Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Achtung! Aus Sicherheitsgründen wurde ihr Windowsssystem blockiert (https://www.trojaner-board.de/114158-achtung-sicherheitsgruenden-wurde-windowsssystem-blockiert.html)

Krokologo 26.04.2012 15:21
Achtung! Aus Sicherheitsgründen wurde ihr Windowsssystem blockiert
 
Hallo!

Sobald ich Windows mit Internetverbindung starte, bekomme ich auf schwarzem Hintergrund die rote Meldung "Achtung! Aus Sicherheitsgründen wurde ihr Windowsssystem blockiert" mit nem Button "Bezahlen und repariern" :pukeface:

Ziehe ich das Netzwerkkabel, kann ich normal am Rechner arbeiten.

Dummerweise habe ich nie ein Backup meiner Dateien (Fotos, Musik etc.) gemacht...will diese Dinge auf keinen Fall verlieren :(

Bitte helft mir, mein System wieder zu reparieren.

Vielen Dank im Voraus :)

markusg 26.04.2012 18:44
neustart, f8 drücken abgesicherter modus mit netzwerk wählen
im betroffenen konto anmelden, internet verbindung herstellen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Krokologo 27.04.2012 10:15
Hier die Logfiles, Namen habe ich in *** geändert:

OTL-txtOTL Logfile:
Code:
OTL logfile created on: 26.04.2012 21:25:40 - Run 1
OTL by OldTimer - Version 3.2.42.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 85.29% Memory free
6.19 Gb Paging File | 5.93 Gb Available in Paging File | 95.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.41 Gb Total Space | 7.30 Gb Free Space | 3.37% Space Free | Partition Type: NTFS
Drive D: | 107.22 Gb Total Space | 7.42 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
 
Computer Name: RB-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.26 16:56:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.06.02 14:53:16 | 000,443,232 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.20 21:11:51 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.28 21:31:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.03 20:35:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.10 22:34:50 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007.11.03 00:49:23 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.11.02 11:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2006.11.02 11:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***~1\AppData\Local\Temp\jfdcd.sys -- (jfdcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aldbsuzu)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.06.28 21:31:11 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 21:31:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.15 21:35:25 | 000,107,616 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2010.07.18 12:34:46 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.07.18 12:33:59 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.07.18 12:33:59 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.08.16 15:57:04 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009.03.08 18:45:46 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Stopped] -- C:\Windows\System32\SVKP.sys -- (SVKP)
DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.03.24 12:27:12 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.12.06 13:50:50 | 000,103,424 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.11.08 02:52:10 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2006.11.02 10:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2005.08.01 14:46:46 | 000,085,952 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w550obex.sys -- (w550obex)
DRV - [2005.08.01 14:46:44 | 000,096,672 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w550mdm.sys -- (w550mdm)
DRV - [2005.08.01 14:46:42 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w550mdfl.sys -- (w550mdfl)
DRV - [2005.08.01 14:46:40 | 000,060,928 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w550bus.sys -- (w550bus) Sony Ericsson W550 driver (WDM)
DRV - [2005.08.01 14:46:28 | 000,088,080 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w550mgmt.sys -- (w550mgmt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC_deDE264
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.15 22:55:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.08 13:07:48 | 000,000,000 | ---D | M]
 
[2011.04.30 12:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.04.08 12:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f0tnr7k8.default\extensions
[2010.02.19 19:19:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f0tnr7k8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.21 14:20:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f0tnr7k8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.08 12:11:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f0tnr7k8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.08 13:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.08 13:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0TNR7K8.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012.01.15 22:55:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.08 13:07:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.15 22:55:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.15 22:55:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.15 22:55:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2008.09.19 18:42:33 | 000,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008.09.19 18:42:33 | 000,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2012.01.15 22:55:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 22:55:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 22:55:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [SkypePM] C:\Users\***\AppData\Local\Skype\SkypePM.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EA41A00-2231-4DA6-8620-C7270A22FACB}: NameServer = 192.168.10.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{873248f5-68f2-11e0-b4c0-001d926be8ec}\Shell - "" = AutoRun
O33 - MountPoints2\{873248f5-68f2-11e0-b4c0-001d926be8ec}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{a82e1d7d-99b9-11e0-afbd-001d926be8ec}\Shell - "" = AutoRun
O33 - MountPoints2\{a82e1d7d-99b9-11e0-afbd-001d926be8ec}\Shell\AutoRun\command - "" = V:\autorun.exe
O33 - MountPoints2\{d7dd4359-8a6c-11de-8780-001d926be8ec}\Shell - "" = AutoRun
O33 - MountPoints2\{d7dd4359-8a6c-11de-8780-001d926be8ec}\Shell\AutoRun\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.26 21:00:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.09 14:09:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nexus Mod Manager
[2012.04.09 14:09:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Black_Tree_Gaming
[2012.04.09 14:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012.04.08 14:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.04.08 14:26:34 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.04.08 14:17:55 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.04.08 13:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.04.08 13:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.08 13:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.07 11:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.26 21:25:29 | 000,640,358 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.26 21:25:29 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.26 21:25:29 | 000,116,122 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.26 21:25:29 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.26 21:24:20 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.04.26 21:21:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.26 21:19:37 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 21:19:37 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 16:56:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.08 12:37:52 | 000,191,488 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.08 14:26:33 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.01.08 13:40:19 | 000,000,000 | ---- | C] () -- C:\Windows\Clarkson Duel.ini
[2011.11.27 14:06:23 | 000,001,560 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.11.27 14:06:22 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2011.10.29 23:59:24 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.08.07 11:23:46 | 000,000,023 | ---- | C] () -- C:\Windows\wiso.ini
[2011.05.28 17:51:01 | 000,000,370 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.01.22 18:50:13 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.01.16 17:06:03 | 010,932,224 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.07.29 21:15:36 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010.07.27 15:28:09 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.07.27 15:28:09 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9840cd.dat
[2010.07.27 15:28:09 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.07.27 15:26:36 | 000,000,818 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.07.27 15:26:36 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.07.27 15:26:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bd9840cn.dat
[2010.07.27 15:23:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010.07.27 15:23:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010.07.27 15:23:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT
[2010.07.27 15:23:08 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010.07.27 15:23:08 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010.07.27 15:23:07 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.07.27 15:19:46 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
 
========== LOP Check ==========
 
[2010.10.12 14:20:39 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\Ashampoo
[2010.08.14 21:50:23 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\Atari
[2011.06.25 13:20:44 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\Buhl Data Service
[2011.06.18 19:51:11 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.08.16 16:03:29 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\DAEMON Tools Lite
[2011.05.21 14:20:03 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.12 19:50:27 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\gtk-2.0
[2010.08.14 21:37:34 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\Leadertech
[2011.12.26 19:36:44 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\PC-FAX TX
[2009.11.19 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\ProtectDisc
[2010.07.27 15:36:33 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\ScanSoft
[2010.11.18 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\Silver Style Entertainment
[2010.07.19 19:45:33 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\Teleca
[2010.07.11 10:44:52 | 000,000,000 | ---D | M] -- C:\Users\***  ***\AppData\Roaming\tell
[2010.10.12 14:39:20 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.16 17:07:00 | 000,000,470 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FA921F11-19C4-4819-AD06-75A4E0ACA0CE}.job
[2011.01.16 22:48:56 | 000,000,364 | -H-- | M] () -- C:\Windows\Tasks\XboxStatTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.03.01 19:21:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.03.02 21:13:44 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2002.01.01 11:25:04 | 000,000,000 | -HSD | M] -- C:\Boot
[2008.03.01 19:23:11 | 000,000,000 | ---D | M] -- C:\Brockhaus2008
[2010.07.27 15:23:10 | 000,000,000 | ---D | M] -- C:\Brother
[2008.03.01 19:23:11 | 000,000,000 | ---D | M] -- C:\ClipInc
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.03.01 19:16:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2002.01.01 02:51:03 | 000,000,000 | R--D | M] -- C:\DRIVER
[2008.03.21 12:42:13 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.03.01 19:23:21 | 000,000,000 | ---D | M] -- C:\ebay
[2008.03.01 19:23:21 | 000,000,000 | ---D | M] -- C:\FirstSteps
[2008.03.01 19:23:31 | 000,000,000 | ---D | M] -- C:\Google
[2009.10.10 17:23:46 | 000,000,000 | ---D | M] -- C:\log
[2002.01.01 02:51:03 | 000,000,000 | R--D | M] -- C:\MANUAL
[2012.04.08 14:31:40 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.04.08 13:07:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.08 14:09:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.03.01 19:16:54 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.28 18:05:03 | 000,000,000 | ---D | M] -- C:\SAVE
[2011.05.28 20:24:28 | 000,000,000 | ---D | M] -- C:\SIERRA
[2012.04.09 14:09:24 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.04.20 21:13:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.18 20:08:12 | 000,000,000 | ---D | M] -- C:\TEMP
[2008.08.19 21:07:07 | 000,000,000 | ---D | M] -- C:\TMP
[2008.03.01 19:21:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.08 17:26:30 | 000,000,000 | ---D | M] -- C:\Windows
[2002.01.01 02:32:48 | 000,000,000 | ---D | M] -- C:\x86
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2007.11.03 01:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\drivers\AGP440.sys
[2007.11.03 01:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007.11.03 01:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2007.11.03 01:53:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_44b6b0d0\atapi.sys
[2007.11.03 01:53:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20694_none_db7e36353dc64123\atapi.sys
[2002.01.01 02:40:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2002.01.01 02:40:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2002.01.01 02:40:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\drivers\atapi.sys
[2002.01.01 02:40:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys
[2002.01.01 02:40:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.03 01:17:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\System32\user32.dll
[2007.11.03 01:17:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20587_none_cb8c4940898e24a6\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\System32\winlogon.exe
[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.08.16 15:57:04 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2002.01.01 11:24:54 | 008,011,776 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2002.01.01 11:24:52 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2002.01.01 11:24:54 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2002.01.01 11:25:02 | 016,478,208 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2002.01.01 11:25:03 | 006,029,312 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2010.08.12 19:50:27 | 000,012,042 | ---- | M] () -- C:\Users\***  ***\.recently-used.xbel
[2009.07.14 15:58:09 | 000,006,800 | ---- | M] () -- C:\Users\***  ***\Audio_071409_152003 House 2.ROXIO
[2008.12.29 23:38:46 | 000,000,964 | ---- | M] () -- C:\Users\***  ***\Callmobile.txt
[2012.02.05 12:35:56 | 000,014,626 | ---- | M] () -- C:\Users\***  ***\Data_020512_104447 Stick.roxio
[2010.12.29 13:29:37 | 000,030,524 | ---- | M] () -- C:\Users\***  ***\Data_122910_115610.roxio
[2012.04.26 21:37:08 | 004,456,448 | -HS- | M] () -- C:\Users\***  ***\NTUSER.DAT
[2012.04.26 21:37:08 | 000,262,144 | -H-- | M] () -- C:\Users\***  ***\ntuser.dat.LOG1
[2008.03.01 19:21:13 | 000,000,000 | -H-- | M] () -- C:\Users\***  ***\ntuser.dat.LOG2
[2008.03.01 19:37:03 | 000,065,536 | -HS- | M] () -- C:\Users\***  ***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008.03.01 19:37:03 | 000,524,288 | -HS- | M] () -- C:\Users\***  ***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.03.01 19:37:03 | 000,524,288 | -HS- | M] () -- C:\Users\***  ***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.03.01 19:21:14 | 000,000,020 | -HS- | M] () -- C:\Users\***  ***\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34

< End of report >
--- --- ---




Extras-txt
OTL Logfile:
Code:
OTL Extras logfile created on: 26.04.2012 21:25:40 - Run 1
OTL by OldTimer - Version 3.2.42.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 85.29% Memory free
6.19 Gb Paging File | 5.93 Gb Available in Paging File | 95.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.41 Gb Total Space | 7.30 Gb Free Space | 3.37% Space Free | Partition Type: NTFS
Drive D: | 107.22 Gb Total Space | 7.42 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
 
Computer Name: RB-PC | User Name: ***  *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A7AB30E-EDB9-4226-8E77-835F2669BF31}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011c\wnt500x86\rpcsandrasrv.exe |
"{3C11D5FC-C5A5-41BA-8B2E-F5E7F7BAE165}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011c\rpcagentsrv.exe |
"{CDFCBD8E-D860-4CD3-B23A-30C0E3F8B61E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF492B11-609C-4A6C-A043-D13F4181DFD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FF162C-EF43-427F-9952-710580F0EF8C}" = protocol=17 | dir=in | app=c:\spiele\microsoft games\age of mythology\aom.exe |
"{0BAFE081-5930-4C77-803B-D68E99B0AF97}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{29A357EC-9D3C-442A-B4AE-01B576E8040B}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{2D8262F3-20C0-4C04-BE46-A6E42B983B42}" = protocol=6 | dir=in | app=c:\spiele\microsoft games\age of mythology\aomx.exe |
"{395918EA-C6E4-41C8-8184-951C763C52EF}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{405960DA-B75F-4CC8-AEA0-5D5CD273D307}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead\left4dead.exe |
"{549049ED-2892-43EC-A312-8630C3372CCF}" = protocol=17 | dir=in | app=c:\spiele\microsoft games\age of mythology\aomx.exe |
"{5701FBB2-4C03-41E1-8ADC-CF381CBBEBE3}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{5F3487EE-818A-4F11-B02C-0C8118170B32}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{60441991-AC78-479A-975E-3AD7D453B8BF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6564DEF6-3BFA-477A-858A-7C5BC27E4FDF}" = protocol=6 | dir=in | app=d:\spiele 2\ea\launcher.exe |
"{6DC7E480-40A8-4A65-921E-0034FB1848EB}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\alien swarm\srcds.exe |
"{756F07D3-5B0F-4D9F-8467-4766DED7585A}" = protocol=6 | dir=in | app=c:\spiele\microsoft games\age of mythology\aom.exe |
"{7C6F0DA3-2263-4B65-A9EA-659D2772234A}" = dir=in | app=d:\spiele 2\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat |
"{A60D9041-8095-4EF8-AEF0-445D062D6441}" = protocol=6 | dir=in | app=c:\spiele\capcom\streetfighteriv\streetfighteriv.exe |
"{ACECA406-E53F-4C13-882B-63BA7DDB4490}" = protocol=17 | dir=in | app=d:\spiele 2\ea\launcher.exe |
"{C3BB9E25-2580-41C2-B8CD-DB2B84A44E18}" = protocol=6 | dir=in | app=c:\spiele\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{C4C7D8A7-588C-4EB8-A961-BA2A29705D6B}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{C9A33E5E-8A2A-4590-B3C2-8DB3A4542B9F}" = protocol=17 | dir=in | app=c:\spiele\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{CC4C5B40-0667-4014-AB32-C55C43014BB9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{EB8A3712-7B71-41CE-A42E-5C799785E138}" = protocol=17 | dir=in | app=c:\spiele\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{F33EEF26-46C3-46B5-BC86-FBD659E59E61}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F8264311-2E00-49EA-A2DB-77E75EE0BBF3}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\alien swarm\srcds.exe |
"{F8E1785E-6B59-4D6B-8578-9B924E110802}" = protocol=17 | dir=in | app=c:\spiele\capcom\streetfighteriv\streetfighteriv.exe |
"{FE2BBB28-A542-42AC-9B70-7ADBE693B318}" = protocol=6 | dir=in | app=c:\spiele\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"TCP Query User{2E5EFC5A-ECFB-4BCB-9C23-C49D39CBCBCC}C:\spiele\valve\hl.exe" = protocol=6 | dir=in | app=c:\spiele\valve\hl.exe |
"TCP Query User{2EF4D6B3-0A94-47DB-994C-6DA38F1A4834}E:\asphaltduell.exe" = protocol=6 | dir=in | app=e:\asphaltduell.exe |
"TCP Query User{40831FAB-4E9A-4C8C-88F4-771D37C12A8E}C:\spiele\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\spiele\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"TCP Query User{48AEF2D1-D7BF-4499-AC3F-E0B884171552}C:\users\***  ***\desktop\überreste\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\***  ***\desktop\überreste\spiele\warcraft iii\war3.exe |
"TCP Query User{665067D3-B195-4BAA-B2C7-7F9F8A42BBA1}C:\spiele\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\empire interactive\flatout2\flatout2.exe |
"TCP Query User{6E50F0DB-EEED-4204-976F-78E248B33E1A}C:\spiele\unreal anthology\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\spiele\unreal anthology\ut2004\system\ut2004.exe |
"TCP Query User{7B3EE71D-8F5D-479D-9082-199108C0B729}C:\spiele\steam\steamapps\***\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\***\team fortress 2\hl2.exe |
"TCP Query User{87F87504-5E64-44B4-B9B4-FADB9E86B53E}C:\users\***  ***\desktop\überreste\spiele\serious sam\bin\serioussam.exe" = protocol=6 | dir=in | app=c:\users\***  ***\desktop\überreste\spiele\serious sam\bin\serioussam.exe |
"TCP Query User{8D4FF679-607C-4961-92AA-54D3209FC82F}C:\spiele\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\thq\company of heroes\reliccoh.exe |
"TCP Query User{95E6C498-9B22-4F06-A720-196252886B11}L:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=l:\warcraft iii\war3.exe |
"TCP Query User{ACDC720C-C577-40A8-B89A-7157000A55D2}C:\spiele\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\spiele\microsoft games\age of empires iii\age3.exe |
"TCP Query User{EED746E6-BFFA-49EA-983D-01E4B0C9CCAF}D:\spiele 2\ea\nfs11.exe" = protocol=6 | dir=in | app=d:\spiele 2\ea\nfs11.exe |
"TCP Query User{FEEB63BF-339E-4526-AFD1-36D577C5CBF3}C:\sierra\half-life\hl.exe" = protocol=6 | dir=in | app=c:\sierra\half-life\hl.exe |
"UDP Query User{0345C9C6-FEBE-41C8-9FD2-149E01316D7C}L:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=l:\warcraft iii\war3.exe |
"UDP Query User{1E01BA3C-7365-49C4-9FAE-C97447EEC588}C:\spiele\unreal anthology\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\spiele\unreal anthology\ut2004\system\ut2004.exe |
"UDP Query User{1F1323D3-0667-4F62-8AF0-8D79D071ACE5}C:\spiele\valve\hl.exe" = protocol=17 | dir=in | app=c:\spiele\valve\hl.exe |
"UDP Query User{22A6ADDD-A1AB-4563-BC08-CC5F40F6833B}C:\spiele\steam\steamapps\***\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\***\team fortress 2\hl2.exe |
"UDP Query User{2590DF13-0099-41F0-A895-67E97DA5B654}E:\asphaltduell.exe" = protocol=17 | dir=in | app=e:\asphaltduell.exe |
"UDP Query User{401F4FC3-7FCB-4A11-B192-94FD4C7FBCB1}D:\spiele 2\ea\nfs11.exe" = protocol=17 | dir=in | app=d:\spiele 2\ea\nfs11.exe |
"UDP Query User{48E75339-90A9-491A-9CFC-B50F3A3FAC1B}C:\users\***  ***\desktop\überreste\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\***  ***\desktop\überreste\spiele\warcraft iii\war3.exe |
"UDP Query User{66576470-F999-427B-A2C8-B17512CE326F}C:\spiele\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\spiele\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"UDP Query User{82AB085D-B578-4DDA-8F3F-31B620F57F8B}C:\spiele\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\thq\company of heroes\reliccoh.exe |
"UDP Query User{8736AFA3-A9EB-4658-B1E1-6DDBE9FFD236}C:\sierra\half-life\hl.exe" = protocol=17 | dir=in | app=c:\sierra\half-life\hl.exe |
"UDP Query User{96CBB71F-C545-4B2D-B8FC-A3C48CCA9EB1}C:\users\***  ***\desktop\überreste\spiele\serious sam\bin\serioussam.exe" = protocol=17 | dir=in | app=c:\users\***  ***\desktop\überreste\spiele\serious sam\bin\serioussam.exe |
"UDP Query User{B6E6821A-D821-484B-82CF-A9D71B96BFBA}C:\spiele\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\spiele\microsoft games\age of empires iii\age3.exe |
"UDP Query User{D164DFD0-2474-4F5B-85A2-215820BA01CA}C:\spiele\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\empire interactive\flatout2\flatout2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2A60EF00-46C4-48D5-B9B9-0865F32BC134}" = IndustrieGigant 2 - Addon
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2008
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79AE264A-7DEA-49AF-AFAF-7A2D8F706F51}" = Roxio WinOnCD LE 10
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5
"{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}" = IndustrieGigant 2
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B8934332-6BD6-4736-9898-DBFE80AC0468}" = Falk Navi-Manager
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011c
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D37B24D2-D4F8-40ED-A8D4-0D03F56D6838}" = Falk Navi-Manager
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{DEA26700-69D8-4EE1-AD8A-609BD28965E6}" = Falk Navi-Manager
"{DFE506AB-DDEA-4C94-BDE0-C26F4B21C71A}" = Falk Navi-Manager
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE28E1DC-A319-4DFE-B8ED-BEE329D377A4}" = Sony Ericsson PC Suite 1.10.36
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{FA208693-1080-4671-9503-58599DB491E0}" = Falk Navi-Manager
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 2.0.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Ashampoo Music Studio 2009_is1" = Ashampoo Music Studio 2009
"Ashampoo PowerUp 2009_is1" = Ashampoo PowerUp 2009
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.51
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Clarkson Duel_is1" = Clarkson Duel
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Cradle of Rome" = Cradle of Rome (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DataStar-Engine" = DataStar-Engine
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"Google Desktop" = Google Desktop
"Half-Life" = Half-Life
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"Poker Superstars II" = Poker Superstars II (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Sierra Utilities" = Sierra Utilities
"Soldat_is1" = Soldat 1.2.1
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 0.9.8a
"VP3 Codec Version 3.2.6.1" = VP3 Codec Version 3.2.6.1
"WinCDEmu" = WinCDEmu
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.0.8.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.04.2012 14:05:49 | Computer Name = RB-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4f6cfb24,
 fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4f6cfb98, Ausnahmecode 0xc0000005, Fehleroffset 0x6a9cf1c9,  Prozess-ID 0xe4c, Anwendungsstartzeit
 01cd1cc24f9fb449.
 
Error - 19.04.2012 14:31:49 | Computer Name = RB-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 20.04.2012 15:05:11 | Computer Name = RB-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 20.04.2012 16:47:24 | Computer Name = RB-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4f6cfb24,
 fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4f8ccc14, Ausnahmecode 0xc0000005, Fehleroffset 0x7443e51a,  Prozess-ID 0x61c, Anwendungsstartzeit
 01cd1f2baa85f935.
 
Error - 22.04.2012 04:15:24 | Computer Name = RB-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 22.04.2012 14:29:13 | Computer Name = RB-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 23.04.2012 11:53:59 | Computer Name = RB-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 26.04.2012 14:58:59 | Computer Name = RB-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 26.04.2012 15:11:43 | Computer Name = RB-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 26.04.2012 15:21:41 | Computer Name = RB-PC | Source = EventSystem | ID = 4609
Description =
 
[ System Events ]
Error - 26.04.2012 15:02:11 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.04.2012 15:11:34 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.04.2012 15:11:43 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.04.2012 15:11:50 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.04.2012 15:11:52 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.04.2012 15:21:32 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.04.2012 15:21:40 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.04.2012 15:21:43 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.04.2012 15:21:49 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.04.2012 15:21:50 | Computer Name = RB-PC | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
--- --- ---

markusg 27.04.2012 13:13
hi
ersetze *** durch nutzernamen damits geht

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\***\AppData\Local\Skype\SkypePM.exe ()
 :Files
C:\Users\***\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Krokologo 27.04.2012 14:12
[QUOTE=markusg;820658]hi
ersetze *** durch nutzernamen damits geht

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\***\AppData\Local\Skype\SkypePM.exe ()
 :Files
C:\Users\***\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
QUOTE]

Hallo Markus,

das soll ich noch im abgesicherten Modus machen, richtig?

:dankeschoen:

markusg 27.04.2012 17:39
jepp genau.

Krokologo 27.04.2012 20:02
Habe die Datei in den UploadChannel geladen. Hat alles funktioniert.

markusg 30.04.2012 16:14
danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Krokologo 30.04.2012 19:27
Hier die ComboFix Logfile:


Combofix Logfile:
Code:
ComboFix 12-04-31.02 - ***  *** 30.04.2012  19:32:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3071.2120 [GMT 2:00]
ausgeführt von:: c:\users\***  ***\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml6623.tmp
c:\programdata\xml675C.tmp
c:\programdata\xml67F9.tmp
c:\programdata\xml68B5.tmp
c:\users\***  ***\AppData\Local\Skype\SkypePM.exe
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-28 bis 2012-04-30  ))))))))))))))))))))))))))))))
.
.
2012-04-30 17:39 . 2012-04-30 17:42        --------        d-----w-        c:\users\***  ***\AppData\Local\temp
2012-04-30 17:39 . 2012-04-30 17:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-27 18:45 . 2012-04-27 18:58        --------        d-----w-        C:\_OTL
2012-04-09 12:09 . 2012-04-09 12:09        --------        d-----w-        c:\users\***  ***\AppData\Local\Black_Tree_Gaming
2012-04-08 12:17 . 2012-04-08 12:31        --------        d-----w-        C:\NVIDIA
2012-04-08 11:08 . 2012-04-08 11:08        --------        d-----w-        c:\program files\Common Files\Java
2012-04-08 11:07 . 2012-04-08 11:07        476904        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-08 11:07 . 2012-04-08 11:07        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-04-08 11:07 . 2012-04-08 11:07        --------        d-----w-        c:\program files\Java
2012-04-07 09:38 . 2012-04-07 09:38        --------        d-----w-        c:\users\***  ***\AppData\Roaming\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2012-04-27 18:57        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3D63817-BC67-49C4-B962-63B662E47E70}\mpengine.dll
2012-03-11 11:49 . 2011-05-17 18:08        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 23:59 . 2011-01-22 16:54        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-29 23:59 . 2011-01-22 16:54        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-29 20:56 . 2010-10-19 00:57        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2010-10-19 00:57        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2010-10-19 00:57        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2010-10-19 00:57        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2010-10-19 00:57        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-29 20:53 . 2010-10-19 00:57        2561344        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-02-29 11:26 . 2012-02-29 11:26        416064        ----a-w-        c:\windows\system32\nvStreaming.exe
2012-02-26 14:49 . 2012-02-26 14:49        6144        ----a-r-        c:\users\***  ***\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon83F12F734.exe
2012-02-26 14:49 . 2012-02-26 14:49        11264        ----a-r-        c:\users\***  ***\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon8F99E711.exe
2012-02-26 14:49 . 2012-02-26 14:49        8192        ----a-r-        c:\users\***  ***\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\IconD0B36BAF3.exe
2012-02-23 08:18 . 2009-10-02 20:52        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-07-14 08:31 . 2009-12-29 19:38        1456640        ----a-w-        c:\program files\Common Files\Falk Navi-Manager.msi
2012-01-15 20:55 . 2011-04-30 10:40        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2008-09-19 16:42 . 2008-09-19 16:42        122880        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd085e1b77dac3.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:17]
.
2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:17]
.
2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{FA921F11-19C4-4819-AD06-75A4E0ACA0CE}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2011-01-16 c:\windows\Tasks\XboxStatTask.job
- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-10-01 00:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Free YouTube to MP3 Converter - c:\users\***  ***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: Interfaces\{4EA41A00-2231-4DA6-8620-C7270A22FACB}: NameServer = 192.168.10.1
FF - ProfilePath - c:\users\***  ***\AppData\Roaming\Mozilla\Firefox\Profiles\f0tnr7k8.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-DataStar-Engine - c:\windows\unin0407.exe
AddRemove-Half-Life - c:\windows\IsUn0407.exe
AddRemove-Half-Life: Opposing Force - l:\sierra\HALF-L~1\UNWISE.EXE
AddRemove-RiseOfNations 1.0 - c:\spiele\Microsoft Games\Rise of Nations\UNINSTAL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-30 19:42
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1301723024-1867698784-2665943908-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,d3,ef,d2,eb,2f,32,73,e3,de,f5,0a,70,0e,0f,e7,04,ef,dd,3b,f3,09,29,
  bf,59,fc,13,0d,45,d0,f3,20,92,fd,b6,dc,09,69,09,00,16,74,2a,10,35,3a,2e,c6,\
"??"=hex:ea,e9,a9,1e,d2,ef,9d,72,83,13,cb,5c,b0,0c,9e,e5
.
[HKEY_USERS\S-1-5-21-1301723024-1867698784-2665943908-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:60,df,61,a6,dd,fc,c6,22,c8,ed,bd,66,71,2b,9a,17,55,63,82,77,77,
  37,6d,76,3e,bc,98,1d,0e,1b,ea,a3,6d,b3,22,88,70,dd,32,57,f2,0c,2a,cd,1a,b3,\
"rkeysecu"=hex:2e,3f,52,f9,54,80,b4,a1,2b,cc,9f,b7,a9,4e,60,de
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3336)
c:\program files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll
c:\windows\system32\MSVCP71.dll
c:\program files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PSIService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WerCon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-30  19:49:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-30 17:49
.
Vor Suchlauf: 7.184.777.216 Bytes frei
Nach Suchlauf: 6.913.998.848 Bytes frei
.
- - End Of File - - CCECD9FFC3794D07306E464727C85A32
--- --- ---

markusg 01.05.2012 14:41
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Krokologo 01.05.2012 21:54
Hier die Malwarebyte Log:


Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.09

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
*** *** :: RB-PC [Administrator]

Schutz: Aktiviert

01.05.2012 19:30:28
mbam-log-2012-05-01 (19-30-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 559931
Laufzeit: 1 Stunde(n), 59 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\SVKP (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\System32\SVKP.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Wie gehts weiter? :dummguck:

markusg 02.05.2012 15:37
nutzt du den pc für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?

Krokologo 02.05.2012 19:08
Ja, nutze den PC für alles (auch Onlinebanking etc.) bis auf berufliches.

markusg 02.05.2012 19:11
du scheinst ein rootkit zu haben.
bitte rufe die bank an, lasse dir neue zugangsdaten senden.

der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Krokologo 02.05.2012 19:21
Oh nein :headbang:
Was bedeutet Rootkit??? Shit, habe gehofft nochmal mim blauen Auge davon zukommen :pukeface:

Achja:
Daten kann ich sichern ohne die externe Festplatte zu verseuchen? Oder steckt das nicht in so Sachen wie Bildern, Musik usw?


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:44 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131