Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestellt (https://www.trojaner-board.de/89453-udp-network-attack-kis-datenbank-defekt-vista-startet-dhcp-client-sys-wiederhergestellt.html)

heumann 13.08.2010 16:48
udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestellt
 
Hallo liebe TB user und mods ect.

Ich versuch mich kurz zu fassen.: Ich schaute zu später stunde ein paar "feminiene Bilder im web an als plötzlich kis(cbe) anschlug wegen einem udp network angriff ...... alles war noch ok bis ich am nächsten tag den pc starten wollte wurde der dhcp-client nichtr mit gestartet wodurch (vista) die uhr oben rechts nicht mehr angezeigt wurde und die browser nicht mehr funktionierten... probiert probiert letztendlich beim 2ten versuch klappte die systemwiederherstellung und dann war aber kis die daten bak defekt und lies sich nicht updaten bzw reparieren.

Also neues kis11 gekauft und alles geht wieder aber ich habe trotzallem massive netzwerk und cpu verbräuche.

Ich habe alles aus dem TB tut befolgt und poste hier nun meine logs.

:Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4424

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

13.08.2010 16:57:50
mbam-log-2010-08-13 (16-57-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129062
Laufzeit: 5 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



und der andere:
RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by ******* at 2010-08-13 17:00:44
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 197 GB (41%) free of 477 GB
Total RAM: 3582 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:00:57, on 13.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\********\Downloads\++TB tut\RSIT.exe
C:\Program Files\trend micro\******.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.c*m/fwlink/?LinkId=*****
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.c***********************ream/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=*****
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=5****
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=5*****
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=6****
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MessengerPlusLive Germany TB Toolbar - {*********************** - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18***81C-E8A*-4*83-A596-FA5*8C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-402-4AF-8EC-516476863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE85869-2E5C-4ED4-87B-F1F7851A497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-4A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: ICQToolBar - {855F316-6D32-4FE6-8A56-BB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll
O3 - Toolbar: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Geräteerkennung) - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 10428 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{D2B5F805-A34C-4DB9-90CF-084D78278A84}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}]
Messenger Plus Live Germany Toolbar - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll [2010-04-15 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [2010-05-07 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
MessengerPlusLive Germany TB Toolbar - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [2010-08-05 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{542e4d79-1970-4e95-9862-fdb96f61b280} - Messenger Plus Live Germany Toolbar - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll [2010-04-15 2515552]
{76aeea42-e04a-4b62-83ab-df4b2be2541e} - MessengerPlusLive Germany TB Toolbar - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-02-25 37888]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-05-07 344736]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-12-12 1840424]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-06-04 1238352]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2010-07-25 1492944]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-08-09 133432]

C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2010-05-07 228024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-13 17:00:44 ----D---- C:\rsit
2010-08-13 17:00:44 ----D---- C:\Program Files\trend micro
2010-08-13 16:51:45 ----D---- C:\Users\********\AppData\Roaming\Malwarebytes
2010-08-13 16:51:19 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-13 16:51:18 ----D---- C:\ProgramData\Malwarebytes
2010-08-13 16:51:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-13 16:51:17 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-13 16:42:39 ----D---- C:\Program Files\CCleaner
2010-08-12 14:41:58 ----A---- C:\Windows\system32\iertutil.dll
2010-08-12 14:41:57 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 14:41:57 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\occache.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 14:41:56 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-12 14:41:56 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\iesetup.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\iernonce.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 14:41:56 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-12 14:41:55 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 14:41:54 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 14:41:49 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 14:41:43 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 14:41:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 14:41:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 14:41:31 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 14:41:28 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 14:41:28 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 14:41:27 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-09 11:07:50 ----A---- C:\Windows\system32\javaws.exe
2010-08-09 11:07:50 ----A---- C:\Windows\system32\javaw.exe
2010-08-09 11:07:50 ----A---- C:\Windows\system32\java.exe
2010-08-08 19:41:56 ----D---- C:\Users\*******\AppData\Roaming\mIRC
2010-08-08 19:41:56 ----D---- C:\Program Files\mIRC
2010-08-08 15:15:40 ----D---- C:\Program Files\Daedalic Entertainment
2010-08-05 22:10:20 ----D---- C:\Program Files\MessengerPlusLive_Germany_TB
2010-08-05 14:34:49 ----D---- C:\Program Files\Kaspersky Lab
2010-08-05 14:34:25 ----A---- C:\Windows\system32\drivers\klif.sys
2010-08-05 14:22:33 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2010-08-05 13:58:52 ----A---- C:\Windows\system32\shell32.dll
2010-08-01 13:56:41 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-08-01 13:56:41 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-08-01 13:56:40 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-08-01 13:56:40 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-08-01 13:56:40 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-08-01 13:56:40 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-08-01 13:56:40 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-08-01 13:56:40 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-08-01 13:56:39 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-08-01 13:56:39 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-08-01 13:56:39 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-08-01 13:56:39 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-08-01 13:56:39 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-08-01 13:56:38 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-08-01 13:56:38 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-08-01 13:56:38 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-08-01 13:56:38 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-08-01 13:56:38 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-08-01 13:56:37 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-08-01 13:56:35 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-08-01 13:56:32 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-08-01 13:56:32 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-08-01 13:56:31 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-08-01 13:56:31 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-08-01 13:56:31 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-08-01 13:56:31 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-08-01 13:56:30 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-08-01 13:51:11 ----D---- C:\Program Files\Paradox Interactive
2010-07-29 23:22:49 ----D---- C:\Windows\system32\Adobe
2010-07-29 19:57:45 ----D---- C:\ProgramData\Zylom
2010-07-25 17:41:01 ----D---- C:\ProgramData\TrueCrypt
2010-07-25 17:31:46 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2010-07-25 16:59:45 ----D---- C:\Users\******\AppData\Roaming\TrueCrypt
2010-07-25 16:54:20 ----A---- C:\Windows\system32\drivers\truecrypt.sys
2010-07-25 16:53:56 ----D---- C:\Program Files\TrueCrypt
2010-07-24 15:04:11 ----D---- C:\Program Files\DAMN NFO Viewer
2010-07-23 17:01:00 ----D---- C:\ProgramData\Kaspersky Lab
2010-07-21 17:53:11 ----A---- C:\Windows\system32\devil.dll
2010-07-21 17:53:11 ----A---- C:\Windows\system32\avisynth.dll
2010-07-21 17:53:04 ----A---- C:\Windows\system32\yv12vfw.dll
2010-07-21 17:53:04 ----A---- C:\Windows\system32\i420vfw.dll
2010-07-21 17:53:04 ----A---- C:\Windows\system32\AVSredirect.dll
2010-07-21 17:53:03 ----D---- C:\Program Files\AviSynth 2.5
2010-07-21 17:52:19 ----RSH---- C:\Windows\system32\nbDX.dll
2010-07-21 17:52:19 ----RSH---- C:\Windows\system32\msfDX.dll
2010-07-21 17:52:18 ----RSH---- C:\Windows\system32\flvDX.dll
2010-07-21 17:51:59 ----D---- C:\Program Files\eRightSoft
2010-07-21 11:24:02 ----D---- C:\Users\***AppData\Roaming\HU2011
2010-07-21 11:20:33 ----D---- C:\Program Files\Hunting Unlimited 2011
2010-07-14 20:09:13 ----D---- C:\Program Files\Ubisoft
2010-07-14 17:50:36 ----D---- C:\Program Files\vixy.net
2010-07-14 17:28:22 ----D---- C:\Users\****\AppData\Roaming\streamripper
2010-07-14 17:20:51 ----D---- C:\Program Files\Streamripper
2010-07-14 17:11:56 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-07-14 17:11:55 ----D---- C:\Users\*****\AppData\Roaming\Winamp
2010-07-14 17:11:55 ----D---- C:\Program Files\Winamp

======List of files/folders modified in the last 1 months======

2010-08-13 17:00:57 ----D---- C:\Windows\Prefetch
2010-08-13 17:00:49 ----D---- C:\Windows\Temp
2010-08-13 17:00:44 ----RD---- C:\Program Files
2010-08-13 17:00:08 ----D---- C:\Users\******\AppData\Roaming\Skype
2010-08-13 16:51:19 ----D---- C:\Windows\system32\drivers
2010-08-13 16:51:18 ----HD---- C:\ProgramData
2010-08-13 16:46:52 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-13 16:46:43 ----D---- C:\Windows\Minidump
2010-08-13 16:46:43 ----D---- C:\Windows\Debug
2010-08-13 16:46:43 ----D---- C:\Windows
2010-08-13 16:13:04 ----D---- C:\Windows\System32
2010-08-13 16:13:04 ----D---- C:\Windows\inf
2010-08-13 16:13:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-13 16:12:36 ----SHD---- C:\System Volume Information
2010-08-13 16:07:31 ----D---- C:\Users\******\AppData\Roaming\skypePM
2010-08-13 16:07:30 ----D---- C:\Users\*******\AppData\Roaming\ICQ
2010-08-13 16:07:09 ----D---- C:\Program Files\Steam
2010-08-12 17:12:46 ----D---- C:\Windows\Microsoft.NET
2010-08-12 17:12:25 ----RSD---- C:\Windows\assembly
2010-08-12 17:10:28 ----D---- C:\Windows\winsxs
2010-08-12 17:00:47 ----D---- C:\Program Files\ICQ7.1
2010-08-12 16:56:36 ----D---- C:\Windows\system32\migration
2010-08-12 16:56:36 ----D---- C:\Program Files\Movie Maker
2010-08-12 16:56:36 ----D---- C:\Program Files\Internet Explorer
2010-08-12 14:47:23 ----D---- C:\Windows\system32\catroot
2010-08-12 14:47:18 ----D---- C:\Program Files\Windows Mail
2010-08-12 14:41:14 ----D---- C:\Windows\system32\catroot2
2010-08-11 14:36:16 ----D---- C:\ProgramData\PopCap Games
2010-08-11 14:36:16 ----D---- C:\Program Files\PopCap Games
2010-08-11 14:29:35 ----D---- C:\Program Files\JDownloader
2010-08-09 11:08:34 ----SHD---- C:\Windows\Installer
2010-08-09 11:07:47 ----D---- C:\Program Files\Java
2010-08-07 09:16:42 ----D---- C:\Users\******\AppData\Roaming\Adobe
2010-08-05 22:09:52 ----D---- C:\Program Files\Messenger Plus! Live
2010-08-05 13:44:56 ----D---- C:\Windows\system32\Msdtc
2010-08-05 13:44:50 ----D---- C:\Windows\system32\wbem
2010-08-05 11:24:06 ----D---- C:\Windows\system32\config
2010-08-05 11:23:59 ----D---- C:\Windows\Tasks
2010-08-05 11:23:59 ----D---- C:\Windows\system32\Tasks
2010-08-05 11:23:59 ----D---- C:\Windows\system32\spool
2010-08-05 11:23:58 ----D---- C:\Windows\registration
2010-08-03 20:09:32 ----A---- C:\Windows\system32\mrt.exe
2010-08-03 16:57:00 ----D---- C:\Windows\SoftwareDistribution
2010-08-01 15:54:57 ----A---- C:\Windows\NeroDigital.ini
2010-08-01 14:39:13 ----SD---- C:\Users\*******\AppData\Roaming\Microsoft
2010-07-30 09:36:48 ----SD---- C:\Windows\Downloaded Program Files
2010-07-29 21:21:00 ----SD---- C:\ProgramData\Microsoft
2010-07-29 12:40:19 ----D---- C:\Program Files\Windows Live Safety Center
2010-07-21 17:53:02 ----RSD---- C:\Windows\Fonts
2010-07-21 11:20:32 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-17 05:00:04 ----A---- C:\Windows\system32\deployJava1.dll
2010-07-14 17:11:56 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2010-05-07 132184]
R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-07-25 230736]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-08-05 475224]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2010-05-07 132184]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-06-26 15600]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-05-07 344736]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-05-26 603904]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-05-26 362240]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
--- --- ---


Ich hoffe alles richtig gemacht zu haben und stehe gern bereit eventuelle fragen zu beantworten

Ich bendanke mich auch jetzt schon mal bei allen die die logs "durchforsten"

Mfg euer heumann :party:

cosinus 13.08.2010 18:13
Zitat:
an als plötzlich kis(cbe) anschlug wegen einem udp network angriff ......
Mehr wurde nicht gemeldet? "UDP-Angriff" allein ist sinnfrei. Poste bitte die genaue Meldung falls sie das nicht war.
Im übrigen sind auch Personal-Firewalls bzw. SecuritySuites sinnfrei bis kontraproduktiv. Lies einfach mal hier, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de
NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de
microsoft.public.de.security.heimanwender FAQ

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen... :rolleyes:

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?

heumann 13.08.2010 18:44
Zitat:
Zitat von cosinus (Beitrag 554577)
Mehr wurde nicht gemeldet? "UDP-Angriff" allein ist sinnfrei. Poste bitte die genaue Meldung falls sie das nicht war.
Im übrigen sind auch Personal-Firewalls bzw. SecuritySuites sinnfrei bis kontraproduktiv.
Doch ich such gerade den screenshot denn ich habe doch das Kaspersky Internet Security deintallieren müssen wegen dem Fehler
Zitat:
Zitat von cosinus (Beitrag 554577)
Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen... :rolleyes:
Ohje ich vesteh nur bahnhof, personal heisst?? Meinst du damit das ich mehrere Fw´s habe?

Zitat:
Zitat von cosinus (Beitrag 554577)
Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
Sonst bin ich auch recht sicher unterwegs doch an dem abende waren die hormonellen triebe wohl so stark das die vorsicht in den hintergrund verdrängt wurde :heulen: wie du in den logs bestimmt gesehen hast habe ich kein(kaum) mist auf meinem sys.

Also ich hab das screen anscheinend durch die systemwiederherstellung verloren.

EDIT: hier das vista problem bericht dingens:
Zitat:
Beschreibung
Der Dienst "DHCP-Client" hat beim Start nicht reagiert.

Problemsignatur
Problemereignisame: ServiceHang
Dienstname: Dhcp
Abbildname: dhcpcsvc.dll
Abbildversion: 6.0.6002.18005
Diensttyp: 20
Starttyp: 2
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1031

Weitere Informationen über das Problem
Bucket-ID: 554392629
Und noch der vista fehler bericht bezüglich der netzwerk sache
Zitat:
Problemsignatur
Problemereignisame: NetworkDiagnosticsFrameworkV2
Vendor: Microsoft
OwnerHC: DhcpModule
OwnerHCVersion: 1.0
SessionStatus: 1
HRESULT: 8007042E
Repair: {40DC318E-D597-4bf5-81D3-A8610F7FFE9F}
RootCauseHC: DhcpModule
RootCauseHCVersion: 1.0
RootCause: {25A5522A-B2CA-4aa5-9ED8-9EDF4749371B}
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1031

Weitere Informationen über das Problem
Bucket-ID: 119477783

cosinus 13.08.2010 18:54
Zitat:
Doch ich such gerade den screenshot denn ich habe doch das Kaspersky Internet Security deintallieren müssen wegen dem Fehler
:D

Zitat:
Ohje ich vesteh nur bahnhof, personal heisst?? Meinst du damit das ich mehrere Fw´s habe?
Personal-Firewall bedeutet, dass ein Stück Software, ein Paketfilter, auf Deinem Rechner installiert ist und je nach eingestelltem Regelwerk bestimmte Pakete ablehnt (reject), kommtarlos verwirft (drop) oder akzeptiert (accept). Eben sowas ist in jeder SecuritySuite enthalten. Einzelne PersonalFirewalls sind zB sowas wie ZoneAlarm, Sygate PFW oder Outpost. Empfehlenswert ist keine, lies dazu Du verlinkten Artikel.


Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

heumann 13.08.2010 19:04
Zitat:
Zitat von cosinus (Beitrag 554607)
Personal-Firewall bedeutet, dass ein Stück Software, ein Paketfilter, auf Deinem Rechner installiert ist und je nach eingestelltem Regelwerk bestimmte Pakete ablehnt (reject), kommtarlos verwirft (drop) oder akzeptiert (accept). Eben sowas ist in jeder SecuritySuite enthalten. Einzelne PersonalFirewalls sind zB sowas wie ZoneAlarm, Sygate PFW oder Outpost. Empfehlenswert ist keine, lies dazu Du verlinkten Artikel.
Ok danke ich werd mich mal durchlesen.



Zitat:
Zitat von cosinus (Beitrag 554607)
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
Das log hab ich schon im ersten post gepostet.

Zitat:
Zitat von cosinus (Beitrag 554607)
Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Ok das werde ich als nächstes machen

cosinus 13.08.2010 19:07
Zitat:
Das log hab ich schon im ersten post gepostet.
Ja, das ist mir nicht entgangen, es war aber nur ein Quickscan ;)
Bevor Du einen Vollscan startest, bitte Malwarebytes aktualisieren, die bringen tw. mehrmals am Tag Updates raus!

heumann 13.08.2010 19:27
Zitat:
Zitat von cosinus (Beitrag 554616)
Ja, das ist mir nicht entgangen, es war aber nur ein Quickscan ;)
Bevor Du einen Vollscan startest, bitte Malwarebytes aktualisieren, die bringen tw. mehrmals am Tag Updates raus!
Ok mach ich gleich noch doch hier erstmal die 2 logs aus OTL:

1. OTL Logfile:
Code:
OTL Extras logfile created on: 13.08.2010 20:06:35 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\******\Downloads\++TB tut
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 190,96 Gb Free Space | 41,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931,28 Gb Total Space | 508,35 Gb Free Space | 54,59% Space Free | Partition Type: FAT32
Drive G: | 495,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 489,25 Mb Total Space | 343,39 Mb Free Space | 70,19% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
 
Computer Name: ******
Current User Name: ******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1453348168-676586631-1407122209-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008AE73F-28DA-4024-960A-481C24B82D97}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C97598F-3FC8-4593-B250-8608625BF24A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F3D8228-AC55-4439-B13F-AD26C6BBB932}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40C6D731-1254-449B-977C-AE8635267176}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88BECE22-8119-4E6F-8F85-204DF6897EC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FA6D7BD-44C3-45BD-9540-44FA3C8A02AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B09084AF-48E3-4949-9007-7F1D06CDB127}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1B3FA22-C3C7-4451-940B-247230E55999}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B8F50036-EB80-4A2F-9850-4E5086F4DA24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C398FA1A-BF8B-414F-B751-D7D99E8995FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBF09A5F-5AA3-4921-A7BE-6FBBA318B64B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D94AD8-51EE-4431-B2A6-CEBB82181603}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05B1DE72-2DEB-4FC3-876C-8CC516658AF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07CA229F-D1BC-463B-800A-E01E0FF856BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B556006-E40C-4BB1-B6A8-D0780AADC633}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B856A42-8C4C-4B9C-8268-539D8F69EC7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CFFCD86-63A2-41E3-AB9B-8424CA070F78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13421BB2-86B3-462D-AF51-3BAAEF523505}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14E3CD12-B3E2-4A80-BB50-60E74C6C4947}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20444B07-77A0-4CBA-813B-E2E2388E17AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{212F7EC4-EE0A-4E37-9122-E7E07FAB9F6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{215905D1-D4D9-495F-9A47-C29B68FD05F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25151CE2-69CF-40AC-9040-E771C2C1958B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2522BC4F-229B-4617-ADD3-997E074161F3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{2601297A-8FE7-4E81-AA9A-5893147B00DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27606E9F-AD62-4472-B7E6-389BC1EC03DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B7FBF17-60EC-4A7D-A858-2BB6EA05A5F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D99F34E-A1AE-4C00-BC8F-B85E3844A805}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32EBAD43-2497-4C92-AFC0-9EBC2C6E7BC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{363C2D13-EA76-4043-A24C-DA762D29EE13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38D5FFB3-0A2A-47B3-830F-7E8659E5D63C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{394A679C-35B9-4A20-8D32-1EFF7357C913}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39BEA247-23EE-44D8-8BEE-3638022D47CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A7C4533-8096-4864-9D3A-E6465AF950F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{402007E9-B344-4D2E-AFED-73DBC28A97B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{402E96F7-4F80-4706-ABB2-813D3C7FED4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42E880FD-ACC2-4F02-A7FA-950AE8314277}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E0ECBAC-3133-4735-9ECF-9DD4945EF4CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E1117ED-6722-46E3-9A72-7BCAEC55954C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FCC05A1-8F50-449A-8216-78DC10C4C4D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51477613-BC84-48BA-97FD-7732A68C9FA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51866763-DAC0-41F6-B5CC-F49809844725}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{53FFEA1D-6A42-4B86-A11E-2BF0E3366E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{550DF1B1-4AE2-413B-99F7-7201A81E9EFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A99CB4A-9421-4193-8C88-C87800315AC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B4C3231-DB17-44FB-B032-6E6299D5C83D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C33DE54-BCF6-4E8B-A2F0-3A0CF3B70CBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D5F9B69-2D73-42AB-A7A6-806AD15156C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F54DA4C-C8EA-4508-AA1D-6FD552977A8B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{6154CD38-CB58-4C13-ABEC-F9766608D713}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AD28B4E-3DF9-43D4-868A-85D41438EAFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C9EDD37-69C0-41E4-97B0-E01504F55846}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D652298-9084-42FC-ADB5-F0F194CA45B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73CE17A3-14B3-4DF4-BA39-EC3327A97FE9}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{77200405-920F-4FA4-98AF-DFCFCEAFC6AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{783DA7DD-2921-4755-8F04-C4A75196206E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78431DD4-4E29-4BEF-B85C-3E4731C98516}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{796D6838-04D2-4353-9791-CB67FCE1581B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E0215AD-9935-4F46-BC21-2AD90057599A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{80A78852-00A0-41B6-AB13-2DC3CB0D67AA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe |
"{8DA36623-07A6-4C89-8A80-27B25C834C2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FC87FD9-C824-4AAE-B76D-F1A29B6EF18B}" = protocol=6 | dir=out | app=system |
"{8FF5C61F-0F4A-4917-8E4C-E35941FCBA42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{949C80A1-3544-4A4E-8DE6-82D13D0276EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{956FDE1B-AB4D-4EE7-BF6E-28E9EE70A057}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{96DA1DED-9430-434A-A528-3E8B992AE4A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A58C291-5B0C-493E-BC89-0FDBB5BD0BDB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{9B8FEA66-B467-47A8-B7F4-D290ACC6AC5F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9BD05731-3DCB-41AC-991D-A05FE2B12FD4}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{9BD7CD8D-90B9-49F9-8869-94B1B5D54359}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C6D6BFD-8894-4EEA-9F44-DF2122B98AA6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3ACD2F6-3C9F-4E4A-A332-15106D000D99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5B43722-33B0-4B24-B369-0E5A1F38F54F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{A6422D40-95DA-47BF-BDDC-044E633CE558}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AA478EC2-7837-473A-B200-2DAEFAAD9017}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AC0D81BF-28BF-44BB-B0BD-FF4046E2B652}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE146071-053E-4122-BF51-15BE6277499A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B088B86F-AD2B-47C8-95BC-A323B2665B27}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{B3E64D38-F775-4438-8F61-28D88A7FF887}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B673C8BD-87A7-44A5-B4D7-D8FEE0F1693E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{B8476C78-2042-426A-81E1-945A74D3EC26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B95620A4-B8C5-4EFE-913E-3D99FE654861}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BED0F8D1-9EA1-4EDE-9DFF-E127F3F69019}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFFE8133-12C8-4488-BBE1-92A59C485AC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C25B40BA-D77C-4503-8D1E-1EFAD2975809}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{CA95AFE0-EDD5-4BD9-8734-F2D93128C942}" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe |
"{CAE59183-9D80-4AF0-B463-D648F3DAB4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAE984A6-F1DE-4DF9-9426-FB9EF6239CE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCD0A0C4-A97E-4294-9FB5-EA87B47F8951}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF0F2E7F-2A45-41AE-8887-B0C9A2213C53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1B39FC2-EE2A-4760-9487-612F80EC54F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7CD7E52-6B6E-4E2D-ABBD-448F95C0B550}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1970D04-A62A-49A1-BD22-7D281FE5BC0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E53B4150-AB82-4ED6-883A-AE09DE47A4B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9BDCF32-687E-4A66-BEB5-ACE72F76CCFC}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{F2A8131E-95B8-49BC-86C0-BFCA4DE5542E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6E47D11-8C62-4B95-9977-6F61444993FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB8E04C9-C652-4C44-A6D4-81CC79A075E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC71D702-D8B7-45C0-9F8E-753863C0361D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC77F9EB-5046-4902-BDDC-4A791E3F54C8}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{FD373E3E-8BF8-4C4E-9E51-21B4EDC21695}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{125BCD79-0FC8-4BBA-9B8C-11D87C4327D3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{30A334FC-B458-4E22-A2B4-C45DD4F2DD23}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{458BB575-8C8D-4EAD-9C86-2D146F69097A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B067D6EE-F43F-4FA9-96B1-320E8ADD9143}C:\program files\steam\steamapps\hazzem_bmc\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\hazzem_bmc\counter-strike source\hl2.exe |
"TCP Query User{C1951A4F-CD5E-4CE8-9BE0-F95C099686DF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CE5E5BE2-BC4B-4AFF-AAB3-845CE0A59AB3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1C22B245-3BFC-4200-B309-745F7FE7C6AB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{37AFDCBF-837F-45C6-974F-8AD152F108D0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4533FDD5-7DA9-4772-B95B-A24FE1E18C51}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{4B53ACA7-FED4-4194-BF39-9EB5664F44FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{928EC6AC-466D-47CB-A3B4-088526177EF6}C:\program files\steam\steamapps\hazzem_bmc\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hazzem_bmc\counter-strike source\hl2.exe |
"UDP Query User{A8240AA7-176A-4868-BB34-9F5D22839A43}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR(tm): DAS SPIEL (Demo)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 21
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D96D2F0-8FB4-45C2-9B80-2DCB88016316}_is1" = Machinarium
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A67B6-2581-4434-AE64-9A34CCF943D1}" = 3-D HUNTING 2010: Hunt Rare and Wild Animals
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E666E822-53A9-460B-BA99-35184AA80965}" = Hunting Unlimited 2011
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CommanderCotaDemo_is1" = Commander: Conquest of the Americas [DEMO]
"DFX for Windows Media Player" = DFX for Windows Media Player
"EA Download Manager" = EA Download Manager
"Google Chrome" = Google Chrome
"Hunting Unlimited 2011_is1" = Hunting Unlimited 2011
"ICQToolbar" = ICQ Toolbar
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"JDownloader" = JDownloader
"KAMERA v1.1" = KAMERA v1.1
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"SereneScreen Marine Aquarium Crystal_is1" = SereneScreen Marine Aquarium Crystal
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"Sportfischen Professional" = Sportfischen Professional (Nur Entfernen)
"Steam App 240" = Counter-Strike: Source
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TrueCrypt" = TrueCrypt
"vixy converter BETA_is1" = vixy converter uninstall
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2010 09:40:47 | Computer Name = ****** | Source = ESENT | ID = 484
Description = wlcomm (2832) C:\Users\******\AppData\Local\Microsoft\Windows Live
 Contacts\{d93d17eb-0d1a-4a23-9e84-0eff51cbc5dd}\: Versuch, Ordner "C:\Users\******\AppData\Local\Microsoft\Windows
 Live Contacts\{d93d17eb-0d1a-4a23-9e84-0eff51cbc5dd}\DBStore\Backup\old" zu entfernen,
 ist mit Systemfehler 145 (0x00000091): "Das Verzeichnis ist nicht leer. " fehlgeschlagen.
 Fehler -1022 (0xfffffc02) beim Entfernen von Ordnern.
 
Error - 08.08.2010 09:40:47 | Computer Name = ****** | Source = ESENT | ID = 215
Description = wlcomm (2832) C:\Users\******\AppData\Local\Microsoft\Windows Live
 Contacts\{d93d17eb-0d1a-4a23-9e84-0eff51cbc5dd}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 09.08.2010 04:13:41 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 09.08.2010 05:52:53 | Computer Name = ****** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18928 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 368  Anfangszeit: 01cb37a26986954d  Zeitpunkt
 der Beendigung: 0
 
Error - 09.08.2010 10:04:47 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 10.08.2010 03:37:47 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 11.08.2010 06:29:45 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 12.08.2010 06:59:15 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 12.08.2010 10:59:17 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
Error - 13.08.2010 10:07:14 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 26.06.2010 07:11:23 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
 
Error - 26.06.2010 07:34:54 | Computer Name = ****** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.******.2 für die Netzwerkkarte mit der Netzwerkadresse
 001D7DC7CB0B wurde durch den DHCP-Server 192.168.******.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 26.06.2010 10:12:03 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
 
Error - 26.06.2010 10:23:11 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.06.2010 04:43:43 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
 
Error - 28.06.2010 08:19:45 | Computer Name = ****** | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001D7DC7CB0B zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 30.06.2010 04:49:51 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.06.2010 04:51:38 | Computer Name = ****** | Source = DCOM | ID = 10005
Description =
 
Error - 30.06.2010 04:51:39 | Computer Name = ****** | Source = Service Control Manager | ID = 7009
Description =
 
Error - 30.06.2010 04:51:39 | Computer Name = ****** | Source = Service Control Manager | ID = 7000
Description =
 
[ TuneUp Events ]
Error - 14.07.2010 14:12:38 | Computer Name = ****** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-14 20:12:37', '\device\harddiskvolume1\program
 files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe','1024',0)
 
Error - 14.07.2010 14:15:43 | Computer Name = ****** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-14 20:15:43', '\device\harddiskvolume1\program
 files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe','180',0)
 
Error - 13.08.2010 10:51:46 | Computer Name = ****** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-13 16:51:46', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5296',0)
 
 
< End of report >
--- --- ---


und der 2te.
OTL Logfile:
Code:
OTL logfile created on: 13.08.2010 20:06:35 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\******\Downloads\++TB tut
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 190,96 Gb Free Space | 41,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931,28 Gb Total Space | 508,35 Gb Free Space | 54,59% Space Free | Partition Type: FAT32
Drive G: | 495,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 489,25 Mb Total Space | 343,39 Mb Free Space | 70,19% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
 
Computer Name: *******
Current User Name: ******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Downloads\++TB tut\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Downloads\++TB tut\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.clipfish.de/special/bigbrother/livestream/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 9A A0 C9 B5 F5 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.05 14:35:18 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010.05.12 17:20:48 | 000,395,221 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 13649 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\******\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.02.25 20:27:12 | 000,000,016 | R--- | M] () - G:\AUTOPLAY.BAT -- [ CDFS ]
O32 - AutoRun File - [2008.02.25 20:27:28 | 000,000,055 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7d4855e1-61dc-11df-a1c4-001d7dc7cb0b}\Shell - "" = AutoRun
O33 - MountPoints2\{7d4855e1-61dc-11df-a1c4-001d7dc7cb0b}\Shell\AutoRun\command - "" = G:\PopCDRun.exe -- [2008.02.25 20:27:46 | 000,300,304 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.13 17:00:44 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.08.13 17:00:44 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.13 16:51:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2010.08.13 16:51:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 16:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.13 16:51:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 16:51:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.13 16:42:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.12 14:41:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 14:41:56 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 14:41:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 14:41:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 14:41:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 14:41:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 14:41:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 14:41:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 14:41:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 14:41:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 14:41:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 14:41:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 14:41:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 14:41:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 14:41:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 14:41:55 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 14:41:49 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 14:41:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 14:41:34 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 14:41:34 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.09 11:07:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.09 11:07:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.09 11:07:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.08 19:41:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\mIRC
[2010.08.08 19:41:56 | 000,000,000 | ---D | C] -- C:\Programme\mIRC
[2010.08.08 15:15:40 | 000,000,000 | ---D | C] -- C:\Programme\Daedalic Entertainment
[2010.08.05 22:10:20 | 000,000,000 | ---D | C] -- C:\Programme\MessengerPlusLive_Germany_TB
[2010.08.05 14:34:49 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.08.05 14:34:25 | 000,475,224 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.05 14:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.08.01 14:36:53 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\Commander Demo
[2010.08.01 13:56:41 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.08.01 13:56:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.08.01 13:56:40 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.08.01 13:56:40 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.08.01 13:56:40 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.08.01 13:56:40 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.08.01 13:56:40 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010.08.01 13:56:40 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.08.01 13:56:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.08.01 13:56:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.08.01 13:56:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.08.01 13:56:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.08.01 13:56:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.08.01 13:56:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.08.01 13:56:38 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.08.01 13:56:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.08.01 13:56:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.08.01 13:56:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.08.01 13:56:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.08.01 13:56:35 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.08.01 13:56:32 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.08.01 13:56:32 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.08.01 13:56:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.08.01 13:56:31 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.08.01 13:56:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.08.01 13:56:31 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.08.01 13:56:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.08.01 13:51:11 | 000,000,000 | ---D | C] -- C:\Programme\Paradox Interactive
[2010.07.29 23:22:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.07.29 21:14:16 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2010.07.29 19:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2010.07.25 17:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010.07.25 17:31:46 | 000,000,000 | ---D | C] -- C:\Programme\Debugging Tools for Windows (x86)
[2010.07.25 17:16:44 | 000,000,000 | ---D | C] -- C:\Users\*****\test
[2010.07.25 16:59:45 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\TrueCrypt
[2010.07.25 16:54:20 | 000,230,736 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010.07.25 16:53:56 | 000,000,000 | ---D | C] -- C:\Programme\TrueCrypt
[2010.07.24 15:04:11 | 000,000,000 | ---D | C] -- C:\Programme\DAMN NFO Viewer
[2010.07.23 17:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.07.21 17:53:11 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010.07.21 17:53:11 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010.07.21 17:53:04 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010.07.21 17:53:04 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2010.07.21 17:53:03 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2010.07.21 17:52:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2010.07.21 17:52:19 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2010.07.21 17:52:19 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2010.07.21 17:52:19 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2010.07.21 17:52:19 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2010.07.21 17:52:19 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2010.07.21 17:52:19 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2010.07.21 17:52:19 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2010.07.21 17:52:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2010.07.21 17:52:18 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2010.07.21 17:52:18 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2010.07.21 17:52:18 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2010.07.21 17:51:59 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft
[2010.07.21 11:24:02 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\HU2011
[2010.07.21 11:20:33 | 000,000,000 | ---D | C] -- C:\Programme\Hunting Unlimited 2011
[2010.07.17 16:04:39 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\Ps3 acc daten
[2010.07.17 15:30:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Microsoft Games
[2010.07.14 20:12:37 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\My Games
[2010.07.14 20:09:13 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.13 20:08:15 | 006,553,600 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT
[2010.08.13 20:06:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 20:06:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 20:00:00 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.13 19:43:40 | 000,048,640 | ---- | M] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 19:36:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.13 18:28:52 | 000,101,949 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.13 18:28:52 | 000,101,949 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.13 16:51:22 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 16:48:37 | 000,001,862 | ---- | M] () -- C:\Users\******\Documents\cc_20100813_164830.reg
[2010.08.13 16:42:41 | 000,000,804 | ---- | M] () -- C:\Users\******\Desktop\CCleaner.lnk
[2010.08.13 16:13:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.13 16:13:04 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.13 16:13:04 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.13 16:13:04 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.13 16:13:04 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.13 16:09:46 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D2B5F805-A34C-4DB9-90CF-084D78278A84}.job
[2010.08.13 16:06:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.13 16:06:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.13 16:06:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.13 16:06:28 | 3754,426,368 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.12 20:25:50 | 000,524,288 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.12 20:25:50 | 000,065,536 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.12 20:25:38 | 002,582,636 | -H-- | M] () -- C:\Users\******\AppData\Local\IconCache.db
[2010.08.12 17:01:57 | 003,584,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 13:36:48 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.08.11 14:36:17 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
[2010.08.11 14:36:17 | 000,000,196 | ---- | M] () -- C:\Users\Public\Desktop\Weitere tolle Spiele!.url
[2010.08.05 14:51:38 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.05 14:51:38 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.05 14:34:25 | 000,475,224 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.05 11:24:09 | 006,553,600 | -HS- | M] () -- C:\Users\******\ntuser.dat_previous
[2010.08.04 16:56:15 | 000,000,104 | ---- | M] () -- C:\Users\******\AppData\Roaming\default.pls
[2010.08.01 15:54:57 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.01 13:54:59 | 000,001,975 | ---- | M] () -- C:\Users\******\Desktop\Commander demo spielen.lnk
[2010.07.25 17:42:30 | 001,835,008 | ---- | M] () -- C:\Users\******\Documents\TrueCrypt Rescue Disk.iso
[2010.07.25 16:54:28 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.07.25 16:54:20 | 000,230,736 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010.07.24 15:12:46 | 000,000,888 | ---- | M] () -- C:\Users\******\Desktop\DAMN NFO Viewer - Verknüpfung.lnk
[2010.07.23 20:42:28 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.07.22 19:59:21 | 000,000,890 | ---- | M] () -- C:\Users\******\Desktop\Hunting Unlimited 2011.lnk
[2010.07.22 19:56:56 | 000,001,336 | ---- | M] () -- C:\Users\******\Documents\unpack.bat.lnk
[2010.07.21 18:05:27 | 747,253,910 | ---- | M] () -- C:\Users\******\Documents\test.nrg
[2010.07.21 17:56:00 | 008,131,739 | ---- | M] () -- C:\Users\******\Documents\100_0432.MOV.WMV
[2010.07.21 17:52:19 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.07.21 17:52:19 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.07.21 17:44:18 | 023,914,177 | ---- | M] () -- C:\Users\******\Documents\100_0432.MOV
[2010.07.21 11:22:12 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Hunting Unlimited 2011.lnk
[2010.07.20 18:59:04 | 000,002,540 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.07.20 18:59:04 | 000,002,420 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010.07.20 08:32:42 | 000,000,282 | ---- | M] () -- C:\Users\******\Documents\file_id.diz
[2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2010.08.13 16:51:22 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 16:48:34 | 000,001,862 | ---- | C] () -- C:\Users\******\Documents\cc_20100813_164830.reg
[2010.08.13 16:42:41 | 000,000,804 | ---- | C] () -- C:\Users\******\Desktop\CCleaner.lnk
[2010.08.11 14:36:17 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
[2010.08.11 14:36:17 | 000,000,196 | ---- | C] () -- C:\Users\Public\Desktop\Weitere tolle Spiele!.url
[2010.08.05 14:36:20 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.05 14:36:20 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.01 13:54:59 | 000,001,975 | ---- | C] () -- C:\Users\******\Desktop\Commander demo spielen.lnk
[2010.07.25 17:42:30 | 001,835,008 | ---- | C] () -- C:\Users\******\Documents\TrueCrypt Rescue Disk.iso
[2010.07.25 16:54:28 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.07.24 15:12:46 | 000,000,888 | ---- | C] () -- C:\Users\******\Desktop\DAMN NFO Viewer - Verknüpfung.lnk
[2010.07.22 19:59:21 | 000,000,890 | ---- | C] () -- C:\Users\******\Desktop\Hunting Unlimited 2011.lnk
[2010.07.22 19:57:15 | 000,001,336 | ---- | C] () -- C:\Users\******\Documents\unpack.bat.lnk
[2010.07.21 18:05:22 | 747,253,910 | ---- | C] () -- C:\Users\******\Documents\test.nrg
[2010.07.21 17:57:55 | 008,131,739 | ---- | C] () -- C:\Users\******\Documents\100_0432.MOV.WMV
[2010.07.21 17:53:04 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.07.21 17:52:19 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2010.07.21 17:52:19 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2010.07.21 17:52:19 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2010.07.21 17:52:19 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2010.07.21 17:52:19 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.07.21 17:52:19 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.07.21 17:52:18 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2010.07.21 17:52:18 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2010.07.21 17:52:18 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2010.07.21 17:52:18 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2010.07.21 17:49:54 | 023,914,177 | ---- | C] () -- C:\Users\******\Documents\100_0432.MOV
[2010.07.21 11:22:12 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Hunting Unlimited 2011.lnk
[2010.07.20 08:32:42 | 000,000,282 | ---- | C] () -- C:\Users\******\Documents\file_id.diz
[2010.05.27 12:58:17 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.05.27 12:51:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.05.26 21:44:14 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2010.05.21 16:20:55 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.05.17 12:09:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.02.23 04:21:32 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.01.10 20:16:20 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.01.10 20:15:30 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
--- --- ---


Mfg Heumann

ps. ich starte jetzt mal nen full-scan


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131