Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Iexplore.exe Virus AD von IE (https://www.trojaner-board.de/95387-iexplore-exe-virus-ad-ie.html)

Sang 04.02.2011 15:37
Iexplore.exe Virus AD von IE
 
Huhu hab seit einigen Tagen probleme mit iexplore.exe Virus.Jedenfalls ist er nicht löschbar bzw ich weiß nicht Wo er ist.Meinchmal spamt er ganze zeit mir mein Desktop zu mit Werbung.Ich flieg immer zum Desktop.
Logfile:

Code:
C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\Downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PCTools FGuard] C:\Programme\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programme\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CE8SIIFGSU] C:\DOKUME~1\Sanguel\LOKALE~1\Temp\Qj1.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\PC Tools Security\pctsSvc.exe

--
End of file - 6616 bytes
das ist das erste mal das ich son Log oder so reinstelle wenn was Falsch war sagts mir(im sinne vom Thread erstellen) ;P.Danke schonmal für eure Hilfe!PS : Ich hoffe dieser Log über Hjiackthis ist das einzigste ( habe es in gesichtertem Modus gemacht)was ich brauch.
Spybot Search & Destroy und Antivir zeigen nix an.

markusg 04.02.2011 15:41
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

Sang 04.02.2011 17:18
Danke erstmal für die schnelle Hilfe und hier das Geforderte:
Code:
OTL Extras logfile created on: 04.02.2011 16:58:32 - Run 1
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 20,59 Gb Free Space | 42,16% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 16,99 Gb Free Space | 5,80% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 11,53 Gb Free Space | 19,67% Space Free | Partition Type: NTFS
Drive F: | 65,36 Gb Total Space | 26,77 Gb Free Space | 40,96% Space Free | Partition Type: NTFS
 
Computer Name: VOLKAN | User Name: Sanguel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1085031214-854245398-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57283:TCP" = 57283:TCP:*:Enabled:Pando Media Booster
"57283:UDP" = 57283:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57283:TCP" = 57283:TCP:*:Enabled:Pando Media Booster
"57283:UDP" = 57283:UDP:*:Enabled:Pando Media Booster
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"6918:TCP" = 6918:TCP:*:Enabled:League of Legends Launcher
"6918:UDP" = 6918:UDP:*:Enabled:League of Legends Launcher
"6903:TCP" = 6903:TCP:*:Enabled:League of Legends Launcher
"6903:UDP" = 6903:UDP:*:Enabled:League of Legends Launcher
"6946:TCP" = 6946:TCP:*:Enabled:League of Legends Launcher
"6946:UDP" = 6946:UDP:*:Enabled:League of Legends Launcher
"6910:TCP" = 6910:TCP:*:Enabled:League of Legends Launcher
"6910:UDP" = 6910:UDP:*:Enabled:League of Legends Launcher
"6924:TCP" = 6924:TCP:*:Enabled:League of Legends Launcher
"6924:UDP" = 6924:UDP:*:Enabled:League of Legends Launcher
"6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher
"6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher
"6972:TCP" = 6972:TCP:*:Enabled:League of Legends Launcher
"6972:UDP" = 6972:UDP:*:Enabled:League of Legends Launcher
"6952:TCP" = 6952:TCP:*:Enabled:League of Legends Launcher
"6952:UDP" = 6952:UDP:*:Enabled:League of Legends Launcher
"6948:TCP" = 6948:TCP:*:Enabled:League of Legends Launcher
"6948:UDP" = 6948:UDP:*:Enabled:League of Legends Launcher
"6916:TCP" = 6916:TCP:*:Enabled:League of Legends Launcher
"6916:UDP" = 6916:UDP:*:Enabled:League of Legends Launcher
"6917:TCP" = 6917:TCP:*:Enabled:League of Legends Launcher
"6917:UDP" = 6917:UDP:*:Enabled:League of Legends Launcher
"6896:TCP" = 6896:TCP:*:Enabled:League of Legends Launcher
"6896:UDP" = 6896:UDP:*:Enabled:League of Legends Launcher
"6963:TCP" = 6963:TCP:*:Enabled:League of Legends Launcher
"6963:UDP" = 6963:UDP:*:Enabled:League of Legends Launcher
"6962:TCP" = 6962:TCP:*:Enabled:League of Legends Launcher
"6962:UDP" = 6962:UDP:*:Enabled:League of Legends Launcher
"6996:TCP" = 6996:TCP:*:Enabled:League of Legends Launcher
"6996:UDP" = 6996:UDP:*:Enabled:League of Legends Launcher
"6930:TCP" = 6930:TCP:*:Enabled:League of Legends Launcher
"6930:UDP" = 6930:UDP:*:Enabled:League of Legends Launcher
"6913:TCP" = 6913:TCP:*:Enabled:League of Legends Launcher
"6913:UDP" = 6913:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\Programme\games\Dragon Age\bin_ship\daorigins.exe" = D:\Programme\games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age: Origins
"D:\Programme\games\Dragon Age\DAOriginsLauncher.exe" = D:\Programme\games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins-Launcher
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Programme\ICQ7.0\ICQ.exe" = F:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ -- (ICQ, LLC.)
"F:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = F:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"D:\Programme\2K Sports\nba2k11.exe" = D:\Programme\2K Sports\nba2k11.exe:*:Enabled:2K Sports NBA 2K11 -- (2K Sports)
"D:\Programme\2K Sports\NBA 2K11\nba2k11.exe" = D:\Programme\2K Sports\NBA 2K11\nba2k11.exe:*:Enabled:2K Sports NBA 2K11 -- (2K Sports)
"F:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = F:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"D:\Steam\steam.exe" = D:\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Programme\Codemasters\GRID\GRID.exe" = D:\Programme\Codemasters\GRID\GRID.exe:*:Enabled:GRID Executable -- (Codemasters)
"D:\Programme\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe" = D:\Programme\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate -- ()
"D:\Steam\steamapps\***\counter-strike source\hl2.exe" = D:\Steam\steamapps\***\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\Riot Games\League of Legends\air\LolClient.exe" = D:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"D:\Riot Games\League of Legends\game\League of Legends.exe" = D:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"D:\Programme\Midway Games\Stranglehold\Binaries\Retail-Stranglehold.exe" = D:\Programme\Midway Games\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)
"D:\Programme\Activision\James Bond 007(TM) - Blood Stone\Bond.exe" = D:\Programme\Activision\James Bond 007(TM) - Blood Stone\Bond.exe:*:Enabled:James Bond 007(TM) - Blood Stone -- ()
"D:\Programme\Ubisoft\Shaun White Snowboarding\ShaunWhiteSnowboardingGame.exe" = D:\Programme\Ubisoft\Shaun White Snowboarding\ShaunWhiteSnowboardingGame.exe:*:Enabled:Shaun White Snowboarding Game -- ()
"D:\Programme\Ubisoft\Shaun White Snowboarding\ShaunWhiteSnowboarding.exe" = D:\Programme\Ubisoft\Shaun White Snowboarding\ShaunWhiteSnowboarding.exe:*:Enabled:Shaun White Snowboarding Update -- (Ubisoft)
"E:\Programme\Disney Interactive Studios\Tron Evolution\Binaries\Win32Live\GridGameLauncher.exe" = E:\Programme\Disney Interactive Studios\Tron Evolution\Binaries\Win32Live\GridGameLauncher.exe:*:Enabled:E:\Programme\Disney Interactive Studios\Tron Evolution\Binaries\Win32Live\GridGameLauncher.exe -- (Sony DADC Austria AG)
"E:\Programme\Disney Interactive Studios\Tron Evolution\Binaries\Win32Live\GridGame.exe" = E:\Programme\Disney Interactive Studios\Tron Evolution\Binaries\Win32Live\GridGame.exe:*:Enabled:E:\Programme\Disney Interactive Studios\Tron Evolution\Binaries\Win32Live\GridGame.exe -- (Disney Interactive Studios)
"E:\Two Worlds II\TwoWorlds2.exe" = E:\Two Worlds II\TwoWorlds2.exe:*:Enabled:Two Worlds II
"F:\Programme\Deep Silver\Nail'd\Naild_x86.exe" = F:\Programme\Deep Silver\Nail'd\Naild_x86.exe:*:Enabled:Nail'd
"D:\Steam\steamapps\common\empire total war\Empire.exe" = D:\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"D:\Steam\steamapps\common\alien swarm\swarm.exe" = D:\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"D:\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = D:\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"D:\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = D:\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"D:\Steam\steamapps\common\left 4 dead\left4dead.exe" = D:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application
"D:\Steam\steamapps\common\alien swarm\srcds.exe" = D:\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"C:\Programme\Metin2\metin2.bin" = C:\Programme\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"C:\Programme\Metin2\metin2client.bin" = C:\Programme\Metin2\metin2client.bin:*:Enabled:metin2client -- ()
"D:\Programme\Metin2\metin2.bin" = D:\Programme\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"D:\Programme\Metin2\metin2client.bin" = D:\Programme\Metin2\metin2client.bin:*:Enabled:metin2client -- ()
"D:\Steam\steamapps\***\counter-strike source\hl2.exe" = D:\Steam\steamapps\***\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B807AE-8114-1635-73C3-82AA49F381A8}" = Catalyst Control Center Graphics Full New
"{04890B28-8FB3-E988-6FD1-71B69734EC0B}" = CCC Help Czech
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06252F0C-DEEA-B543-0B42-0BF67DCD3A2D}" = CCC Help Italian
"{0FBF3FD9-F5D5-3961-9C41-995CDDC6AA92}" = CCC Help French
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19AA5D24-92E7-6258-FBB6-7FA49A7278F6}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23AE7073-44E7-3749-C4F5-44226F695632}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2B673C6F-BDEA-48AE-AB59-7479BF04EF6E}" = Nail'd
"{2E52FB79-7F60-4AD7-B946-5ED18B4F274E}" = ShaunWhiteSnowboarding
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3909F20F-CECB-C7D1-BE9C-D8F059F44ACE}" = CCC Help Chinese Traditional
"{39A581BB-1D49-EE12-7515-70CD3F28A3FA}" = CCC Help Hungarian
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3E7F50B0-6070-10D9-B27D-A2375BCAB70E}" = CCC Help Dutch
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{461898A1-F354-3196-20C3-FDF792945E74}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F548973-094A-0D7C-2F67-EA25EE23CB1D}" = CCC Help Japanese
"{580E60C8-5109-F401-0B11-CCE2A2022BA5}" = CCC Help Polish
"{59275B3A-1502-B9DC-1A78-FDBF1E55DAC7}" = CCC Help Norwegian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{603AC1A2-5A65-B9A1-086A-7AD9FBDE7A83}" = CCC Help Danish
"{697660CA-26EE-625D-6004-476CA86E8BC5}" = CCC Help German
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D875E47-38AA-761A-D4C7-D1B1478C2C89}" = ccc-core-preinstall
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{84FD435C-8890-078B-2FF3-4DF58290631E}" = Catalyst Control Center Core Implementation
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{876E47C6-EE51-B1B9-8F7B-207C11E625F6}" = Catalyst Control Center HydraVision Full
"{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"{8D53A8D1-2E31-E7AC-C02F-3EDFCE47CA2D}" = CCC Help Thai
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9973C7B0-E0AA-47D8-89CB-E93DA68F2DA2}" = ATI AVIVO Codecs
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B09C0C8-F5C4-2A95-FA5E-E6FB1162AED3}" = CCC Help Turkish
"{9CCB3527-C033-415C-88B6-27173B5E3592}" = Tron: Evolution
"{9F61C8A5-94B2-F641-5137-D4A4FE94D089}" = ccc-core-static
"{9F993C90-831D-30CD-DAD1-13E7F123213A}" = CCC Help Spanish
"{A0F7A994-3CA3-4152-B610-3061BEE11EE6}" = ccc-utility
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D5E653-59CE-9980-BF99-146F8F849A35}" = CCC Help English
"{B4AB56C8-E708-4808-9BD3-824C489019DA}" = BumpTop
"{BC77DCFD-7FDC-FEFE-E918-132D52CB1C66}" = CCC Help Portuguese
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C928A23C-3C21-3975-A6FF-893C3A9A8140}" = CCC Help Swedish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE25BA02-7369-D579-6C4A-2F5E3ACFE45B}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D7B802F9-2FDB-D67E-6857-B80C1CE6462E}" = CCC Help Greek
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DB7F5AEC-5624-FF68-F554-65350864921F}" = CCC Help Korean
"{E08CA67D-12CF-519B-7189-A27A2C5327B4}" = Catalyst Control Center Graphics Light
"{E467A03B-C374-4EB8-A4AC-A3D9F807C6CF}" = "Der Weiße Hai"
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EEC73A15-20D4-48AA-34A6-8CF2F53943B3}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7980D06-BE1D-0DE8-5FD1-4815DF59875D}" = CCC Help Finnish
"{F96B26EB-AE9B-FEFD-01D2-D7D415F820BB}" = Skins
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 3.0
"Cities XL 2011" = Cities XL 2011
"ClearProg" = ClearProg 1.6.0 Final
"CloneDVD2" = CloneDVD2
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Emergency 2012" = Emergency 2012
"ImgBurn" = ImgBurn
"InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Neffy" = Neffy 1,3,29,0
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Sniper - Ghost Warrior_is1" = Sniper - Ghost Warrior
"Spyware Doctor" = Spyware Doctor 8.0
"Steam App 630" = Alien Swarm
"Two Worlds II" = Two Worlds II
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zombie Driver_is1" = Zombie Driver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1085031214-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f58f3889281ea80b" = ContainerEx Decrypter
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2011 07:51:23 | Computer Name = *** | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 12.01.2011 08:40:53 | Computer Name = *** | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 13.01.2011 08:53:18 | Computer Name = *** | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 14.01.2011 07:50:41 | Computer Name = *** | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 15.01.2011 06:02:45 | Computer Name = *** | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.01.2011 11:53:22 | Computer Name = *** | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.01.2011 13:18:03 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung installer.exe, Version 1.0.0.19, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x014c120f.
 
Error - 17.01.2011 10:20:08 | Computer Name = *** | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 17.01.2011 11:10:38 | Computer Name = *** | Source = MsiInstaller | ID = 1013
Description = Produkt: NVIDIA PhysX -- Installation terminated
 
Error - 18.01.2011 08:41:39 | Computer Name = *** | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
[ System Events ]
Error - 17.01.2011 12:58:59 | Computer Name =*** | Source = Service Control Manager | ID = 7034
Description = Dienst "Dragon Age: Origins - Inhaltsupdater" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >
Code:
OTL logfile created on: 04.02.2011 16:58:32 - Run 1
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 20,59 Gb Free Space | 42,16% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 16,99 Gb Free Space | 5,80% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 11,53 Gb Free Space | 19,67% Space Free | Partition Type: NTFS
Drive F: | 65,36 Gb Total Space | 26,77 Gb Free Space | 40,96% Space Free | Partition Type: NTFS
 
Computer Name: VOLKAN | User Name: Sanguel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Temp\Qj2.exe (ComponentOne LLC)
PRC - C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Temp\Qj1.exe (ComponentOne LLC)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Programme\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\Riot Games\League of Legends\air\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\Riot Games\League of Legends\lol.launcher.exe (Solid State Networks)
PRC - C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\PC Tools Security\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (sdCoreService) -- C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (sdAuxService) -- C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1085031214-854245398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-1085031214-854245398-839522115-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1085031214-854245398-839522115-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1085031214-854245398-839522115-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1085031214-854245398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.3.0244
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programme\PC Tools Security\BDT\Firefox\ [2010.11.19 19:15:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.12 18:25:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.01.23 17:42:10 | 000,000,000 | ---D | M]
 
[2010.11.19 18:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Extensions
[2011.02.03 23:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\extensions
[2010.11.21 22:35:07 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.11.20 11:45:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.02 20:08:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.17 15:11:43 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\extensions\DTToolbar@toolbarnet.com
[2010.12.04 16:58:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\extensions\toolbar@ask.com
[2011.02.03 22:56:31 | 000,002,395 | ---- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\searchplugins\askcom.xml
[2011.01.17 15:11:37 | 000,002,059 | ---- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\searchplugins\daemon-search.xml
[2010.11.19 21:19:37 | 000,002,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\searchplugins\search-defender.xml
[2010.11.21 22:35:17 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\searchplugins\winamp-search.xml
[2011.02.03 23:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.29 13:26:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.11.28 21:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.28 21:14:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.19 19:15:45 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAMME\PC TOOLS SECURITY\BDT\FIREFOX
[2010.11.28 21:14:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.01.23 17:42:10 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.18 19:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1085031214-854245398-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1085031214-854245398-839522115-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1085031214-854245398-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1085031214-854245398-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eTrustPPAP]  File not found
O4 - HKLM..\Run: [ISTray] C:\Programme\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [PCTools FGuard] C:\Programme\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1085031214-854245398-839522115-1003..\Run: [CE8SIIFGSU] C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Temp\Qj1.exe (ComponentOne LLC)
O4 - HKU\S-1-5-21-1085031214-854245398-839522115-1003..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1085031214-854245398-839522115-1003..\Run: [ISUSPM]  File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1085031214-854245398-839522115-1003\..Trusted Domains:  ([]msn in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.19 16:37:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O32 - Unable to obtain root file information for disk E:\
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{f4bb2eb9-21a4-11e0-becd-4061862e116d}\Shell - "" = AutoRun
O33 - MountPoints2\{f4bb2eb9-21a4-11e0-becd-4061862e116d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4bb2eb9-21a4-11e0-becd-4061862e116d}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ***-5HFGXQ0IF.vbs
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ***-5HFGXQ0IF.vbs
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ***-5HFGXQ0IF.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.04 13:01:23 | 000,000,000 | ---D | C] -- C:\Programme\ClearProg
[2011.02.04 13:01:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ClearProg
[2011.02.03 13:36:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.02.02 23:26:19 | 001,036,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\home.exe
[2011.02.02 23:00:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011.02.02 22:57:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2011.02.02 20:48:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA
[2011.02.02 20:48:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Scanner
[2011.02.02 17:43:45 | 000,132,096 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Qkogia.exe
[2011.01.30 23:37:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\GTA San Andreas User Files
[2011.01.30 16:37:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Rockstar Games
[2011.01.30 16:20:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Metin2
[2011.01.30 16:17:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
[2011.01.29 14:56:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\Red Alert 3
[2011.01.29 14:33:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Red Alert 3
[2011.01.29 13:00:40 | 000,065,408 | ---- | C] (SuperMac Technology) -- C:\WINDOWS\System\ICCVID.DRV
[2011.01.29 13:00:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDC.DRV
[2011.01.29 13:00:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSRLE.DRV
[2011.01.29 13:00:39 | 000,774,960 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System\IR41.DLL
[2011.01.29 13:00:39 | 000,049,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSACM.DLL
[2011.01.29 13:00:39 | 000,022,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSACM.DRV
[2011.01.29 13:00:39 | 000,017,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\IMAADPCM.ACM
[2011.01.29 13:00:39 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSADPCM.ACM
[2011.01.29 13:00:39 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\CTL3D.DLL
[2011.01.29 13:00:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\ACMCMPRS.DLL
[2011.01.29 13:00:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\DISPDIB.DLL
[2011.01.28 18:20:27 | 000,000,000 | ---D | C] -- C:\Programme\Metin2
[2011.01.28 09:36:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.01.26 21:39:55 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2011.01.26 21:39:55 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2011.01.26 21:39:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\fwc
[2011.01.23 17:42:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Gutscheinmieze
[2011.01.23 15:01:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Fallout
[2011.01.23 15:01:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\FalloutNV
[2011.01.23 15:01:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\Fallout3
[2011.01.21 12:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Startmenü\Programme\ContainerEx
[2011.01.21 12:30:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\Deployment
[2011.01.20 23:12:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\Help
[2011.01.20 23:12:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Help
[2011.01.17 16:19:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare
[2011.01.17 16:10:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
[2011.01.17 15:11:48 | 000,218,176 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011.01.17 15:11:37 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar
[2011.01.17 15:11:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite
[2011.01.17 15:11:25 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2011.01.17 15:11:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\DAEMON Tools Lite
[2011.01.17 15:11:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.01.17 14:58:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\ICQ
[2011.01.16 13:47:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BioWare
[2011.01.14 20:41:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\Electronic Arts
[67 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.04 16:48:15 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.02.04 16:35:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.02.04 16:25:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.04 16:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.02.04 15:38:11 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.02.04 15:38:11 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.02.04 15:38:11 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.02.04 15:38:11 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.02.04 15:33:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.04 15:14:28 | 000,000,666 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ClearProg.lnk
[2011.02.04 13:02:12 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.02 20:56:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\pestpatrol5.INI
[2011.02.02 19:40:52 | 000,000,130 | ---- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Desktop\YellowCirclesFix.reg
[2011.02.02 17:43:41 | 000,132,096 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Qkogia.exe
[2011.02.01 14:25:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.30 16:20:04 | 000,000,541 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Metin2.lnk
[2011.01.30 15:47:34 | 000,138,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.01.30 15:47:27 | 000,270,904 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011.01.29 14:32:09 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011.01.28 17:21:29 | 000,206,250 | ---- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\ts3_clientui-win32-12599-2011-01-28 17_21_29.578125.dmp
[2011.01.28 15:05:47 | 000,270,904 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011.01.28 15:01:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2011.01.24 21:28:32 | 000,214,938 | ---- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\ts3_clientui-win32-12599-2011-01-24 21_28_31.812500.dmp
[2011.01.20 19:24:01 | 000,215,882 | ---- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\ts3_clientui-win32-12599-2011-01-20 19_24_01.159402.dmp
[2011.01.17 15:11:49 | 000,218,176 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011.01.17 15:11:27 | 000,001,577 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Lite.lnk
[2011.01.14 21:59:54 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[67 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.04 13:01:23 | 000,000,666 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ClearProg.lnk
[2011.02.02 20:56:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2011.02.02 19:40:52 | 000,000,130 | ---- | C] () -- C:\Dokumente und Einstellungen\Sanguel\Desktop\YellowCirclesFix.reg
[2011.02.02 17:43:56 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.02.02 17:43:51 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.31 14:59:48 | 000,000,000 | R--- | C] () -- C:\Dokumente und Einstellungen\Sanguel\HsUserUtil.log
[2011.01.30 16:20:04 | 000,000,541 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Metin2.lnk
[2011.01.29 13:00:40 | 000,050,096 | ---- | C] () -- C:\WINDOWS\System\IYVU9.DLL
[2011.01.29 13:00:39 | 000,151,744 | ---- | C] () -- C:\WINDOWS\System\IR32.DLL
[2011.01.29 13:00:39 | 000,005,195 | ---- | C] () -- C:\WINDOWS\System\DVA.386
[2011.01.29 12:54:41 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.28 17:21:29 | 000,206,250 | ---- | C] () -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\ts3_clientui-win32-12599-2011-01-28 17_21_29.578125.dmp
[2011.01.24 21:28:31 | 000,214,938 | ---- | C] () -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\ts3_clientui-win32-12599-2011-01-24 21_28_31.812500.dmp
[2011.01.20 19:24:01 | 000,215,882 | ---- | C] () -- C:\Dokumente und Einstellungen\Sanguel\Eigene Dateien\ts3_clientui-win32-12599-2011-01-20 19_24_01.159402.dmp
[2011.01.17 15:11:27 | 000,001,577 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Lite.lnk
[2010.12.23 17:44:32 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.12.23 17:44:31 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.12.03 15:15:54 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.12.01 00:00:21 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.11.20 00:41:39 | 000,064,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.11.20 00:27:07 | 000,138,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.11.20 00:27:07 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\PnkBstrK.sys
[2010.11.19 19:15:44 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.11.19 18:23:55 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.11.19 16:30:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
 
========== LOP Check ==========
 
[2011.01.22 15:27:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare
[2011.02.02 20:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA
[2010.11.20 20:27:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Codemasters
[2011.01.17 15:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.12.31 14:33:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core
[2010.12.31 14:33:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.02.02 22:57:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.11.30 07:56:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2011.01.16 12:20:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2011.02.04 16:54:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.12.02 22:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2010.11.20 11:37:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\2K Sports
[2010.11.19 16:54:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Bump Technologies, Inc
[2011.01.17 15:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\DAEMON Tools Lite
[2010.11.25 14:50:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.02.02 22:38:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Gutscheinmieze
[2011.02.03 23:50:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\ICQ
[2010.11.30 08:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\LolClient
[2010.11.20 20:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Petroglyph
[2010.12.01 18:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\ProtectDISC
[2011.01.29 14:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Red Alert 3
[2010.12.23 20:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\The Creative Assembly
[2010.11.29 18:04:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Tropico3
[2010.12.23 17:48:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\ZombieDriver
[2011.02.04 16:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011.02.04 16:48:15 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.02.04 16:35:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.20 11:37:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\2K Sports
[2010.11.19 18:41:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Adobe
[2010.11.19 17:01:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\ATI
[2010.11.29 17:23:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Avira
[2010.11.19 16:54:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Bump Technologies, Inc
[2011.01.17 15:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\DAEMON Tools Lite
[2010.11.25 14:50:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.02.02 22:38:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Gutscheinmieze
[2011.01.20 23:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Help
[2011.02.03 23:50:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\ICQ
[2010.11.19 16:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Identities
[2010.12.02 22:30:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\InstallShield
[2010.11.30 08:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\LolClient
[2010.11.19 18:41:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Macromedia
[2010.12.23 17:48:34 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Microsoft
[2010.11.19 18:27:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla
[2010.11.20 20:06:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\MSN6
[2010.11.19 19:02:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\PC Tools
[2010.11.20 20:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Petroglyph
[2010.12.01 18:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\ProtectDISC
[2011.01.29 14:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Red Alert 3
[2010.11.20 11:59:32 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\SecuROM
[2011.02.04 16:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Skype
[2011.02.04 16:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\skypePM
[2010.11.28 21:14:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Sun
[2010.12.23 20:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\The Creative Assembly
[2010.11.29 18:04:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Tropico3
[2011.02.01 19:34:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Winamp
[2010.11.26 22:50:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\WinRAR
[2010.11.21 20:02:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Xfire
[2010.12.23 17:48:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\ZombieDriver
 
< %APPDATA%\*.exe /s >
[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Gutscheinmieze\uninstall.exe
[2010.12.23 17:48:34 | 000,051,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Microsoft\Installer\{E467A03B-C374-4EB8-A4AC-A3D9F807C6CF}\ARPPRODUCTICON.exe
[2010.12.23 17:48:34 | 000,051,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Microsoft\Installer\{E467A03B-C374-4EB8-A4AC-A3D9F807C6CF}\Jaws.exe1_356524D230144D9490BE80AB14A8EC95.exe
[2010.12.23 17:48:34 | 000,051,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Microsoft\Installer\{E467A03B-C374-4EB8-A4AC-A3D9F807C6CF}\Jaws.exe_356524D230144D9490BE80AB14A8EC95_1.exe
[2010.12.04 15:22:04 | 003,056,008 | ---- | M] (Ask) -- C:\Dokumente und Einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 01:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.28 23:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2002.08.29 01:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2005.04.07 18:51:22 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=600BCDA874059D358EE7E4F88BE252B2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2005.04.07 19:46:59 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=64322E8399B205B7281FF883737A9B03 -- C:\WINDOWS\$hf_mig$\KB884883\SP2QFE\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2002.08.29 01:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2002.08.29 01:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2005.03.02 19:21:04 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=DEF116925E1EA04691EC6362F197451E -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2002.08.29 01:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2002.08.29 01:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 19:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 19:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.11.19 17:22:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.11.19 17:22:55 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.11.19 17:22:55 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.15 03:29:00 | 000,446,464 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008.04.14 07:52:10 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008.04.14 07:52:10 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008.04.14 07:52:14 | 000,251,904 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 234 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84

< End of report >

Ausserdem ich hab in der Suche nach www gesucht jedenfalls:Er zeigt mir die Spam Seiten.Dort steht dann immer sanguel@www.(die seite)
Und ich google schon seit Gestern durch nach dem Iexplore.exe haben anscheinend viele. Die Tutorials bei youtube die ich getestet habe funktionierten nicht.

markusg 04.02.2011 17:51
• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
SRV - (HidServ) -- File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [eTrustPPAP] File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ***-5HFGXQ0IF.vbs
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ***-5HFGXQ0IF.vbs
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ***-5HFGXQ0IF.vbs
[2011.02.02 17:43:45 | 000,132,096 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Qkogia.exe
[2011.02.04 16:48:15 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.02.04 16:35:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
:Files
C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Temp\Qj2.exe
C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Temp\Qj1.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
öffne computer, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html

Sang 04.02.2011 19:05
Möchte mich nochmal Bedanken für den Super Support hier.
Code:
All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File  File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eTrustPPAP deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ***-5HFGXQ0IF.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ***-5HFGXQ0IF.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ***-5HFGXQ0IF.vbs not found.
C:\WINDOWS\Qkogia.exe moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Temp\Qj2.exe moved successfully.
C:\Dokumente und Einstellungen\Sanguel\Lokale Einstellungen\Temp\Qj1.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: Sanguel
->Flash cache emptied: 4691 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 2196 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34734 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Sanguel
->Temp folder emptied: 2667114 bytes
->Temporary Internet Files folder emptied: 68101883 bytes
->Java cache emptied: 1615674 bytes
->FireFox cache emptied: 53427344 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2289187 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 6800 bytes
 
Total Files Cleaned = 122,00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02042011_185451

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Habe die Rar Datei hochgeladen.Ausserdem möchte ich noch Anmerken das ich nach dem Neustart keine PopUps bekommen habe(jedoch nach einigen Minuten wieder). Und ich musste eine Datei ausführen die als Meldung kam nach dem Neustart damit ich überhaupt den Desktop sehen konnte.

markusg 04.02.2011 20:09
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Sang 04.02.2011 21:47
Mhh Komischerweise kriege ich keine Werbung mehr.Ich werde mal sehen wie lange es so ist.Fals es wieder auftaucht werde ich hier Schreiben.Ich geh heute Off und teste es mal bei ob es wirklich Weg ist.:dankeschoen: für den Support:dankeschoen: und :daumenhoc

markusg 04.02.2011 21:55
bitte nutze combofix, nur weil ein symtom verschwunden ist, heißt es noch lange nicht, dass der pc sauber ist

Sang 05.02.2011 00:12
Combofix Logfile:
Code:
ComboFix 11-01-31.02 - Sanguel 04.02.2011  23:24:52.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3327.1728 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Sanguel\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat
C:\install.exe
c:\windows\home.exe
D:\Autorun.inf
E:\Autorun.inf
E:\install.exe
F:\autorun.inf

----- BITS: Eventuell infizierte Webseiten -----

hxxp://apnmedia.ask.com
.
(((((((((((((((((((((((  Dateien erstellt von 2011-01-04 bis 2011-02-04  ))))))))))))))))))))))))))))))
.

2011-02-04 18:05 . 2011-02-02 16:43        132096        ----a-w-        c:\windows\Qkogia.exe
2011-02-04 17:54 . 2011-02-04 18:03        --------        d-----w-        C:\_OTL
2011-02-04 12:01 . 2011-02-04 12:01        --------        d-----w-        c:\programme\ClearProg
2011-02-02 21:57 . 2011-02-02 21:57        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2011-02-02 19:48 . 2011-02-02 19:48        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\CA
2011-02-02 19:48 . 2011-02-03 12:36        --------        d-----w-        c:\programme\Gemeinsame Dateien\Scanner
2011-01-30 15:37 . 2004-10-22 01:16        5632        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-01-30 15:17 . 2011-01-30 15:18        --------        d-----w-        c:\dokumente und einstellungen\Sanguel\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
2011-01-29 13:33 . 2011-01-29 13:33        --------        d-----w-        c:\dokumente und einstellungen\Sanguel\Anwendungsdaten\Red Alert 3
2011-01-29 12:00 . 1995-03-21 23:00        50096        ----a-w-        c:\windows\system\IYVU9.DLL
2011-01-29 12:00 . 1994-09-01 23:00        65408        ----a-w-        c:\windows\system\ICCVID.DRV
2011-01-29 12:00 . 1993-11-18 23:00        43520        ----a-w-        c:\windows\system\MSVIDC.DRV
2011-01-29 12:00 . 1993-11-18 23:00        11776        ----a-w-        c:\windows\system\MSRLE.DRV
2011-01-29 12:00 . 1995-11-08 23:00        774960        ----a-w-        c:\windows\system\IR41.DLL
2011-01-29 12:00 . 1995-10-19 23:00        151744        ----a-w-        c:\windows\system\IR32.DLL
2011-01-29 12:00 . 1993-11-18 23:00        7168        ----a-w-        c:\windows\system\DISPDIB.DLL
2011-01-29 12:00 . 1993-11-18 23:00        49616        ----a-w-        c:\windows\system\MSACM.DLL
2011-01-29 12:00 . 1993-11-18 23:00        22816        ----a-w-        c:\windows\system\MSACM.DRV
2011-01-29 12:00 . 1993-11-18 23:00        14208        ----a-w-        c:\windows\system\CTL3D.DLL
2011-01-29 12:00 . 1993-11-18 23:00        12800        ----a-w-        c:\windows\system\ACMCMPRS.DLL
2011-01-28 17:20 . 2011-01-28 17:54        --------        d-----w-        c:\programme\Metin2
2011-01-28 08:36 . 2011-01-28 08:37        --------        d-----w-        c:\windows\system32\NtmsData
2011-01-26 20:39 . 2004-03-08 23:00        152848        ----a-w-        c:\windows\system32\COMDLG32.OCX
2011-01-26 20:39 . 2004-03-08 22:00        1081616        ----a-w-        c:\windows\system32\MSCOMCTL.OCX
2011-01-26 20:39 . 2011-01-26 20:39        --------        d-----w-        c:\programme\Gemeinsame Dateien\fwc
2011-01-23 16:42 . 2010-03-19 08:23        686592        ----a-w-        c:\programme\Mozilla Firefox\plugins\npmieze.dll
2011-01-23 16:42 . 2011-02-02 21:38        --------        d-----w-        c:\dokumente und einstellungen\Sanguel\Anwendungsdaten\Gutscheinmieze
2011-01-23 14:21 . 2011-01-23 14:21        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2011-01-23 14:01 . 2011-01-23 17:29        --------        d-----w-        c:\dokumente und einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\FalloutNV
2011-01-23 14:01 . 2011-01-23 17:29        --------        d-----w-        c:\dokumente und einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\Fallout3
2011-01-21 11:30 . 2011-01-21 11:30        --------        d-----w-        c:\dokumente und einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\Deployment
2011-01-20 22:12 . 2011-01-20 22:12        --------        d-----w-        c:\dokumente und einstellungen\Sanguel\Lokale Einstellungen\Anwendungsdaten\Help
2011-01-17 15:19 . 2011-01-22 14:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\BioWare
2011-01-17 14:11 . 2011-01-17 14:11        218176        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-01-17 14:11 . 2011-01-17 14:11        --------        d-----w-        c:\programme\DAEMON Tools Toolbar
2011-01-17 14:11 . 2011-01-17 14:19        --------        d-----w-        c:\programme\DAEMON Tools Lite
2011-01-17 14:11 . 2011-01-17 14:12        --------        d-----w-        c:\dokumente und einstellungen\Sanguel\Anwendungsdaten\DAEMON Tools Lite
2011-01-17 14:11 . 2011-01-17 14:11        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2011-01-16 12:47 . 2011-01-22 14:28        --------        d-----w-        c:\programme\Gemeinsame Dateien\BioWare

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 18:26 . 2010-11-19 23:27        138416        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2011-02-04 18:25 . 2010-11-20 10:59        270904        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2011-02-04 18:25 . 2010-11-19 23:26        270904        ----a-w-        c:\windows\system32\PnkBstrB.exe
2011-01-30 14:47 . 2010-11-19 23:26        270904        ----a-w-        c:\windows\system32\PnkBstrB.ex0
2011-01-29 13:32 . 2010-11-20 10:36        107888        ----a-w-        c:\windows\system32\CmdLineExt.dll
2010-12-23 16:44 . 2010-12-23 16:44        281760        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2010-12-23 16:44 . 2010-12-23 16:44        25888        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2010-12-21 11:26 . 2010-11-22 13:16        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-12-02 15:23 . 2010-11-19 23:26        75136        ----a-w-        c:\windows\system32\PnkBstrA.exe
2010-11-30 16:03 . 2011-01-02 07:48        4023760        ----a-w-        c:\windows\system32\GameMon.des
2010-11-28 20:14 . 2010-11-28 20:14        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2010-11-28 20:14 . 2010-11-28 20:14        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2010-11-25 12:44 . 2010-11-22 13:16        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-11-20 19:26 . 2010-11-20 19:26        444952        ----a-w-        c:\windows\system32\wrap_oal.dll
2010-11-20 19:26 . 2010-11-20 19:26        109080        ----a-w-        c:\windows\system32\OpenAL32.dll
2010-11-19 23:27 . 2010-11-19 23:27        138056        ----a-w-        c:\dokumente und einstellungen\Sanguel\Anwendungsdaten\PnkBstrK.sys
2010-11-19 23:26 . 2010-11-19 23:26        2434856        ----a-w-        c:\windows\system32\pbsvc_bc2.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programme\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44        1400712        ----a-w-        c:\programme\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"PCTools FGuard"="c:\programme\PC Tools Security\BDT\FGuard.exe" [2010-09-24 108496]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2010-07-12 74752]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Programme\\ICQ7.0\\ICQ.exe"=
"f:\\Programme\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\2K Sports\\nba2k11.exe"=
"d:\\Programme\\2K Sports\\NBA 2K11\\nba2k11.exe"=
"f:\\Programme\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"d:\\Steam\\steam.exe"=
"d:\\Programme\\Codemasters\\GRID\\GRID.exe"=
"d:\\Programme\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"d:\\Steam\\steamapps\\shadowman123456\\counter-strike source\\hl2.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"d:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"d:\\Programme\\Midway Games\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"d:\\Programme\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=
"d:\\Programme\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"d:\\Programme\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"e:\\Programme\\Disney Interactive Studios\\Tron Evolution\\Binaries\\Win32Live\\GridGameLauncher.exe"=
"e:\\Programme\\Disney Interactive Studios\\Tron Evolution\\Binaries\\Win32Live\\GridGame.exe"=
"d:\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"d:\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"d:\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"d:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"d:\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Programme\\Metin2\\metin2.bin"=
"c:\\Programme\\Metin2\\metin2client.bin"=
"d:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"=
"d:\\Programme\\Metin2\\metin2.bin"=
"d:\\Programme\\Metin2\\metin2client.bin"=
"f:\\Programme\\JDownloader\\downloads\\Dead.Space.2.Limited.Edition.MULTi6.CloneDVD-iND\\deadspace2.exe"=
"d:\\Steam\\steamapps\\saschthegamer\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57283:TCP"= 57283:TCP:Pando Media Booster
"57283:UDP"= 57283:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6918:TCP"= 6918:TCP:League of Legends Launcher
"6918:UDP"= 6918:UDP:League of Legends Launcher
"6946:TCP"= 6946:TCP:League of Legends Launcher
"6946:UDP"= 6946:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher
"6952:TCP"= 6952:TCP:League of Legends Launcher
"6952:UDP"= 6952:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6916:TCP"= 6916:TCP:League of Legends Launcher
"6916:UDP"= 6916:UDP:League of Legends Launcher
"6917:TCP"= 6917:TCP:League of Legends Launcher
"6917:UDP"= 6917:UDP:League of Legends Launcher
"6896:TCP"= 6896:TCP:League of Legends Launcher
"6896:UDP"= 6896:UDP:League of Legends Launcher
"6963:TCP"= 6963:TCP:League of Legends Launcher
"6963:UDP"= 6963:UDP:League of Legends Launcher
"6962:TCP"= 6962:TCP:League of Legends Launcher
"6962:UDP"= 6962:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"6930:TCP"= 6930:TCP:League of Legends Launcher
"6930:UDP"= 6930:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19.11.2010 19:03 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [19.11.2010 19:03 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [19.11.2010 19:03 656320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.01.2011 15:11 218176]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.02.2010 11:22 185472]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [22.11.2010 14:16 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\PC Tools Security\BDT\BDTUpdateService.exe [19.11.2010 19:15 235472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.11.2010 16:49 1684736]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\PC Tools Security\pctsAuxs.exe [19.11.2010 19:02 366840]
.
Inhalt des "geplante Tasks" Ordners

2011-02-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2010-09-28 21:44]

2011-02-04 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Qkogia.exe [2011-02-04 16:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = my.daemon-search.com
IE: &Winamp Search - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Sanguel\Anwendungsdaten\Mozilla\Firefox\Profiles\yocuqmt3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\programme\PC Tools Security\BDT\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Emergency 2012 - d:\programme\Quadriga Games\Emergency 2012\uninstall.exe
AddRemove-Free YouTube Download_is1 - c:\programme\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Two Worlds II - e:\two worlds ii\Uninstall.exe
AddRemove-{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1 - f:\rappelz\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-04 23:27
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1085031214-854245398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c8,65,44,1c,82,36,77,65,e5,61,b1,80,c6,41,f9,58,93,e4,39,20,9d,
  b3,43,52,f8,47,d6,05,4d,04,70,c1,6e,ce,e3,51,9a,d4,95,04,4a,e1,cf,b7,27,ca,\
"rkeysecu"=hex:ff,85,32,9f,6c,7c,d5,5d,81,8e,ea,7e,34,6c,aa,6e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2011-02-04  23:28:37
ComboFix-quarantined-files.txt  2011-02-04 22:28

Vor Suchlauf: 9 Verzeichnis(se), 21.867.573.248 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 21.993.750.528 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - C7B49FDC0945375B6AF3405C056A1C85
--- --- ---


So da ist es.PS: Ich hoffe das dieser Thread auch leute mit dem gleichen Problem helfen wird.

markusg 05.02.2011 12:00
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Sang 05.02.2011 12:47
Registerkarten Scannen?Fand ich dort nicht.Malwarebytes durchsucht grade und ist bei 25 Minuten.

markusg 05.02.2011 13:06
oben steht doch scanner update optionen 4etc das ist ne registerkarte

Sang 05.02.2011 13:39
Mhh das Ding ist abgestürzt... keine Rückmeldung... dauert bis der Log kommt.

markusg 05.02.2011 13:47
hast du auch wie geschrieben, alle programme abgeschalten und internetverbindung getrennt?

Sang 05.02.2011 15:24
*hust* werde schreiben wenns fertig ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:10 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131