 143360 ----a-w- c:\windows\system32\msvfw32.dll
2011-05-04 21:38 . 2010-08-31 15:41 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-05-04 21:38 . 2010-08-31 15:41 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-05-04 21:37 . 2009-10-07 12:57 280576 ----a-w- c:\windows\system32\rastls.dll
2011-05-04 21:37 . 2009-10-07 12:57 295936 ----a-w- c:\windows\system32\raschap.dll
2011-05-04 21:37 . 2009-10-07 12:41 244224 ----a-w- c:\windows\SysWow64\rastls.dll
2011-05-04 21:37 . 2009-10-07 12:41 281600 ----a-w- c:\windows\SysWow64\raschap.dll
2011-05-04 21:37 . 2011-03-03 15:09 975872 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-04 21:37 . 2011-03-03 15:00 738816 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-04 21:36 . 2010-10-18 14:25 87552 ----a-w- c:\windows\system32\consent.exe
2011-05-04 21:36 . 2010-12-17 17:12 2424320 ----a-w- c:\windows\system32\mstscax.dll
2011-05-04 21:36 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-05-04 21:36 . 2010-12-17 15:35 730624 ----a-w- c:\windows\system32\mstsc.exe
2011-05-04 21:36 . 2010-12-17 15:06 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-05-04 21:35 . 2010-10-15 14:02 4692368 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-04 21:35 . 2010-10-15 13:43 1560960 ----a-w- c:\windows\system32\ntdll.dll
2011-05-04 21:35 . 2010-10-15 13:43 1167488 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-05-04 21:33 . 2011-04-18 07:15 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BDE9815-C0B2-4712-A5EB-4C6211AE8C29}\mpengine.dll
2011-05-04 21:33 . 2010-04-05 16:51 84480 ----a-w- c:\windows\system32\asycfilt.dll
2011-05-04 21:33 . 2010-04-05 16:07 67072 ----a-w- c:\windows\SysWow64\asycfilt.dll
2011-05-04 21:31 . 2010-12-29 17:53 416768 ----a-w- c:\windows\system32\sbe.dll
2011-05-04 21:31 . 2010-12-29 17:53 560128 ----a-w- c:\windows\system32\EncDec.dll
2011-05-04 21:31 . 2010-12-29 17:51 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-05-04 21:31 . 2010-12-29 17:41 323072 ----a-w- c:\windows\SysWow64\sbe.dll
2011-05-04 21:31 . 2010-12-29 17:41 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-05-04 21:31 . 2010-12-29 17:41 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-05-04 21:31 . 2010-12-29 17:39 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-05-04 21:31 . 2010-12-29 17:53 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-05-04 21:30 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-04 21:30 . 2011-03-03 10:49 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-05-04 21:30 . 2011-03-03 13:15 2760704 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 21:28 . 2010-01-15 00:04 98304 ----a-w- c:\windows\SysWow64\cabview.dll
2011-05-04 21:28 . 2010-01-13 18:34 104960 ----a-w- c:\windows\system32\cabview.dll
2011-05-04 21:28 . 2011-02-18 13:51 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-04 21:28 . 2011-02-18 13:51 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-04 21:28 . 2011-02-18 13:51 144896 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-04 21:27 . 2010-01-21 16:34 72192 ----a-w- c:\windows\system32\l3codeca.acm
2011-05-04 21:27 . 2010-01-21 15:59 62464 ----a-w- c:\windows\SysWow64\l3codeca.acm
2011-05-04 21:27 . 2010-10-28 13:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-04 21:27 . 2010-10-28 12:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-04-27 17:11 . 2010-04-16 16:40 1570816 ----a-w- c:\windows\system32\quartz.dll
2011-04-27 17:11 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2011-04-27 17:11 . 2010-04-16 16:41 622080 ----a-w- c:\windows\system32\usp10.dll
2011-04-27 17:11 . 2010-04-16 16:10 501760 ----a-w- c:\windows\SysWow64\usp10.dll
2011-04-27 17:10 . 2010-08-10 15:36 343040 ----a-w- c:\windows\system32\schannel.dll
2011-04-27 17:10 . 2010-08-10 15:02 274432 ----a-w- c:\windows\SysWow64\schannel.dll
2011-04-27 17:10 . 2010-08-20 15:56 1090048 ----a-w- c:\windows\system32\wmpmde.dll
2011-04-27 17:10 . 2010-08-20 15:21 866816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2011-04-22 19:20 . 2010-04-05 16:53 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-04-22 19:20 . 2010-04-05 16:08 317952 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2011-04-22 19:20 . 2010-10-12 16:16 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-04-22 19:20 . 2010-10-12 15:48 33280 ----a-w- c:\program files (x86)\Windows Mail\wabfind.dll
2011-04-22 19:20 . 2010-10-12 14:15 68096 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-04-22 19:20 . 2010-10-12 14:15 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-04-22 19:20 . 2010-10-12 13:52 66048 ----a-w- c:\program files (x86)\Windows Mail\wabmig.exe
2011-04-22 19:20 . 2010-10-12 13:52 515584 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2011-04-22 19:20 . 2010-06-17 17:55 16361984 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-04-22 19:19 . 2010-06-17 16:29 150528 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-04-22 19:19 . 2009-10-14 15:24 27136 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2011-04-22 19:15 . 2011-03-10 16:30 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-22 19:15 . 2011-03-10 16:30 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-04-22 19:15 . 2011-03-10 16:12 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-22 19:15 . 2011-03-10 16:12 1161728 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-22 19:15 . 2011-02-16 15:36 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-04-22 19:15 . 2011-02-16 15:29 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-04-22 19:15 . 2011-02-16 13:44 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-04-22 19:15 . 2011-02-16 13:24 292864 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-04-22 19:15 . 2010-06-16 15:52 96256 ----a-w- c:\windows\system32\fontsub.dll
2011-04-22 19:15 . 2010-06-16 15:12 72704 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-04-22 19:14 . 2009-04-02 12:37 604672 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2011-04-22 19:14 . 2009-04-02 12:39 818688 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-04-22 19:14 . 2009-04-23 12:42 636928 ----a-w- c:\windows\SysWow64\localspl.dll
2011-04-22 19:14 . 2009-04-23 13:17 791552 ----a-w- c:\windows\system32\localspl.dll
2011-04-22 19:14 . 2009-09-10 15:21 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-04-22 19:14 . 2009-09-10 15:21 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2011-04-22 19:13 . 2009-09-10 15:48 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-04-22 19:13 . 2009-09-10 15:48 372736 ----a-w- c:\windows\system32\unregmp2.exe
2011-04-22 19:11 . 2011-02-18 13:50 135168 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-22 19:11 . 2011-02-18 13:50 273920 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-22 19:11 . 2011-02-18 13:50 105472 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-22 19:11 . 2011-02-18 13:50 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-22 19:11 . 2010-06-11 16:08 1875456 ----a-w- c:\windows\system32\msxml3.dll
2011-04-22 19:11 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\SysWow64\msxml3.dll
2011-04-22 19:10 . 2010-11-06 11:10 357376 ----a-w- c:\windows\SysWow64\taskschd.dll
2011-04-22 19:10 . 2010-11-06 04:35 499712 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-22 19:10 . 2010-11-06 04:35 655872 ----a-w- c:\windows\system32\taskschd.dll
2011-04-22 19:10 . 2010-11-06 04:35 410112 ----a-w- c:\windows\system32\taskcomp.dll
2011-04-22 19:10 . 2010-11-06 04:35 854528 ----a-w- c:\windows\system32\schedsvc.dll
2011-04-22 19:10 . 2010-11-05 00:53 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
2011-04-22 19:10 . 2010-11-04 21:16 267776 ----a-w- c:\windows\system32\taskeng.exe
2011-04-22 19:10 . 2010-11-06 11:10 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2011-04-22 18:44 . 2010-05-27 19:16 81920 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-04-22 18:44 . 2011-03-02 15:10 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-22 18:44 . 2009-05-04 10:38 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:06 . 2011-05-05 03:32 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06 . 2011-05-05 03:32 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06 . 2011-05-05 03:32 281600 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 14:56 . 2011-05-05 03:32 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-05-05 03:32 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-05-05 03:32 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-05-05 03:32 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-18 15:36 . 2011-02-18 15:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ICQ"="c:\progra~2\ICQ6.5\ICQ.exe" [2010-11-16 172856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-01 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 11:30 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-07 c:\windows\Tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-688148533-2580855891-255624100-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3c,57,2c,e7,50,2f,77,22,52,5a,30,75,fe,08,90,9d,49,25,fa,62,87,68,25,
72,21,32,b9,28,d5,b6,78,34,a4,f9,00,c3,b3,eb,2e,7b,2d,de,bd,3c,71,3b,75,00,\
"??"=hex:b4,7e,b4,c6,21,49,5a,fc,45,d2,23,b3,28,4d,83,60
.
[HKEY_USERS\S-1-5-21-688148533-2580855891-255624100-1000\Software\SecuROM\License information*]
"datasecu"=hex:49,69,8d,f0,c0,3b,36,cd,15,9a,7c,4f,39,6c,b8,54,64,c7,6c,ae,ca,
f6,d4,8e,03,7a,c2,72,c8,ee,9d,b9,e8,fb,c8,79,8f,b5,a2,eb,cb,b3,b9,da,77,32,\
"rkeysecu"=hex:f0,73,67,41,03,7c,c6,f7,aa,6e,7c,74,95,c9,56,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2011-05-07 03:34:13
ComboFix-quarantined-files.txt 2011-05-07 01:34
.
Vor Suchlauf: 20 Verzeichnis(se), 413.428.371.456 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 412.237.262.848 Bytes frei
.
- - End Of File - - A0311B380BFEBE76FCE833EF65872CB2
|
|
07.05.2011, 14:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Brauche dringend Hilfe tr/kazy.mekml.1 Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2011, 16:37
| #13 |
| | Brauche dringend Hilfe tr/kazy.mekml.1 hier der log .... stören sich die ganzen tools nicht auch untereinander? MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 64-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: System manufacturer System Product Name: P5Q-PRO Logical Drives Mask: 0x0000000d Kernel Drivers (total 136): 0x02060000 \SystemRoot\system32\ntoskrnl.exe 0x0201A000 \SystemRoot\system32\hal.dll 0x00602000 \SystemRoot\system32\kdcom.dll 0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00639000 \SystemRoot\system32\PSHED.dll 0x0064D000 \SystemRoot\system32\CLFS.SYS 0x006AA000 \SystemRoot\system32\CI.dll 0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008E9000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008F7000 \SystemRoot\system32\drivers\acpi.sys 0x0094D000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00956000 \SystemRoot\system32\drivers\msisadrv.sys 0x00960000 \SystemRoot\system32\drivers\pci.sys 0x00990000 \SystemRoot\System32\drivers\partmgr.sys 0x009A5000 \SystemRoot\system32\drivers\volmgr.sys 0x0075C000 \SystemRoot\System32\drivers\volmgrx.sys 0x009B9000 \SystemRoot\system32\drivers\pciide.sys 0x009C0000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys 0x009E3000 \SystemRoot\system32\drivers\atapi.sys 0x007C2000 \SystemRoot\system32\drivers\ataport.SYS 0x00A0E000 \SystemRoot\system32\drivers\fltmgr.sys 0x00A54000 \SystemRoot\system32\drivers\fileinfo.sys 0x00A68000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00C07000 \SystemRoot\system32\drivers\ndis.sys 0x00AEF000 \SystemRoot\system32\drivers\msrpc.sys 0x00B3F000 \SystemRoot\system32\drivers\NETIO.SYS 0x00E00000 \SystemRoot\System32\drivers\tcpip.sys 0x00F74000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01004000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01188000 \SystemRoot\system32\drivers\volsnap.sys 0x011CC000 \SystemRoot\System32\Drivers\spldr.sys 0x011D4000 \SystemRoot\System32\Drivers\mup.sys 0x00FA0000 \SystemRoot\System32\drivers\ecache.sys 0x011E6000 \SystemRoot\system32\drivers\disk.sys 0x00FCC000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x00DCA000 \SystemRoot\system32\drivers\crcdisk.sys 0x00DEE000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x00B97000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x00BA0000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x02409000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x02A74000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x02B53000 \SystemRoot\System32\drivers\watchdog.sys 0x02B62000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x02B75000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x02B81000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x02BC7000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x02BD8000 \SystemRoot\system32\DRIVERS\L1E60x64.sys 0x02BEB000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x00BB3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x00BC3000 \SystemRoot\system32\DRIVERS\fdc.sys 0x02400000 \SystemRoot\system32\DRIVERS\ASACPI.sys 0x00BD0000 \SystemRoot\system32\DRIVERS\serial.sys 0x00BED000 \SystemRoot\system32\DRIVERS\serenum.sys 0x007E6000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x00A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x02204000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x02220000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x0222D000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x02265000 \SystemRoot\system32\DRIVERS\storport.sys 0x022C2000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x022CF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x022F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x022FE000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0232F000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0233F000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x0235D000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x02375000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02387000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x02393000 \SystemRoot\system32\DRIVERS\swenum.sys 0x02395000 \SystemRoot\system32\DRIVERS\ks.sys 0x023C9000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x023D4000 \SystemRoot\system32\DRIVERS\umbus.sys 0x02E05000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x02E4C000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x02E57000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x02E6B000 \SystemRoot\system32\drivers\HdAudio.sys 0x02EB4000 \SystemRoot\system32\drivers\portcls.sys 0x02EEF000 \SystemRoot\system32\drivers\drmk.sys 0x02F12000 \SystemRoot\system32\drivers\ksthunk.sys 0x03E01000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x03F5A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x03F64000 \SystemRoot\System32\Drivers\Null.SYS 0x03F6D000 \SystemRoot\System32\drivers\vga.sys 0x03F7B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x03FA0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x03FA9000 \SystemRoot\system32\drivers\rdpencdd.sys 0x03FB2000 \SystemRoot\System32\Drivers\Msfs.SYS 0x03FBD000 \SystemRoot\System32\Drivers\Npfs.SYS 0x03FCE000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x03FD7000 \SystemRoot\system32\DRIVERS\tdx.sys 0x02F18000 \SystemRoot\system32\DRIVERS\smb.sys 0x02F33000 \SystemRoot\system32\drivers\afd.sys 0x02FA0000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04003000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04021000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04030000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x0404B000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04099000 \SystemRoot\system32\drivers\nsiproxy.sys 0x040A5000 \SystemRoot\System32\Drivers\dfsc.sys 0x040C2000 \SystemRoot\SysWow64\drivers\AsIO.sys 0x040C9000 \SystemRoot\System32\Drivers\crashdmp.sys 0x040D7000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x040E3000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x040EB000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x040F4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x04106000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x0410E000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04110000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x00060000 \SystemRoot\System32\win32k.sys 0x0411B000 \SystemRoot\System32\drivers\Dxapi.sys 0x04127000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00430000 \SystemRoot\System32\TSDDD.dll 0x00600000 \SystemRoot\System32\cdd.dll 0x0413A000 \SystemRoot\system32\drivers\luafv.sys 0x0415C000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x05601000 \SystemRoot\system32\drivers\spsys.sys 0x0569B000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x056AF000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x056C7000 \SystemRoot\system32\drivers\HTTP.sys 0x05766000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0578F000 \SystemRoot\system32\DRIVERS\bowser.sys 0x057AD000 \SystemRoot\System32\drivers\mpsdrv.sys 0x057C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x04173000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x041BC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x05C0A000 \SystemRoot\System32\DRIVERS\srv2.sys 0x05C3C000 \SystemRoot\System32\DRIVERS\srv.sys 0x05CD3000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x05CDE000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x05D2D000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x05D3A000 \SystemRoot\system32\drivers\peauth.sys 0x05DF0000 \SystemRoot\System32\Drivers\secdrv.SYS 0x057F0000 \SystemRoot\System32\drivers\tcpipreg.sys 0x041DB000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x772F0000 \Windows\System32\ntdll.dll Processes (total 61): 0 System Idle Process 4 System 416 C:\Windows\System32\smss.exe 548 csrss.exe 600 C:\Windows\System32\wininit.exe 620 csrss.exe 656 C:\Windows\System32\services.exe 668 C:\Windows\System32\lsass.exe 676 C:\Windows\System32\lsm.exe 716 C:\Windows\System32\winlogon.exe 868 C:\Windows\System32\svchost.exe 948 C:\Windows\System32\svchost.exe 988 C:\Windows\System32\svchost.exe 292 C:\Windows\System32\Ati2evxx.exe 312 C:\Windows\System32\svchost.exe 508 C:\Windows\System32\svchost.exe 528 C:\Windows\System32\svchost.exe 932 C:\Windows\System32\audiodg.exe 804 C:\Windows\System32\SLsvc.exe 1048 C:\Windows\System32\svchost.exe 1208 C:\Windows\System32\svchost.exe 1436 C:\Windows\System32\spoolsv.exe 1464 C:\Windows\System32\Ati2evxx.exe 1472 C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe 1496 C:\Windows\System32\svchost.exe 1884 C:\Windows\System32\taskeng.exe 1904 C:\Windows\System32\dwm.exe 1936 C:\Windows\explorer.exe 1980 C:\Windows\System32\taskeng.exe 1152 C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe 1488 C:\Windows\RAVCpl64.exe 1232 C:\Program Files\Windows Sidebar\sidebar.exe 2120 C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe 2156 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2184 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 2216 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 2232 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 2372 C:\Windows\SysWOW64\PnkBstrA.exe 2432 C:\Windows\SysWOW64\PnkBstrB.exe 2444 C:\Windows\System32\svchost.exe 2468 C:\Windows\System32\svchost.exe 2508 C:\Windows\System32\svchost.exe 2556 C:\Windows\System32\SearchIndexer.exe 2996 C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe 2060 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 504 C:\Program Files (x86)\iTunes\iTunesHelper.exe 1760 C:\Program Files\Windows Media Player\wmpnscfg.exe 1108 C:\Program Files\Windows Media Player\wmpnetwk.exe 3152 C:\Program Files\iPod\bin\iPodService.exe 3444 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3576 C:\Windows\System32\taskeng.exe 3896 C:\Windows\System32\SearchProtocolHost.exe 3952 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 3936 WmiPrvSE.exe 244 C:\Windows\servicing\TrustedInstaller.exe 1728 C:\Windows\System32\wuauclt.exe 3748 C:\Windows\System32\wbem\WMIADAP.exe 944 WmiPrvSE.exe 3844 C:\Users\Karl-Heinz\Desktop\MBRCheck.exe 3836 C:\Windows\SysWOW64\conime.exe 3336 C:\Windows\System32\SearchFilterHost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: MAXTORSTM3750330AS, Rev: MX15 Size Device Name MBR Status -------------------------------------------- 698 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
07.05.2011, 16:46
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Brauche dringend Hilfe tr/kazy.mekml.1 Wenn sich die Tools stören würden, hätte ich sie dir ja wohl kaum aufgegeben  Was ist mit GMER?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Brauche dringend Hilfe tr/kazy.mekml.1 |
| 64-bit, alternate, ander, angezeigt, avgntflt.sys, brauche, c:\windows\system32\rundll32.exe, call of duty, dauernd, desktop.ini, dringend, firefox, hallo zusammen, hoffe, hänge, hängen, install.exe, keine rückmeldung, league of legends, location, malewarebytes, microsoft office word, mittwoch, oldtimer, otl scan, plug-in, problem, programme, rückmeldung, saver, sched.exe, schicksal, searchplugins, shell32.dll, shortcut, sierra, skype.exe, start menu, syswow64, tr/kazy.mekml.1, troja, trojan.backdoor, trojan.fakeav, wichtige, zusammen |
Linear-Darstellung
