Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   merkwürdige Dateien im Autostart (https://www.trojaner-board.de/86823-merkwuerdige-dateien-autostart.html)

blabla 07.06.2010 15:58

merkwürdige Dateien im Autostart
 
Liste der Anhänge anzeigen (Anzahl: 1)
das Bild was im Anhang ist zeigt meinen Autostart im CCleaner.
Ich hatte mir letztens ein paar viren eingefangen und seitdem sind da merkwürdige progamme drin. Ich kann leider nicht zuordnen, was es ist. ich weiß das noch viren drauf sind aber ich kann sie nicht finden.
hoffe auf viel Hilfe :(
danke im vorraus

ps.: abgesehen von Avira und Nero kann ich von den schwarzen einträgen nichts zuordnen.
achja hab windows XP 32 bit
alles andere einfach fragen

Larusso 07.06.2010 16:04

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.
  • Bitte keine Code Tags.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5



Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt

blabla 07.06.2010 16:40

Ich kann die Texte zwar einfügen, aber wenn ich abschicken will, wird der Server zurückgesetzt.
So war es schonmal bei dem Versuch ein Hijack reinzuposten.

Währrend des Suchlaufs sagte Avira:
Zitat:

In der Datei 'C:\WINDOWS\Temp\frjr.tmp\svchost.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Larusso 07.06.2010 16:47

Kannst Du die Logfile bei File-Upload.net hochladen und mir den Downloadlink posten ?

blabla 07.06.2010 16:54

hxxp://www.file-upload.net/download-2581538/Extras.Txt.html
bzw
hxxp://www.file-upload.net/download-2581535/OTL.Txt.html

Larusso 07.06.2010 17:10

Hy,
Zitat:

NOT logged in as Administrator.
WIr benötigen für die nächsten Schritte Adminstrative Rechte.


Schritt 1
Code:

:OTL
PRC - [2009.02.09 12:51:43 | 000,786,944 | R--- | M] () -- C:\WINDOWS\system32\sdra64.exe
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\jncegivq.exe ()
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [skb] C:\WINDOWS\System32\uppqhbrc.dll ()
O4 - HKCU..\Run: [userinit] C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\sdra64.exe ()
O4 - HKLM..\RunOnceEx: [Flag] Reg Error: Invalid data type. File not found
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\sdra64.exe) - C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\sdra64.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
[2010.06.04 00:13:36 | 000,309,760 | ---- | M] () -- C:\WINDOWS\System32\nznnhkyb.dll
[2010.06.04 00:11:38 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\uppqhbrc.dll
[2010.06.07 17:32:33 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\avprnzsn.sys
[2010.06.05 18:42:56 | 000,000,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.05.24 18:31:20 | 000,040,633 | ---- | M] () -- C:\WINDOWS\System32\jncegivq.exe
[2010.06.02 15:53:04 | 000,050,981 | ---- | C] () -- C:\WINDOWS\System32\pcsperzogd.exe
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\PAINT.exe:SummaryInformation
:services
:files
:reg
:Commands
[purity]
[emptytemp]

  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Schritt 3

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
Log von OTLfix
Gmer.txt
OTL.txt

blabla 07.06.2010 17:34

Das kam nach dem Neustart:
Zitat:

All processes killed
========== OTL ==========
No active process named sdra64.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MChk deleted successfully.
C:\WINDOWS\system32\jncegivq.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\skb deleted successfully.
C:\WINDOWS\system32\uppqhbrc.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\userinit deleted successfully.
C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\sdra64.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flag deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\sdra64.exe deleted successfully.
File C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\sdra64.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\nznnhkyb.dll moved successfully.
File C:\WINDOWS\System32\uppqhbrc.dll not found.
File move failed. C:\WINDOWS\system32\drivers\avprnzsn.sys scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\Jonas nur Spiele\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.
File C:\WINDOWS\System32\jncegivq.exe not found.
C:\WINDOWS\system32\pcsperzogd.exe moved successfully.
ADS C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\PAINT.exe:SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.SCHATZI
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: HelpAssistant
->Temp folder emptied: 98618 bytes
->Temporary Internet Files folder emptied: 474943 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11264 bytes
->Flash cache emptied: 5 bytes

User: HelpAssistant.SCHATZI
->Temp folder emptied: 3875833 bytes
->Temporary Internet Files folder emptied: 5752479 bytes
->Java cache emptied: 3035 bytes
->FireFox cache emptied: 1740325 bytes
->Flash cache emptied: 5477 bytes

User: Jonas

User: Jonas nur Spiele
->Temp folder emptied: 1622182 bytes
->Temporary Internet Files folder emptied: 862928 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35529020 bytes
->Flash cache emptied: 1040 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 353811 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 874981 bytes
->Flash cache emptied: 0 bytes

User: Sunny Net
->Temp folder emptied: 819960 bytes
->Temporary Internet Files folder emptied: 3131419 bytes
->Java cache emptied: 3035 bytes
->FireFox cache emptied: 26439643 bytes
->Flash cache emptied: 0 bytes

User: Uli.SCHATZI

User: Utily
->Temp folder emptied: 60823 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32375659 bytes
->Apple Safari cache emptied: 139253 bytes
->Flash cache emptied: 3478 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6474 bytes
%systemroot%\System32 .tmp files removed: 19742183 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2398759 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 130,00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06072010_183037

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\avprnzsn.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot.

Registry entries deleted on Reboot...

GMER Logfile:
GMER Logfile:
Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-07 18:50:27
Windows 5.1.2600 Service Pack 3
Running: j4s3uq5z.exe; Driver: C:\DOKUME~1\JONASN~1\LOKALE~1\Temp\fxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT            F7AA98C6                                                                                                                                                  ZwCreateKey
SSDT            F7AA98BC                                                                                                                                                  ZwCreateThread
SSDT            F7AA98CB                                                                                                                                                  ZwDeleteKey
SSDT            F7AA98D5                                                                                                                                                  ZwDeleteValueKey
SSDT            F7AA98DA                                                                                                                                                  ZwLoadKey
SSDT            F7AA98A8                                                                                                                                                  ZwOpenProcess
SSDT            F7AA98AD                                                                                                                                                  ZwOpenThread
SSDT            F7AA98E4                                                                                                                                                  ZwReplaceKey
SSDT            F7AA98DF                                                                                                                                                  ZwRestoreKey
SSDT            F7AA98D0                                                                                                                                                  ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

?              C:\WINDOWS\system32\drivers\avprnzsn.sys                                                                                                                  Ein an das System angeschlossenes Gerät funktioniert nicht. !
PAGE            Ntfs.sys                                                                                                                                                  F71D5E55 4 Bytes  CALL 86BB33D1
.text          C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                                                  section is writeable [0xF6B8B000, 0x1B601E, 0xE8000020]
.text          C:\WINDOWS\system32\drivers\SSHDRV86.sys                                                                                                                  section is writeable [0xEE601000, 0x26354, 0xE8000020]
.pklstb        C:\WINDOWS\system32\drivers\SSHDRV86.sys                                                                                                                  entry point in ".pklstb" section [0xEE636000]
.relo2          C:\WINDOWS\system32\drivers\SSHDRV86.sys                                                                                                                  unknown last section [0xEE64D000, 0x8E, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Avira\AntiVir Desktop\sched.exe[460] WS2_32.dll!closesocket                                                                                  71A13E2B 5 Bytes  JMP 009D2862
.text          C:\Programme\Avira\AntiVir Desktop\sched.exe[460] WS2_32.dll!send                                                                                        71A14C27 5 Bytes  JMP 009D26EE
.text          C:\Programme\Avira\AntiVir Desktop\sched.exe[460] WS2_32.dll!WSARecv                                                                                      71A14CB5 5 Bytes  JMP 009D27E0
.text          C:\Programme\Avira\AntiVir Desktop\sched.exe[460] WS2_32.dll!recv                                                                                        71A1676F 5 Bytes  JMP 009D2726
.text          C:\Programme\Avira\AntiVir Desktop\sched.exe[460] WS2_32.dll!WSASend                                                                                      71A168FA 5 Bytes  JMP 009D275E
.text          C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] ws2_32.dll!WSARecv                                                                                  71A14CB5 5 Bytes  JMP 015B27E0
.text          C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] ws2_32.dll!recv                                                                                      71A1676F 5 Bytes  JMP 015B2726
.text          C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] ws2_32.dll!WSASend                                                                                  71A168FA 5 Bytes  JMP 015B275E
.text          C:\WINDOWS\Explorer.EXE[568] ntdll.dll!NtProtectVirtualMemory                                                                                            7C91D6EE 5 Bytes  JMP 00B7000A
.text          C:\WINDOWS\Explorer.EXE[568] ntdll.dll!NtWriteVirtualMemory                                                                                              7C91DFAE 5 Bytes  JMP 00BD000A
.text          C:\WINDOWS\Explorer.EXE[568] ntdll.dll!KiUserExceptionDispatcher                                                                                          7C91E47C 5 Bytes  JMP 00B6000C
.text          C:\Programme\Bonjour\mDNSResponder.exe[604] WS2_32.dll!WSARecv                                                                                            71A14CB5 5 Bytes  JMP 011F27E0
.text          C:\Programme\Bonjour\mDNSResponder.exe[604] WS2_32.dll!recv                                                                                              71A1676F 5 Bytes  JMP 011F2726
.text          C:\Programme\Bonjour\mDNSResponder.exe[604] WS2_32.dll!WSASend                                                                                            71A168FA 5 Bytes  JMP 011F275E
.text          C:\WINDOWS\system32\Ati2evxx.exe[1108] WS2_32.dll!closesocket                                                                                            71A13E2B 5 Bytes  JMP 01352862
.text          C:\WINDOWS\system32\Ati2evxx.exe[1108] WS2_32.dll!send                                                                                                    71A14C27 5 Bytes  JMP 013526EE
.text          C:\WINDOWS\system32\Ati2evxx.exe[1108] WS2_32.dll!WSARecv                                                                                                71A14CB5 5 Bytes  JMP 013527E0
.text          C:\WINDOWS\system32\Ati2evxx.exe[1108] WS2_32.dll!recv                                                                                                    71A1676F 5 Bytes  JMP 01352726
.text          C:\WINDOWS\system32\Ati2evxx.exe[1108] WS2_32.dll!WSASend                                                                                                71A168FA 5 Bytes  JMP 0135275E
.text          C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtProtectVirtualMemory                                                                                    7C91D6EE 3 Bytes  JMP 0092000A
.text          C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtProtectVirtualMemory + 4                                                                                7C91D6F2 1 Byte  [84]
.text          C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtWriteVirtualMemory                                                                                      7C91DFAE 5 Bytes  JMP 0093000A
.text          C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!KiUserExceptionDispatcher                                                                                7C91E47C 5 Bytes  JMP 0091000C
.text          C:\WINDOWS\System32\svchost.exe[1512] ole32.dll!CoCreateInstance                                                                                          774D057E 5 Bytes  JMP 00AE000A
.text          C:\WINDOWS\SYSTEM32\Ati2evxx.exe[1532] WS2_32.dll!closesocket                                                                                            71A13E2B 5 Bytes  JMP 01222862
.text          C:\WINDOWS\SYSTEM32\Ati2evxx.exe[1532] WS2_32.dll!send                                                                                                    71A14C27 5 Bytes  JMP 012226EE
.text          C:\WINDOWS\SYSTEM32\Ati2evxx.exe[1532] WS2_32.dll!WSARecv                                                                                                71A14CB5 5 Bytes  JMP 012227E0
.text          C:\WINDOWS\SYSTEM32\Ati2evxx.exe[1532] WS2_32.dll!recv                                                                                                    71A1676F 5 Bytes  JMP 01222726
.text          C:\WINDOWS\SYSTEM32\Ati2evxx.exe[1532] WS2_32.dll!WSASend                                                                                                71A168FA 5 Bytes  JMP 0122275E
.text          C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] ws2_32.dll!WSARecv                                                    71A14CB5 5 Bytes  JMP 006F27E0
.text          C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] ws2_32.dll!recv                                                        71A1676F 5 Bytes  JMP 006F2726
.text          C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] ws2_32.dll!WSASend                                                    71A168FA 5 Bytes  JMP 006F275E
.text          C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] ws2_32.dll!WSARecv                                                                                  71A14CB5 5 Bytes  JMP 013027E0
.text          C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] ws2_32.dll!recv                                                                                      71A1676F 5 Bytes  JMP 01302726
.text          C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] ws2_32.dll!WSASend                                                                                  71A168FA 5 Bytes  JMP 0130275E
.text          C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\j4s3uq5z.exe[2132] WS2_32.dll!closesocket                                                        71A13E2B 5 Bytes  JMP 01122862
.text          C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\j4s3uq5z.exe[2132] WS2_32.dll!send                                                                71A14C27 5 Bytes  JMP 011226EE
.text          C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\j4s3uq5z.exe[2132] WS2_32.dll!WSARecv                                                            71A14CB5 5 Bytes  JMP 011227E0
.text          C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\j4s3uq5z.exe[2132] WS2_32.dll!recv                                                                71A1676F 5 Bytes  JMP 01122726
.text          C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\j4s3uq5z.exe[2132] WS2_32.dll!WSASend                                                            71A168FA 5 Bytes  JMP 0112275E
.text          C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] ws2_32.dll!WSARecv                                                                                              71A14CB5 5 Bytes  JMP 00D227E0
.text          C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] ws2_32.dll!recv                                                                                                71A1676F 5 Bytes  JMP 00D22726
.text          C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] ws2_32.dll!WSASend                                                                                              71A168FA 5 Bytes  JMP 00D2275E
.text          C:\WINDOWS\Dit.exe[2536] WS2_32.dll!closesocket                                                                                                          71A13E2B 5 Bytes  JMP 01202862
.text          C:\WINDOWS\Dit.exe[2536] WS2_32.dll!send                                                                                                                  71A14C27 5 Bytes  JMP 012026EE
.text          C:\WINDOWS\Dit.exe[2536] WS2_32.dll!WSARecv                                                                                                              71A14CB5 5 Bytes  JMP 012027E0
.text          C:\WINDOWS\Dit.exe[2536] WS2_32.dll!recv                                                                                                                  71A1676F 5 Bytes  JMP 01202726
.text          C:\WINDOWS\Dit.exe[2536] WS2_32.dll!WSASend                                                                                                              71A168FA 5 Bytes  JMP 0120275E
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2576] WS2_32.dll!closesocket                                                                                71A13E2B 5 Bytes  JMP 00BE2862
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2576] WS2_32.dll!send                                                                                        71A14C27 5 Bytes  JMP 00BE26EE
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2576] WS2_32.dll!WSARecv                                                                                    71A14CB5 5 Bytes  JMP 00BE27E0
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2576] WS2_32.dll!recv                                                                                        71A1676F 5 Bytes  JMP 00BE2726
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2576] WS2_32.dll!WSASend                                                                                    71A168FA 5 Bytes  JMP 00BE275E
.text          C:\WINDOWS\system32\ctfmon.exe[2744] WS2_32.dll!closesocket                                                                                              71A13E2B 5 Bytes  JMP 00E12862
.text          C:\WINDOWS\system32\ctfmon.exe[2744] WS2_32.dll!send                                                                                                      71A14C27 5 Bytes  JMP 00E126EE
.text          C:\WINDOWS\system32\ctfmon.exe[2744] WS2_32.dll!WSARecv                                                                                                  71A14CB5 5 Bytes  JMP 00E127E0
.text          C:\WINDOWS\system32\ctfmon.exe[2744] WS2_32.dll!recv                                                                                                      71A1676F 5 Bytes  JMP 00E12726
.text          C:\WINDOWS\system32\ctfmon.exe[2744] WS2_32.dll!WSASend                                                                                                  71A168FA 5 Bytes  JMP 00E1275E
.text          C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe[2780] WS2_32.dll!closesocket                                                                    71A13E2B 5 Bytes  JMP 019B2862
.text          C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe[2780] WS2_32.dll!send                                                                          71A14C27 5 Bytes  JMP 019B26EE
.text          C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe[2780] WS2_32.dll!WSARecv                                                                        71A14CB5 5 Bytes  JMP 019B27E0
.text          C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe[2780] WS2_32.dll!recv                                                                          71A1676F 5 Bytes  JMP 019B2726
.text          C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe[2780] WS2_32.dll!WSASend                                                                        71A168FA 5 Bytes  JMP 019B275E
.text          C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!closesocket                                                                                                  71A13E2B 5 Bytes  JMP 00AF2862
.text          C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!send                                                                                                        71A14C27 5 Bytes  JMP 00AF26EE
.text          C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSARecv                                                                                                      71A14CB5 5 Bytes  JMP 00AF27E0
.text          C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!recv                                                                                                        71A1676F 5 Bytes  JMP 00AF2726
.text          C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSASend                                                                                                      71A168FA 5 Bytes  JMP 00AF275E

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                    01725926
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                              01725811
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                  017257AC
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                          0172577A
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                      01725926
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                                0172542D
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                        01725E95
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                        01725BEB
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                0172542D
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                        01725E95
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                          01725BEB
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                          01725E95
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                                0172542D
IAT            C:\Programme\Avira\AntiVir Desktop\sched.exe[460] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!EndDialog]                                                0172542D
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                  00135926
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                            00135811
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                001357AC
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                        0013577A
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                        00135BEB
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                        00135E95
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                            0013542D
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                      00135E95
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                            0013542D
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndDialog]                                            0013542D
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                      00135E95
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                      00135BEB
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                  00135926
IAT            C:\Programme\Avira\AntiVir Desktop\avshadow.exe[476] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!EndDialog]                                            0013542D
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\Explorer.EXE [USER32.dll!EndDialog]                                                                            00DA542D
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage]                                                                      00DA5E95
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                                00DA5BEB
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                                00DA5E95
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                                    00DA542D
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                              00DA5E95
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                                                    00DA542D
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                              00DA5E95
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                              00DA5BEB
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog]                                                                    00DA542D
IAT            C:\WINDOWS\Explorer.EXE[568] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                          00DA5926
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                          00135926
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                    00135811
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                        001357AC
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                0013577A
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                            00135926
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                00135BEB
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                00135E95
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                      0013542D
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                              00135E95
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                                      0013542D
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndDialog]                                                      0013542D
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                              00135E95
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                              00135BEB
IAT            C:\Programme\Bonjour\mDNSResponder.exe[604] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!EndDialog]                                                      0013542D
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile]                                                01F75926
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                01F75926
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                          01F75811
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                              01F757AC
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                      01F7577A
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog]                                                            01F7542D
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                      01F75BEB
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                      01F75E95
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                            01F7542D
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                    01F75E95
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                                            01F7542D
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                  01F75926
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                                            01F7542D
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                    01F75E95
IAT            C:\WINDOWS\system32\services.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                    01F75BEB
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                    00FD5926
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                              00FD5811
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                  00FD57AC
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          00FD577A
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll]                                                                00FD5811
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                    00FD5926
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll]                                                                00FD5811
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress]                                                    00FD57AC
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                          00FD5BEB
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                          00FD5E95
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                                              00FD542D
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                        00FD5E95
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                        00FD5BEB
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                              00FD542D
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                        00FD5E95
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog]                                                              00FD542D
IAT            C:\WINDOWS\system32\lsass.exe[932] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                                              00FD542D
IAT            C:\WINDOWS\system32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                      00F8577A
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                01215926
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                          01215811
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                              012157AC
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                      0121577A
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                      01215BEB
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                      01215E95
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                                            0121542D
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                    01215E95
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                    01215BEB
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                            0121542D
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                    01215E95
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog]                                                            0121542D
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                                            0121542D
IAT            C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                  01215926
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                00405926
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                          00405811
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                              004057AC
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                      0040577A
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                      00405BEB
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                      00405E95
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                                            0040542D
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                    00405E95
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                    00405BEB
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                            0040542D
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                    00405E95
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog]                                                            0040542D
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                                            0040542D
IAT            C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                  00405926
IAT            C:\WINDOWS\System32\svchost.exe[1512] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                      01EE5BEB
IAT            C:\WINDOWS\System32\svchost.exe[1512] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                      01EE5E95
IAT            C:\WINDOWS\System32\svchost.exe[1512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                                            01EE542D
IAT            C:\WINDOWS\System32\svchost.exe[1512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                    01EE5E95
IAT            C:\WINDOWS\System32\svchost.exe[1512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                    01EE5BEB
IAT            C:\WINDOWS\System32\svchost.exe[1512] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                            01EE542D
IAT            C:\WINDOWS\System32\svchost.exe[1512] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                    01EE5E95
IAT            C:\WINDOWS\System32\svchost.exe[1512] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog]                                                            01EE542D
IAT            C:\WINDOWS\System32\svchost.exe[1512] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                  01EE5926
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]    00135926
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]              00135811
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]  001357AC
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]          0013577A
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]              0013542D
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]        00135E95
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]        00135BEB
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]              0013542D
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]        00135E95
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog]              0013542D
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]          00135BEB
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]          00135E95
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]              0013542D
IAT            C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1628] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]    00135926
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                008F5926
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                          008F5811
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                              008F57AC
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                      008F577A
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                      008F5BEB
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                      008F5E95
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                                            008F542D
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                    008F5E95
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                    008F5BEB
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                            008F542D
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                    008F5E95
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog]                                                            008F542D
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                                            008F542D
IAT            C:\WINDOWS\system32\svchost.exe[1708] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                  008F5926
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                  00135926
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                            00135811
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                001357AC
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                        0013577A
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                            0013542D
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                      00135E95
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                      00135BEB
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                            0013542D
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                      00135E95
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                        00135BEB
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                        00135E95
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                            0013542D
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                  00135926
IAT            C:\Programme\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!EndDialog]                                            0013542D
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                            00135926
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                      00135811
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                          001357AC
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                  0013577A
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                        0013542D
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                00135E95
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                  00135BEB
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                  00135E95
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                                        0013542D
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndDialog]                                                        0013542D
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                                00135E95
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                                00135BEB
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                              00135926
IAT            C:\Programme\HHVcdV5Sys\VC5SecS.exe[2176] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!EndDialog]                                                        0013542D
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                    00405926
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                              00405811
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                  004057AC
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          0040577A
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                          00405BEB
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                          00405E95
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                      00405926
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog]                                                                0040542D
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                        00405E95
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                        00405BEB
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog]                                                                0040542D
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                        00405E95
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog]                                                                0040542D
IAT            C:\WINDOWS\System32\alg.exe[3536] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog]                                                                0040542D

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                    86B47428

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                    SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)

Device          \Driver\Cdrom \Device\CdRom0                                                                                                                              86B59B78
Device          \Driver\Cdrom \Device\CdRom0                                                                                                                              8625A010
Device          \Driver\Cdrom \Device\CdRom1                                                                                                                              86B59B78
Device          \Driver\Cdrom \Device\CdRom1                                                                                                                              8625A010
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                        86B686E0
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                        86B686E0
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                                        86B686E0
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                                        86B686E0
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-13                                                                                                              86B686E0
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-1b                                                                                                              86B686E0
Device          \Driver\Cdrom \Device\CdRom2                                                                                                                              86B59B78
Device          \Driver\Cdrom \Device\CdRom2                                                                                                                              8625A010
Device          \Driver\Cdrom \Device\CdRom3                                                                                                                              86B59B78
Device          \Driver\Cdrom \Device\CdRom3                                                                                                                              8625A010
Device          \Driver\Cdrom \Device\CdRom4                                                                                                                              86B59B78
Device          \Driver\Cdrom \Device\CdRom4                                                                                                                              8625A010
Device          \Driver\Cdrom \Device\CdRom5                                                                                                                              86B59B78
Device          \Driver\Cdrom \Device\CdRom5                                                                                                                              8625A010
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1Port4Path0Target0Lun0                                                                                                862330B0
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1Port4Path0Target2Lun0                                                                                                862330B0
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1Port4Path0Target3Lun0                                                                                                862330B0
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1Port4Path0Target1Lun0                                                                                                862330B0
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1                                                                                                                    862330B0

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                  SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service          (*** hidden *** )                                                                                                                                        [BOOT] avprnzsn                                                          <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\avprnzsn@Type                                                                                                      1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\avprnzsn@Start                                                                                                    0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\avprnzsn@ErrorControl                                                                                              0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\avprnzsn@Group                                                                                                    Boot Bus Extender
Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdawdm\ParaMeters\PnpInterface@1                                                                                  1
Reg            HKLM\SYSTEM\ControlSet002\Services\cdawdm\ParaMeters\PnpInterface@1                                                                                      1
Reg            HKLM\SOFTWARE\Classes\.mgbnd\VIA Rhine III Fast Ethernet Adapter - Paketplaner-Miniport@2010-06-07                                                        6360|489832|78716
Reg            HKLM\SOFTWARE\Classes\.mgcpu@2010-06-07                                                                                                                  42

---- EOF - GMER 1.0.15 ----

--- --- ---
[/CODE]
--- --- ---


Hier noch die Otl.txt datei: hxxp://www.file-upload.net/download-2581723/OTL.Txt.html
wenn du die extras.txt datei brauchst sag bescheid.

Larusso 07.06.2010 19:01

Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

blabla 07.06.2010 19:46

woa das war gruselig^^
Kannst du mir in Nachhinein kurz zusammengefasst erklären, was war, was wir gemacht haben und was jetzt ist?
Combofix Logfile:
Code:

ComboFix 10-06-07.01 - Jonas nur Spiele 07.06.2010  20:29:48.1.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\Jonas nur Spiele\Desktop\cofi.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\HelpAssistant.SCHATZI\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\dokumente und einstellungen\HelpAssistant\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\avdrn.dat
c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\DB351BAFD30E2B35F7F3FA48F6534313
c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\DB351BAFD30E2B35F7F3FA48F6534313\enemies-names.txt
c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\DB351BAFD30E2B35F7F3FA48F6534313\local.ini
c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\DB351BAFD30E2B35F7F3FA48F6534313\lsrslt.ini
c:\dokumente und einstellungen\Sunny Net\evsetup.exe
C:\Install.exe
c:\windows\system\SET8B.tmp
c:\windows\system\SETB4.tmp
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
E:\Autorun.inf

Infizierte Kopie von c:\windows\system32\drivers\rdpcdd.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
Infizierte Kopie von c:\windows\system32\midimap.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll wurde wiederhergestellt

c:\windows\system32\grpconv.exe fehlte
Kopie von - c:\windows\NiwradSoft Shell Pack\Backup\grpconv.exe wurde wiederhergestellt

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OULTRAF
-------\Service_oUltraf


(((((((((((((((((((((((  Dateien erstellt von 2010-05-07 bis 2010-06-07  ))))))))))))))))))))))))))))))
.

2010-06-07 18:36 . 2008-04-14 02:22        39424        ----a-w-        c:\windows\system32\grpconv.exe
2010-06-07 16:30 . 2010-06-07 16:30        --------        d-----w-        C:\_OTL
2010-06-06 16:26 . 2010-06-06 16:26        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
2010-06-04 13:48 . 2010-06-04 13:48        --------        d-----w-        c:\programme\Trend Micro
2010-06-02 17:20 . 2004-11-23 16:49        --------        d-s---w-        c:\dokumente und einstellungen\HelpAssistant.SCHATZI\UserData
2010-06-02 17:20 . 2004-11-17 00:33        --------        d--h--w-        c:\dokumente und einstellungen\HelpAssistant.SCHATZI\Vorlagen
2010-06-02 17:20 . 2010-06-07 18:36        --------        d-----w-        c:\dokumente und einstellungen\HelpAssistant.SCHATZI
2010-06-02 15:53 . 2004-11-23 16:49        --------        d-s---w-        c:\dokumente und einstellungen\HelpAssistant\UserData
2010-06-02 15:53 . 2004-11-17 00:33        --------        d--h--w-        c:\dokumente und einstellungen\HelpAssistant\Vorlagen
2010-06-02 15:53 . 2004-11-17 00:30        --------        d--h--w-        c:\dokumente und einstellungen\HelpAssistant\Netzwerkumgebung
2010-06-02 15:53 . 2004-11-17 00:30        --------        d-----r-        c:\dokumente und einstellungen\HelpAssistant\Startmenü
2010-06-02 15:53 . 2010-06-07 18:36        --------        d-----w-        c:\dokumente und einstellungen\HelpAssistant
2010-06-02 14:01 . 2010-06-02 14:01        --------        d-sh--w-        c:\dokumente und einstellungen\NetworkService\IETldCache
2010-06-02 13:54 . 2010-06-02 13:54        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
2010-06-02 13:54 . 2010-06-02 13:54        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
2010-06-02 13:54 . 2010-06-04 13:41        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla
2010-06-02 13:53 . 2010-06-07 18:41        823808        ----a-w-        c:\windows\system32\drivers\avprnzsn.sys
2010-06-02 13:52 . 2010-06-02 13:52        --------        d-sh--w-        c:\windows\system32\config\systemprofile\IETldCache
2010-06-02 13:52 . 2010-06-02 13:52        --------        d-----w-        c:\programme\$NtUninstallWTF1012$
2010-05-31 14:06 . 2010-06-02 12:57        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
2010-05-26 14:38 . 2010-05-26 14:38        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
2010-05-25 18:41 . 2010-06-06 15:27        --------        d-----w-        c:\programme\League of Legends
2010-05-25 17:51 . 2010-05-25 19:52        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\PMB Files
2010-05-25 17:50 . 2010-05-25 17:53        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PMB Files
2010-05-25 17:50 . 2010-05-25 17:50        --------        d-----w-        c:\programme\Pando Networks

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 18:42 . 2004-11-17 00:07        85396        ----a-w-        c:\windows\system32\perfc007.dat
2010-06-07 18:42 . 2004-11-17 00:07        460664        ----a-w-        c:\windows\system32\perfh007.dat
2010-06-07 18:40 . 2004-11-23 16:20        13440        ----a-w-        c:\windows\system32\drivers\USBCRFT.SYS
2010-06-07 15:40 . 2008-10-19 14:16        1        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-06 16:35 . 2008-01-09 18:47        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2010-06-06 16:18 . 2008-09-27 16:52        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Skype
2010-06-06 15:23 . 2008-09-27 16:53        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\skypePM
2010-05-08 15:33 . 2009-07-23 12:51        --------        d-----w-        c:\programme\Warcraft III
2010-05-04 15:56 . 2009-08-12 12:48        149772        ----a-w-        c:\windows\War3Unin.dat
2010-04-24 11:39 . 2010-04-10 13:59        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\DeskSoft
2010-04-16 10:09 . 2010-04-16 10:08        --------        d-----w-        c:\programme\iTunes
2010-04-16 10:09 . 2010-04-16 10:08        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-16 10:08 . 2010-04-16 10:08        --------        d-----w-        c:\programme\iPod
2010-04-16 10:05 . 2007-01-05 17:03        --------        d-----w-        c:\programme\QuickTime Alternative
2010-04-16 10:02 . 2010-04-16 10:02        --------        d-----w-        c:\programme\Bonjour
2010-04-16 09:58 . 2010-04-16 09:58        73000        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-12 16:34 . 2004-11-17 00:07        219136        ----a-w-        c:\windows\system32\uxtheme.dll
2010-04-12 16:20 . 2010-04-12 16:20        --------        d-----w-        c:\programme\Web
2010-04-12 16:20 . 2010-04-12 16:20        --------        d-----w-        c:\programme\Resources
2010-04-11 18:30 . 2005-03-13 11:36        --------        d-----w-        c:\programme\CDex_150
2010-04-10 14:06 . 2010-04-10 14:06        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Buhl Data Service GmbH
2010-03-21 13:29 . 2010-03-21 13:29        8192        ----a-r-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Microsoft\Installer\{E358634B-F124-46FD-8618-C00D0E92B0D3}\IconE358634B.exe
2010-03-10 06:15 . 2004-11-17 00:07        420352        ----a-w-        c:\windows\system32\vbscript.dll
2008-02-26 07:43 . 2008-05-13 10:46        1663        ----a-w-        c:\programme\file_id.diz
2008-02-26 06:39 . 2008-05-13 10:46        1440147        ----a-w-        c:\programme\streamdown.exe
1997-05-13 11:22 . 2005-04-02 18:55        4216        ----a-w-        c:\programme\Readme.txt
1997-03-27 13:50 . 2005-04-02 18:55        7107        ----a-w-        c:\programme\Faq_uk.txt
2008-04-14 02:22 . 2010-04-12 16:40        60416        --sha-w-        c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe
2006-11-03 08:56 . 2010-04-12 16:40        64000        --sha-w-        c:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.

------- Sigcheck -------

[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . E30E7D620E14DFBCF647E019C05260B9 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . E30E7D620E14DFBCF647E019C05260B9 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2005-03-11 . 7DE34867BB84F2A8DD96FD1B7B78F82E . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e7d5f3dc50cc78c5a07ca9b24ee13a63\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-12-21 . A7675CF0A180877D8A312B79594FE16B . 921600 . . [6.0] . . c:\windows\SoftwareDistribution\Download\81b207e4d73b88e755fb591f47d88f3a\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[7] 2010-02-25 . 2127D9862937DBD40882B9417DEB1837 . 5944832 . . [8.00.6001.18904] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2010-02-25 . A674C7FC19E3CBF50A745F9FD53AF384 . 6106112 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-02-25 . A674C7FC19E3CBF50A745F9FD53AF384 . 6106112 . . [8.00.6001.18904] . . c:\windows\system32\mshtml.dll
[-] 2010-02-25 . A674C7FC19E3CBF50A745F9FD53AF384 . 6106112 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-02-25 . 0A164AB476D7835335220D7A2AE5578B . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2009-12-21 . A947E6258FB5FBD0E5F58DA9541D7BE3 . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . DDAAECF8E188A0E2DB93842A7D193641 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 686E3FB68E8E41CD6B2970E6D49F1E14 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . 430315D0CAA115EA42EFDF31A93AB5D0 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . 6FFF8D10D0EF5DBE46B7D035FA4119E4 . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . EFB718C1CD9DD453DEE529DF4F25DBCA . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . 877EC4221F6AF1F51E24110E064CC71E . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . D8AEC29BD4F4C5A9D85F3ADE9B7F8C3F . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . 5267ECEAC80A826F6FC8F092022140DB . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2009-07-19 . 165056346E0A00566A442287DAA7575F . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . CF58DCA3ED911C4C942B941D4ECF6862 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[7] 2009-01-16 . A76EEDA793C9BFC0C1B8C5F3439D8A39 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie8\mshtml.dll
[7] 2009-01-16 . B44AC6A49DA4A5BAA7AFEA0AA6E5B967 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . 6C8D1CF85533A3792DCDDAAE42DBB161 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . E0825D1BC0F0C2B5CA434F7E9CCF10AE . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . AB864B71DF01CC98EAE726DF4BAF73D2 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . C998B6D5E64E11CE8EA8BB22A51CA570 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . 4872C0DA25F551A3E869501833754494 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . 21B2247D24C8A61C12CD3BE8F3C30AC8 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-06-24 . 69AB1CE0E82B8F028EA1DBFD18948DA0 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 209A03C0EEF909DFCDCBB56C2BBF91CD . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 . 8C70EFE0C266BDBD654531900A753236 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-04-23 . 60942CB0B5CADF130FC1795F5FEEE8F5 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-03-01 . 716D486279235CF9B2C16E3D38B6381D . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 74F01522E75B943EA2BC6C0C20CCEA5F . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . 8B9C4948BE88BB7DF9CB4709422F6F9F . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 7A978C65E142C65E349C22E6D7E367E5 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . D7F894D0F9D7662366D1E0EE6800C771 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 5D9F03E82039EB2BACB33370A707A119 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . CD0B02B5A997750D9A6E56CFA02E9257 . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . E5D0E8D922C0809469EE5FDE294E9D48 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . E8EC18571090C12A013B83BA363364A4 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . B91AB1E55D77740D500BE0C4B2861844 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 07ABB2A695B8F91F7A12BE2BDD3E5932 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . CD2DFBDD8C553443DE0EC55552A512C4 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . E2F3DEBB0186D233F5354ADDBD12244E . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . 6B700997DA907ED2FD871FC75973986F . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[7] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[7] 2006-10-27 . 7C91F9D79EC63BEA7CCC23F58F2C7182 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-03-23 . 60567BC15560DDED9CA83D5275BA911A . 3076608 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-03-10 . EFE9BA6DB99D649532A75B52A39EF46D . 3010560 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\mshtml.dll
[-] 2005-03-10 . 243340D137D0B54CC5B440D7E4880B63 . 3011072 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\mshtml.dll
[-] 2005-01-27 . 28A254F37138CB3E6478E131B91314A3 . 3006976 . . [6.00.2900.2604] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\mshtml.dll
[-] 2005-01-27 . 19F79F718CABBFC3DAD25D7914D5601B . 3008000 . . [6.00.2900.2604] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\mshtml.dll

[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 78785EFF8CB90CEC1862A4CCFD9A3C3A . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 492E166CFD26A50FB9160DB536FF7D2B . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2qfe\user32.dll
[-] 2005-03-02 . 3751D7CF0E0A113D84414992146BCE6A . 578560 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2gdr\user32.dll

[7] 2010-02-25 . 7857131DA01250E02BEE64F1163F6159 . 916480 . . [8.00.6001.18904] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2010-02-25 . 0F8D6287627427C3D866EBB6421353D3 . 983040 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-02-25 . 0F8D6287627427C3D866EBB6421353D3 . 983040 . . [8.00.6001.18904] . . c:\windows\system32\wininet.dll
[-] 2010-02-25 . 0F8D6287627427C3D866EBB6421353D3 . 983040 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-02-25 . 3C41EB3A0EC8E2606B6C906993E11C29 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . F2A70583964128530B7E86B1A13023A7 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 5E3A3EB3BC5849BE4D5FE2B5F1869783 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 3426FBE495D1825D5C09C84D1E9361C1 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . 0A4248E124C88EDD1E0A93AE93E4DB6A . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 6B985F8E8ACE6A6424BE04A90C1E652A . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . 11DA6B380B94BAABCFD0854526AFC602 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 3B6D4582FADA3948593C56F96964FEFA . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 6E3E0C6060EFC8B855DFCBC7AE18B377 . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-12-20 . 2B5AE9ACD86E1B8B86D62E153DE130AB . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 . C3D4047626F8CC8EC7DD7558FA5CC2E2 . 826368 . . [7.00.6000.16791] . . c:\windows\ie8\wininet.dll
[7] 2008-10-16 . CBAAEBDFC6F9291D2D31E36FE1AD19AC . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-10-16 . 5A1F997EC096EF26F3A3880347F5F9D8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . E1F83BCC84D6223965D35AB06B63BBEB . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . B905F284F45675F3019413DFF055C666 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 . 7B28D5C8C5C075037F864256E4044B83 . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-06-23 . 4F08E6D8C9DDA8ED4346A1857849ADB3 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . 751EFBEC900CC4E4B41DB6E522B67D41 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . A5795741E53F72C4A2736BC51007A5D5 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-03-01 . 32FC70AC1EFFE28DB72FDF1DCC319E72 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-03-01 . A7B7383EC19F0C5EBD02CB7826C8488B . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . BA4D7D3098E2BA8AEA34A19BBECF9962 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . 16EF6865A405134CE64A3AA6CEF6C69F . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . FA5FA22E6F36F8453E9377810B3F9939 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 6A1AEF7B9E513ACB566B16B0BA133C7C . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . CAFC9797228843012CED767D24D8DCFC . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 283D85F8192FA54F2CA978B659965739 . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 17D39B59E2E3740058AE3FBCD432CEDE . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 0D58CEBD30684B481C8DF3DA69375410 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 26DB81279FED58D5199235C26D4836E2 . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 4E9436B0301B0451ED2FB29364AB090F . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . C601BD2849927D44F8549F720CFA14D3 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . 4EF1AE9A4D801AB63EC752478247BFCE . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2006-10-27 . 7CF0B0D5D9D47585853E2A6978441F64 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-03-04 . C91B7839095133064F9C898897F8D64C . 669184 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2005-03-10 . 0E2E035170CB6C3E0AD629C45BF3F71B . 662528 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\wininet.dll
[-] 2005-03-10 . 235D1D42C2D23FA1BC8A9EDB267FFE86 . 663552 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\wininet.dll
[-] 2005-01-27 . 5CABB0E97C9A19B2165DD189B04BD006 . 662528 . . [6.00.2900.2577] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\wininet.dll
[-] 2005-01-27 . D9460271895ADBB382769AF1FC701169 . 663552 . . [6.00.2900.2598] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\wininet.dll

[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 64D320C0E301EEDC5A4ADBBDC5024F7F . 1036288 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 331ED93570BAF3CFE30340298762CD56 . 1036288 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" [2004-09-03 2596864]
"Dit"="Dit.exe" [2004-04-02 86016]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"DontSetAutoplayCheckbox"= 1 (0x1)
"NoAutorun"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"DontSetAutoplayCheckbox"= 1 (0x1)
"NoAutorun"= 1 (0x1)

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 08:06        178688        ----a-w-        c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 14:57        102400        ------w-        c:\programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50        155648        ----a-w-        c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        c:\programme\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
2005-06-27 13:32        278528        ----a-w-        c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"REGSHAVE"=c:\programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ISUSPM Startup"=c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\League of Legends\\Air\\LolClient.exe"=
"c:\\Programme\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"56608:TCP"= 56608:TCP:Pando Media Booster
"56608:UDP"= 56608:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4054:TCP"= 4054:TCP:Services
"6608:TCP"= 6608:TCP:Services
"1555:TCP"= 1555:TCP:Services
"1610:TCP"= 1610:TCP:Services
"2743:TCP"= 2743:TCP:Services
"3986:TCP"= 3986:TCP:Services
"4821:TCP"= 4821:TCP:Services
"8142:TCP"= 8142:TCP:Services
"5962:TCP"= 5962:TCP:Services
"5963:TCP"= 5963:TCP:Services

R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [27.08.2004 16:18 102400]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [03.05.2005 20:35 10240]
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [19.03.2005 11:29 81408]
R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [12.11.2003 09:26 56064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [30.09.2009 19:59 135336]
R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [09.03.2003 18:41 102336]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [23.11.2004 18:20 13440]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys --> c:\windows\system32\Drivers\dsltestSp5.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [21.04.2007 14:05 1527900]
S3 GT680xNT;USB Scanner Driver;c:\windows\system32\drivers\gt680x.sys --> c:\windows\system32\drivers\gt680x.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 MRVW225;USB54M Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [26.10.2007 19:25 299776]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TSMPacket;DSL-Manager Service;c:\windows\system32\DRIVERS\tsmpkt.sys --> c:\windows\system32\DRIVERS\tsmpkt.sys [?]
S3 UPnPService;UPnPService;c:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [21.04.2007 14:04 544768]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - avprnzsn
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://bit.ly/bxFzgb
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programme\PokerStars.NET\PokerStarsUpdate.exe
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
FF - ProfilePath - c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
.
------- Dateityp-Verknüpfung -------
.
txtfile=NotePad.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{61087B51-9D74-41EE-B2AB-D98230F31E04} - c:\windows\system32\nznnhkyb.dll
BHO-{63F0E34A-07CF-4227-A5DF-24D229523E9E} - c:\windows\system32\uppqhbrc.dll
BHO-{7DD4D996-53B1-CF0C-FA20-54909989A7B2} - (no file)
AddRemove-pcsperzogd - c:\windows\system32\pcsperzogd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-07 20:40
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B17880]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf743dcb8
\Driver\atapi -> 0x86b17880
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: VIA Rhine III Fast Ethernet Adapter -> SendCompleteHandler -> 0x8631b440
 PacketIndicateHandler -> NDIS.sys @ 0xf71a5a21
 SendHandler -> NDIS.sys @ 0xf718387b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avprnzsn]

.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\wdigest.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2832)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\HHVcdV5Sys\VC5SecS.exe
c:\windows\Dit.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-07  20:47:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-07 18:47

Vor Suchlauf: 30 Verzeichnis(se), 37.338.009.600 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 37.252.587.520 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 2B5658F4095080532C2563EC3C419E92

--- --- ---

Larusso 07.06.2010 20:04

Na willkommen Mebroot -.-

Was spricht gegen ein Formatieren ?

(Anleitung by myrtille)

Schritt 1

Lade Dir bitte folgendes Programm runter und führe es aus: profiles.exe
Es erstellt eine Textdatei, bitte kopiere den Inhalt in deine nächste Antwort.


Schritt 2

Bitte führe auch folgendes aus:
Windows + R Taste drücken --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:

@echo off
net user >log.txt
net user helpassistant >>log.txt
log.txt

Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklick auf die file.bat.

Es sollte sich eine Textdatei öffnen, bitte kopiere auch den Inhalt dieser Datei in deine nächste Antwort.

blabla 07.06.2010 20:09

hier numer 1
Zitat:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Dokumente und Einstellungen\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Dokumente und Einstellungen\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1115070007-3674046497-395584582-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Dokumente und Einstellungen\Utily

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1115070007-3674046497-395584582-1008
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Dokumente und Einstellungen\Jonas

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1115070007-3674046497-395584582-1012
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Dokumente und Einstellungen\Jonas nur Spiele

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1115070007-3674046497-395584582-1015
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Dokumente und Einstellungen\Sunny Net

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1115070007-3674046497-395584582-1018
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Dokumente und Einstellungen\HelpAssistant.SCHATZI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1115070007-3674046497-395584582-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Dokumente und Einstellungen\Administrator.SCHATZI

SystemRoot REG_SZ C:\WINDOWS
hier die nummer 2
Zitat:

Benutzerkonten fr \\SCHATZI

-------------------------------------------------------------------------------
Administrator ASPNET Gast
HelpAssistant Hilfeassistent Jonas
Jonas nur Spiele SUPPORT_388945a0 Utily
Der Befehl wurde erfolgreich ausgefhrt.

Benutzername HelpAssistant
Vollst„ndiger Name HelpAssistant
Beschreibung
Benutzerbeschreibung
L„ndereinstellung 000 (Standardsystemvorgabe)
Konto aktiv Ja
Konto abgelaufen Nie

Letztes Setzen des Kennworts 6/7/2010 8:41 PM
Kennwort l„uft ab Nie
Kennwort „nderbar 6/7/2010 8:41 PM
Kennwort erforderlich Ja
Benutzer kann Kennwort „ndern Ja

Erlaubte Arbeitsstationen Alle
Anmeldeskript
Benutzerprofil
Basisverzeichnis
Letzte Anmeldung 6/7/2010 8:41 PM

Erlaubte Anmeldezeiten Alle

Lokale Gruppenmitgliedschaften *Administratoren
Globale Gruppenmitgliedschaften *Kein
Der Befehl wurde erfolgreich ausgefhrt.

wie meintest du das mit dem formatieren?
alles?
ich brauch die daten :)

weiß nich ob ich heute noch mehr schaffe...

Larusso 07.06.2010 20:23

du hast dir die neueste Variante von Mebroot/Sinowal eingefangen. Als erstes möchte ich daher sagen, dass es sich dabei um einen Backdoor trojaner handelt, sprich andere konnten auf deinen Rechner zugreifen, deine Passwörter auslesen und Einstellungen verändern.

Der Befall ist ein Rootkit und versteckt sich im Master Boot Record, nur sehr wenige Programme, in der Regel spezialisierte Programme, können diesen Befall derzeit sehen.

Das sicherste ist in solchen Fällen immer neuaufzusetzen, wir können dir aber helfen die Überreste des Befalls zu entfernen, wenn du nicht Neuaufsetzen willst.

Falls du Bereinigen dem Neuaufsetzen vorziehst, würde ich gerne Folgendes versuchen:

Downloade HelpAsst_mebroot_fix.exe und speichere das Tool auf Deinem Desktop.
Schließe alle Programme und Fenster.
Doppelklicke das Tool und folge den Anweisungen.
Sollte das Tool noch eine MBR-Infektion finden, erlaube mbr -f laufen zu lassen und den Computer neu zu starten.
Warte nach dem Neustart mindestens 5 Minuten und fahre wie folgt fort:

Start => ausführen => schreibe das folgende Kommando dort hinein und bestätige mit Enter:

helpasst -mbrt

Vergesse nicht das Leerzeichen zwischen helpasst und -mbrt !
Wenn das Tool fertig ist, öffnet sich ein Logfile.
Poste mir den Inhalt in Deine nächste Antwort.


Wenn das Tool während des ersten Laufs keine MBR-Infektion gemeldet hat:

Start => ausführen => schreibe das folgende Kommando dort hinein und bestätige mit Enter:

mbr -f

Starte den Computer neu.
Warte nach dem Neustart mindestens 5 Minuten und fahre wie folgt fort:

Start => ausführen => schreibe das folgende Kommando dort hinein und bestätige mit Enter:

helpasst -mbrt

Vergesse nicht das Leerzeichen zwischen helpasst und -mbrt !
Wenn das Tool fertig ist, öffnet sich ein Logfile.
Poste mir den Inhalt in Deine nächste Antwort.

blabla 08.06.2010 15:22

das kam raus
Zitat:

C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\HelpAsst_mebroot_fix.exe
08.06.2010 at 15:50:00,73

HelpAssistant account was found ~ attempting to remove

Konto aktiv Ja
Lokale Gruppenmitgliedschaften *Administratoren

HelpAssistant account successfully removed

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"8518:TCP"=-
"5009:TCP"=-
"3389:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"8518:TCP"=-
"5009:TCP"=-
"3389:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1115070007-3674046497-395584582-1019
HelpAssistant profile directory exists at C:\Dokumente und Einstellungen\HelpAssistant.SCHATZI.000 ~ attempting to remove
~ All C:\Dokumente und Einstellungen\HelpAssistant.SCHATZI.000 files successfully removed ~

~~ Checking mbr ~~

mbr infection detected! ~ running mbr -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86b16b58
NDIS: VIA Rhine III Fast Ethernet Adapter -> SendCompleteHandler -> 0x8631b440
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86b16b58
NDIS: VIA Rhine III Fast Ethernet Adapter -> SendCompleteHandler -> 0x8631b440
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
Use "Recovery Console" command "fixmbr" to clear infection !

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on 08.06.2010 at 16:23:51,14

No HelpAssistant account in User list

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B68328]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86b68328
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
Use "Recovery Console" command "fixmbr" to clear infection !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant
HelpAssistant.SCHATZI

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~
könnte dieser Virus über unser Heimnetzwerk auf einen anderen Pc (beide am gleichen Modem) zugreifen?

Larusso 08.06.2010 15:35

Zu deiner Frage, Ja könnte er

Schritt 1

Starte den PC bitte neu auf. Im BootMenu solltest Du nun neben deinem Betriebssystem den Eintrag Wiederherstellungskonsole finden. Wähle diesen mit Hilfe der Pfeiltasten aus und bestätige mit Enter.

Nun sollte sich ein schwarzes Fenster öffnen wo folgendes zu sehen ist
C:\windows:>

Hier bitte fixmbr eingeben und Enter drücken. Mit Exit wird die RC geschlossen und der PC neu gestartet.

Solltest Du eine Warnmeldung bekommen, fahre mit Schritt 2 nicht fort


Schritt 2

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.
  • Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
    Danach wieder anstellen nicht vergessen!
  • Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.


Schritt 3

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5



Bitte poste in Deiner nächsten Antwort
ComboFix.txt
OTL.txt

blabla 08.06.2010 16:33

hier schonmal combofix
Combofix Logfile:
Code:

ComboFix 10-06-07.04 - Jonas nur Spiele 08.06.2010  17:25:41.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.623 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Jonas nur Spiele\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-05-08 bis 2010-06-08  ))))))))))))))))))))))))))))))
.

2010-06-07 20:04 . 2010-06-08 13:50        --------        d-----w-        C:\HelpAsst_backup
2010-06-07 18:36 . 2008-04-14 02:22        39424        ----a-w-        c:\windows\system32\grpconv.exe
2010-06-07 16:30 . 2010-06-07 16:30        --------        d-----w-        C:\_OTL
2010-06-06 16:26 . 2010-06-06 16:26        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
2010-06-04 13:48 . 2010-06-04 13:48        --------        d-----w-        c:\programme\Trend Micro
2010-06-02 17:20 . 2004-11-23 16:49        --------        d-----w-        c:\dokumente und einstellungen\HelpAssistant.SCHATZI\UserData
2010-06-02 17:20 . 2004-11-17 00:33        --------        d-----w-        c:\dokumente und einstellungen\HelpAssistant.SCHATZI\Vorlagen
2010-06-02 17:20 . 2010-06-07 18:41        --------        d-----w-        c:\dokumente und einstellungen\HelpAssistant.SCHATZI
2010-06-02 15:53 . 2004-11-23 16:49        --------        d-s---w-        c:\dokumente und einstellungen\HelpAssistant\UserData
2010-06-02 15:53 . 2004-11-17 00:33        --------        d--h--w-        c:\dokumente und einstellungen\HelpAssistant\Vorlagen
2010-06-02 15:53 . 2004-11-17 00:30        --------        d--h--w-        c:\dokumente und einstellungen\HelpAssistant\Netzwerkumgebung
2010-06-02 15:53 . 2004-11-17 00:30        --------        d-----r-        c:\dokumente und einstellungen\HelpAssistant\Startmenü
2010-06-02 15:53 . 2010-06-07 18:36        --------        d-----w-        c:\dokumente und einstellungen\HelpAssistant
2010-06-02 14:01 . 2010-06-02 14:01        --------        d-sh--w-        c:\dokumente und einstellungen\NetworkService\IETldCache
2010-06-02 13:54 . 2010-06-02 13:54        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
2010-06-02 13:54 . 2010-06-02 13:54        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
2010-06-02 13:54 . 2010-06-04 13:41        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla
2010-06-02 13:53 . 2010-06-08 15:32        823808        ----a-w-        c:\windows\system32\drivers\avprnzsn.sys
2010-06-02 13:52 . 2010-06-02 13:52        --------        d-sh--w-        c:\windows\system32\config\systemprofile\IETldCache
2010-06-02 13:52 . 2010-06-02 13:52        --------        d-----w-        c:\programme\$NtUninstallWTF1012$
2010-05-31 14:06 . 2010-06-02 12:57        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
2010-05-26 14:38 . 2010-05-26 14:38        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
2010-05-25 18:41 . 2010-06-07 19:00        --------        d-----w-        c:\programme\League of Legends
2010-05-25 17:51 . 2010-05-25 19:52        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\PMB Files
2010-05-25 17:50 . 2010-05-25 17:53        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PMB Files
2010-05-25 17:50 . 2010-05-25 17:50        --------        d-----w-        c:\programme\Pando Networks

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 15:16 . 2004-11-23 16:20        13440        ----a-w-        c:\windows\system32\drivers\USBCRFT.SYS
2010-06-07 18:42 . 2004-11-17 00:07        85396        ----a-w-        c:\windows\system32\perfc007.dat
2010-06-07 18:42 . 2004-11-17 00:07        460664        ----a-w-        c:\windows\system32\perfh007.dat
2010-06-07 15:40 . 2008-10-19 14:16        1        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-06 16:35 . 2008-01-09 18:47        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2010-06-06 16:18 . 2008-09-27 16:52        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Skype
2010-06-06 15:23 . 2008-09-27 16:53        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\skypePM
2010-05-08 15:33 . 2009-07-23 12:51        --------        d-----w-        c:\programme\Warcraft III
2010-05-04 15:56 . 2009-08-12 12:48        149772        ----a-w-        c:\windows\War3Unin.dat
2010-04-24 11:39 . 2010-04-10 13:59        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\DeskSoft
2010-04-16 10:09 . 2010-04-16 10:08        --------        d-----w-        c:\programme\iTunes
2010-04-16 10:09 . 2010-04-16 10:08        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-16 10:08 . 2010-04-16 10:08        --------        d-----w-        c:\programme\iPod
2010-04-16 10:05 . 2007-01-05 17:03        --------        d-----w-        c:\programme\QuickTime Alternative
2010-04-16 10:02 . 2010-04-16 10:02        --------        d-----w-        c:\programme\Bonjour
2010-04-16 09:58 . 2010-04-16 09:58        73000        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-12 16:34 . 2004-11-17 00:07        219136        ----a-w-        c:\windows\system32\uxtheme.dll
2010-04-12 16:20 . 2010-04-12 16:20        --------        d-----w-        c:\programme\Web
2010-04-12 16:20 . 2010-04-12 16:20        --------        d-----w-        c:\programme\Resources
2010-04-11 18:30 . 2005-03-13 11:36        --------        d-----w-        c:\programme\CDex_150
2010-04-10 14:06 . 2010-04-10 14:06        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Buhl Data Service GmbH
2010-03-21 13:29 . 2010-03-21 13:29        8192        ----a-r-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Microsoft\Installer\{E358634B-F124-46FD-8618-C00D0E92B0D3}\IconE358634B.exe
2008-02-26 07:43 . 2008-05-13 10:46        1663        ----a-w-        c:\programme\file_id.diz
2008-02-26 06:39 . 2008-05-13 10:46        1440147        ----a-w-        c:\programme\streamdown.exe
1997-05-13 11:22 . 2005-04-02 18:55        4216        ----a-w-        c:\programme\Readme.txt
1997-03-27 13:50 . 2005-04-02 18:55        7107        ----a-w-        c:\programme\Faq_uk.txt
2008-04-14 02:22 . 2010-04-12 16:40        60416        --sha-w-        c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe
2006-11-03 08:56 . 2010-04-12 16:40        64000        --sha-w-        c:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.

------- Sigcheck -------

[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . E30E7D620E14DFBCF647E019C05260B9 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . E30E7D620E14DFBCF647E019C05260B9 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2005-03-11 . 7DE34867BB84F2A8DD96FD1B7B78F82E . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e7d5f3dc50cc78c5a07ca9b24ee13a63\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-12-21 . A7675CF0A180877D8A312B79594FE16B . 921600 . . [6.0] . . c:\windows\SoftwareDistribution\Download\81b207e4d73b88e755fb591f47d88f3a\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[7] 2010-02-25 . 2127D9862937DBD40882B9417DEB1837 . 5944832 . . [8.00.6001.18904] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2010-02-25 . A674C7FC19E3CBF50A745F9FD53AF384 . 6106112 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-02-25 . A674C7FC19E3CBF50A745F9FD53AF384 . 6106112 . . [8.00.6001.18904] . . c:\windows\system32\mshtml.dll
[-] 2010-02-25 . A674C7FC19E3CBF50A745F9FD53AF384 . 6106112 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-02-25 . 0A164AB476D7835335220D7A2AE5578B . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2009-12-21 . A947E6258FB5FBD0E5F58DA9541D7BE3 . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . DDAAECF8E188A0E2DB93842A7D193641 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 686E3FB68E8E41CD6B2970E6D49F1E14 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . 430315D0CAA115EA42EFDF31A93AB5D0 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . 6FFF8D10D0EF5DBE46B7D035FA4119E4 . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . EFB718C1CD9DD453DEE529DF4F25DBCA . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . 877EC4221F6AF1F51E24110E064CC71E . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . D8AEC29BD4F4C5A9D85F3ADE9B7F8C3F . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . 5267ECEAC80A826F6FC8F092022140DB . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2009-07-19 . 165056346E0A00566A442287DAA7575F . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . CF58DCA3ED911C4C942B941D4ECF6862 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[7] 2009-01-16 . A76EEDA793C9BFC0C1B8C5F3439D8A39 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie8\mshtml.dll
[7] 2009-01-16 . B44AC6A49DA4A5BAA7AFEA0AA6E5B967 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . 6C8D1CF85533A3792DCDDAAE42DBB161 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . E0825D1BC0F0C2B5CA434F7E9CCF10AE . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . AB864B71DF01CC98EAE726DF4BAF73D2 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . C998B6D5E64E11CE8EA8BB22A51CA570 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . 4872C0DA25F551A3E869501833754494 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . 21B2247D24C8A61C12CD3BE8F3C30AC8 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-06-24 . 69AB1CE0E82B8F028EA1DBFD18948DA0 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 209A03C0EEF909DFCDCBB56C2BBF91CD . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 . 8C70EFE0C266BDBD654531900A753236 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-04-23 . 60942CB0B5CADF130FC1795F5FEEE8F5 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-03-01 . 716D486279235CF9B2C16E3D38B6381D . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 74F01522E75B943EA2BC6C0C20CCEA5F . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . 8B9C4948BE88BB7DF9CB4709422F6F9F . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 7A978C65E142C65E349C22E6D7E367E5 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . D7F894D0F9D7662366D1E0EE6800C771 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 5D9F03E82039EB2BACB33370A707A119 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . CD0B02B5A997750D9A6E56CFA02E9257 . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . E5D0E8D922C0809469EE5FDE294E9D48 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . E8EC18571090C12A013B83BA363364A4 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . B91AB1E55D77740D500BE0C4B2861844 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 07ABB2A695B8F91F7A12BE2BDD3E5932 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . CD2DFBDD8C553443DE0EC55552A512C4 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . E2F3DEBB0186D233F5354ADDBD12244E . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . 6B700997DA907ED2FD871FC75973986F . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[7] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[7] 2006-10-27 . 7C91F9D79EC63BEA7CCC23F58F2C7182 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-03-23 . 60567BC15560DDED9CA83D5275BA911A . 3076608 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-03-10 . EFE9BA6DB99D649532A75B52A39EF46D . 3010560 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\mshtml.dll
[-] 2005-03-10 . 243340D137D0B54CC5B440D7E4880B63 . 3011072 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\mshtml.dll
[-] 2005-01-27 . 28A254F37138CB3E6478E131B91314A3 . 3006976 . . [6.00.2900.2604] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\mshtml.dll
[-] 2005-01-27 . 19F79F718CABBFC3DAD25D7914D5601B . 3008000 . . [6.00.2900.2604] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\mshtml.dll

[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 78785EFF8CB90CEC1862A4CCFD9A3C3A . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 492E166CFD26A50FB9160DB536FF7D2B . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2qfe\user32.dll
[-] 2005-03-02 . 3751D7CF0E0A113D84414992146BCE6A . 578560 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2gdr\user32.dll

[7] 2010-02-25 . 7857131DA01250E02BEE64F1163F6159 . 916480 . . [8.00.6001.18904] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2010-02-25 . 0F8D6287627427C3D866EBB6421353D3 . 983040 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-02-25 . 0F8D6287627427C3D866EBB6421353D3 . 983040 . . [8.00.6001.18904] . . c:\windows\system32\wininet.dll
[-] 2010-02-25 . 0F8D6287627427C3D866EBB6421353D3 . 983040 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-02-25 . 3C41EB3A0EC8E2606B6C906993E11C29 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . F2A70583964128530B7E86B1A13023A7 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 5E3A3EB3BC5849BE4D5FE2B5F1869783 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 3426FBE495D1825D5C09C84D1E9361C1 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . 0A4248E124C88EDD1E0A93AE93E4DB6A . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 6B985F8E8ACE6A6424BE04A90C1E652A . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . 11DA6B380B94BAABCFD0854526AFC602 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 3B6D4582FADA3948593C56F96964FEFA . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 6E3E0C6060EFC8B855DFCBC7AE18B377 . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-12-20 . 2B5AE9ACD86E1B8B86D62E153DE130AB . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 . C3D4047626F8CC8EC7DD7558FA5CC2E2 . 826368 . . [7.00.6000.16791] . . c:\windows\ie8\wininet.dll
[7] 2008-10-16 . CBAAEBDFC6F9291D2D31E36FE1AD19AC . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-10-16 . 5A1F997EC096EF26F3A3880347F5F9D8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . E1F83BCC84D6223965D35AB06B63BBEB . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . B905F284F45675F3019413DFF055C666 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 . 7B28D5C8C5C075037F864256E4044B83 . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-06-23 . 4F08E6D8C9DDA8ED4346A1857849ADB3 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . 751EFBEC900CC4E4B41DB6E522B67D41 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . A5795741E53F72C4A2736BC51007A5D5 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-03-01 . 32FC70AC1EFFE28DB72FDF1DCC319E72 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-03-01 . A7B7383EC19F0C5EBD02CB7826C8488B . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . BA4D7D3098E2BA8AEA34A19BBECF9962 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . 16EF6865A405134CE64A3AA6CEF6C69F . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . FA5FA22E6F36F8453E9377810B3F9939 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 6A1AEF7B9E513ACB566B16B0BA133C7C . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . CAFC9797228843012CED767D24D8DCFC . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 283D85F8192FA54F2CA978B659965739 . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 17D39B59E2E3740058AE3FBCD432CEDE . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 0D58CEBD30684B481C8DF3DA69375410 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 26DB81279FED58D5199235C26D4836E2 . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 4E9436B0301B0451ED2FB29364AB090F . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . C601BD2849927D44F8549F720CFA14D3 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . 4EF1AE9A4D801AB63EC752478247BFCE . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2006-10-27 . 7CF0B0D5D9D47585853E2A6978441F64 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-03-04 . C91B7839095133064F9C898897F8D64C . 669184 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2005-03-10 . 0E2E035170CB6C3E0AD629C45BF3F71B . 662528 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\wininet.dll
[-] 2005-03-10 . 235D1D42C2D23FA1BC8A9EDB267FFE86 . 663552 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\wininet.dll
[-] 2005-01-27 . 5CABB0E97C9A19B2165DD189B04BD006 . 662528 . . [6.00.2900.2577] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\wininet.dll
[-] 2005-01-27 . D9460271895ADBB382769AF1FC701169 . 663552 . . [6.00.2900.2598] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\wininet.dll

[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 64D320C0E301EEDC5A4ADBBDC5024F7F . 1036288 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 331ED93570BAF3CFE30340298762CD56 . 1036288 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" [2004-09-03 2596864]
"Dit"="Dit.exe" [2004-04-02 86016]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"DontSetAutoplayCheckbox"= 1 (0x1)
"NoAutorun"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"DontSetAutoplayCheckbox"= 1 (0x1)
"NoAutorun"= 1 (0x1)

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 08:06        178688        ----a-w-        c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 14:57        102400        ------w-        c:\programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50        155648        ----a-w-        c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        c:\programme\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
2005-06-27 13:32        278528        ----a-w-        c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"REGSHAVE"=c:\programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ISUSPM Startup"=c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\League of Legends\\Air\\LolClient.exe"=
"c:\\Programme\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56608:TCP"= 56608:TCP:Pando Media Booster
"56608:UDP"= 56608:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher

R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [27.08.2004 16:18 102400]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [03.05.2005 20:35 10240]
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [19.03.2005 11:29 81408]
R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [12.11.2003 09:26 56064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [30.09.2009 19:59 135336]
R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [09.03.2003 18:41 102336]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [23.11.2004 18:20 13440]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys --> c:\windows\system32\Drivers\dsltestSp5.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [21.04.2007 14:05 1527900]
S3 GT680xNT;USB Scanner Driver;c:\windows\system32\drivers\gt680x.sys --> c:\windows\system32\drivers\gt680x.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 MRVW225;USB54M Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [26.10.2007 19:25 299776]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TSMPacket;DSL-Manager Service;c:\windows\system32\DRIVERS\tsmpkt.sys --> c:\windows\system32\DRIVERS\tsmpkt.sys [?]
S3 UPnPService;UPnPService;c:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [21.04.2007 14:04 544768]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - avprnzsn
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://bit.ly/bxFzgb
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programme\PokerStars.NET\PokerStarsUpdate.exe
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
FF - ProfilePath - c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
.
------- Dateityp-Verknüpfung -------
.
txtfile=NotePad.exe "%1" %*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-08 17:32
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86218450]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf743dcb8
\Driver\atapi -> 0x86218450
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: VIA Rhine III Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7186bb0
 PacketIndicateHandler -> NDIS.sys @ 0xf7193a21
 SendHandler -> NDIS.sys @ 0xf717187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avprnzsn]

.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\wdigest.dll
c:\windows\system32\SETUPAPI.dll
.
Zeit der Fertigstellung: 2010-06-08  17:35:16
ComboFix-quarantined-files.txt  2010-06-08 15:35
ComboFix2.txt  2010-06-07 18:47

Vor Suchlauf: 32 Verzeichnis(se), 37.086.224.384 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 37.058.449.408 Bytes frei

- - End Of File - - 0041D20239AD37E4ACC3EF1BD931C6EC

--- --- ---

blabla 08.06.2010 16:40

hier die otl datei
OTL Logfile:
Code:

OTL logfile created on: 08.06.2010 17:38:21 - Run 2
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Eigene Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 594,00 Mb Available Physical Memory | 58,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 34,54 Gb Free Space | 46,34% Space Free | Partition Type: NTFS
Drive D: | 5,57 Gb Total Space | 4,94 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,41 Gb Free Space | 16,75% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHATZI
Current User Name: Jonas nur Spiele
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
PRC - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.14 04:22:45 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) -- C:\Programme\HHVcdV5Sys\VC5SecS.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009.01.07 19:20:28 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.02.24 15:30:50 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.04 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Programme\HHVcdV5Sys\VC5SecS.exe -- (VC5SecS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2010.06.08 17:16:22 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.02 00:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.20 19:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 20:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2005.12.21 17:44:28 | 000,299,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
DRV - [2005.12.20 12:42:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005.11.10 18:00:48 | 000,102,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.03.19 11:29:41 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.03 22:08:35 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004.08.03 22:08:29 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003.11.12 09:26:50 | 000,056,064 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBEV5MP.sys -- (vbev5mp)
DRV - [2003.09.11 00:36:53 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003.03.09 18:42:18 | 000,008,672 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscbs108.sys -- (uscbs108)
DRV - [2003.03.09 18:41:38 | 000,102,336 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscsc108.sys -- (uscsc108)
DRV - [2001.11.25 03:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB010B.SYS -- (FINEPIX_PCC)
DRV - [2001.08.17 13:11:05 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001.06.04 07:59:59 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000.01.08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://bit.ly/bxFzgb
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.02 18:02:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.28 12:11:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 12:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.16 12:05:46 | 000,000,000 | ---D | M]
 
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2010.06.07 17:01:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions
[2009.07.18 14:32:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007.12.22 17:13:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.14 19:36:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\personas@christopher.beard
[2010.06.04 16:03:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.01 15:42:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.01 15:42:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.01 15:42:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.01 15:42:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.01 15:42:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.07 20:39:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CmiCnfg.cpl (C-Media Corporation)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} hxxp://files.ea.com/downloads/rtpatch/v2/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101228590656 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.17 02:36:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004.11.17 02:35:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.08 17:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.07 22:04:36 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010.06.07 20:22:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.07 20:19:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.07 20:19:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.07 20:19:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.07 20:19:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.07 20:19:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.07 20:16:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.07 18:30:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.06 21:07:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Recent
[2010.06.06 18:26:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
[2010.06.04 20:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Hijack
[2010.06.04 17:01:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.04 15:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.02 15:54:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
[2010.06.02 15:54:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
[2010.06.02 15:54:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla
[2010.06.02 15:52:44 | 000,000,000 | ---D | C] -- C:\Programme\$NtUninstallWTF1012$
[2010.05.31 16:06:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
[2010.05.26 16:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
[2010.05.25 20:41:34 | 000,000,000 | ---D | C] -- C:\Programme\League of Legends
[2010.05.25 19:51:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\PMB Files
[2010.05.25 19:50:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.05.25 19:50:19 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2010.04.21 20:14:26 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.04.16 12:08:31 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.04.16 12:08:23 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.04.16 12:08:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.16 12:02:18 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.04.12 18:33:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\NiwradSoft Shell Pack
[2010.04.12 18:20:40 | 000,000,000 | ---D | C] -- C:\Programme\Web
[2010.04.12 18:20:40 | 000,000,000 | ---D | C] -- C:\Programme\Resources
[2010.04.10 16:06:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Buhl Data Service GmbH
[2010.04.10 15:59:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\DeskSoft
[2010.03.31 14:54:34 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.03.25 21:08:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Avira
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2003.03.09 18:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll
[2003.03.09 18:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys
[2003.03.09 18:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.08 17:40:36 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\avprnzsn.sys
[2010.06.08 17:35:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.08 17:32:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.08 17:25:11 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.08 17:24:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.08 17:23:19 | 009,961,472 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.dat
[2010.06.08 17:23:19 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.ini
[2010.06.08 17:18:52 | 003,704,374 | R--- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\ComboFix.exe
[2010.06.08 17:16:22 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010.06.07 22:06:28 | 018,217,104 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.07 22:04:02 | 000,490,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\HelpAsst_mebroot_fix.exe
[2010.06.07 21:14:27 | 000,000,073 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\file.bat
[2010.06.07 20:42:16 | 001,074,602 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.07 20:42:16 | 000,460,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.07 20:42:16 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.07 20:42:16 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.07 20:42:16 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.07 20:39:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.07 20:22:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.06.07 18:23:47 | 000,021,916 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.06 17:23:15 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.06.04 16:25:11 | 000,030,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.03 18:03:40 | 000,209,151 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.05.31 16:06:30 | 000,001,353 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.27 20:31:40 | 000,001,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:05:35 | 000,039,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:43 | 000,000,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
[2010.05.04 17:56:29 | 000,149,772 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010.04.30 13:02:17 | 000,011,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Fahrkostenabrechnung Teil 1 BG.odt
[2010.04.30 12:36:08 | 000,016,565 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Kostenaufstellung.ods
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.25 15:26:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.13 21:18:36 | 000,012,862 | ---- | M] () -- C:\WINDOWS\EPISMG00.SWB
[2010.04.13 14:15:05 | 000,430,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.06.08 17:18:44 | 003,704,374 | R--- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\ComboFix.exe
[2010.06.07 22:04:29 | 000,490,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\HelpAsst_mebroot_fix.exe
[2010.06.07 21:14:27 | 000,000,073 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\file.bat
[2010.06.07 20:22:26 | 000,000,256 | ---- | C] () -- C:\Boot.bak
[2010.06.07 20:22:21 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.07 20:19:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.07 20:19:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.07 20:19:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.07 20:19:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.07 20:19:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.07 17:25:19 | 000,021,916 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.06 20:00:19 | 000,016,565 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Kostenaufstellung.ods
[2010.06.06 20:00:19 | 000,011,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Fahrkostenabrechnung Teil 1 BG.odt
[2010.06.03 18:03:38 | 000,209,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.06.02 15:53:13 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\avprnzsn.sys
[2010.06.02 15:44:54 | 000,014,222 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\hs_err_pid3004.log
[2010.05.31 16:06:30 | 000,001,353 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.25 21:05:35 | 000,039,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:46 | 000,001,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:03:42 | 000,000,161 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
[2010.04.04 17:12:01 | 000,000,757 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Flyff.lnk
[2010.01.11 09:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.11.21 16:16:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.18 14:35:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.24 13:33:50 | 000,000,261 | ---- | C] () -- C:\WINDOWS\mp3merger.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.11.25 23:11:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.19 22:25:25 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\dtirc.dll
[2008.06.27 18:09:18 | 000,000,381 | ---- | C] () -- C:\WINDOWS\WISO.INI
[2008.06.08 13:38:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.06.08 13:37:39 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE V200DEFGIPSRUk.ini
[2008.03.20 18:53:13 | 000,000,034 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2008.03.20 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2008.03.20 18:52:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007.12.25 20:52:35 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.12.25 20:52:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.10.26 19:25:38 | 000,299,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\MRVW225.sys
[2007.06.07 21:35:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2007.05.07 19:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2007.05.05 14:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2007.05.05 14:48:07 | 000,000,868 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007.05.05 14:48:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2007.04.26 13:45:07 | 007,192,736 | ---- | C] () -- C:\WINDOWS\System32\vaengine.dll
[2007.04.10 15:02:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.03.23 17:25:24 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\stepbuttons.dll
[2007.03.23 17:25:24 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.02.22 19:46:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006.11.19 13:42:50 | 000,000,165 | ---- | C] () -- C:\WINDOWS\S3D.ini
[2006.04.19 16:51:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006.04.19 16:41:44 | 000,000,082 | ---- | C] () -- C:\WINDOWS\Pixel.ini
[2006.04.17 17:26:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2006.04.14 12:59:53 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2006.01.29 23:35:46 | 000,000,394 | ---- | C] () -- C:\WINDOWS\VideodeLuxe.INI
[2006.01.29 21:50:03 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.01.29 11:15:13 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006.01.05 17:41:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.01.01 21:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Demo.INI
[2005.12.13 22:22:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.10.11 19:41:40 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.09.25 16:12:59 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Kuss.ini
[2005.09.13 01:00:00 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005.09.13 01:00:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.09.13 01:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.09.13 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.08.08 20:47:33 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cddabase.ini
[2005.05.03 20:58:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DVDKeyAuth.dll
[2005.04.24 08:22:32 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2005.04.20 16:16:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.04.14 18:53:09 | 000,052,858 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys
[2005.04.09 15:39:37 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2005.04.09 15:18:53 | 000,000,195 | ---- | C] () -- C:\WINDOWS\clockwrx.ini
[2005.04.09 14:57:09 | 000,000,472 | ---- | C] () -- C:\WINDOWS\CUBIC.INI
[2005.04.09 12:08:24 | 000,001,498 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.04.02 20:22:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.03.19 11:29:41 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2005.03.13 16:29:01 | 000,000,041 | ---- | C] () -- C:\WINDOWS\DAVILEX.INI
[2004.11.23 20:14:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.11.23 18:20:57 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2004.11.17 03:24:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.DLL
[2004.11.17 03:24:50 | 000,003,488 | ---- | C] () -- C:\WINDOWS\CMIAINFO.SYS
[2004.11.17 03:24:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004.11.17 03:24:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004.11.17 03:24:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004.11.17 03:24:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2004.11.17 02:51:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004.11.17 02:40:25 | 000,000,871 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.11.17 02:34:46 | 001,343,768 | ---- | C] () -- C:\WINDOWS\System32\wuaueng.dll.wusetup.351484.bak
[2004.11.17 02:34:46 | 000,194,840 | ---- | C] () -- C:\WINDOWS\System32\wuaueng1.dll.wusetup.352812.bak
[2004.11.17 02:34:46 | 000,128,280 | ---- | C] () -- C:\WINDOWS\System32\wucltui.dll.wusetup.353078.bak
[2004.11.17 02:33:51 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.11.17 02:06:54 | 000,024,272 | ---- | C] () -- C:\WINDOWS\System32\netcty32.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002.06.20 12:46:00 | 007,190,528 | ---- | C] () -- C:\WINDOWS\System32\vaesaver.dll
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002.02.27 18:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2002.02.21 18:41:20 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll
[2000.10.16 16:16:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000.10.16 16:16:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[2000.03.29 23:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.08.11 16:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.07.29 18:27:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1999.05.21 22:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1998.01.28 01:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
 
========== LOP Check ==========
 
[2006.05.15 20:19:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buena Vista Games
[2008.06.27 18:12:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2008.11.19 17:06:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarStone
[2007.05.13 11:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FREEDB
[2009.07.15 14:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2007.04.21 14:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2009.03.22 21:07:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010.05.25 19:53:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2007.12.25 19:10:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2008.11.19 22:29:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SongbirdVLC
[2008.06.19 00:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2008.01.24 20:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager
[2009.03.28 13:24:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007.06.07 21:37:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2010.04.16 12:09:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.16 11:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008.11.21 16:09:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\AIMP
[2010.04.10 16:06:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Buhl Data Service GmbH
[2010.04.24 13:39:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\DeskSoft
[2010.02.06 16:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\EPSON
[2006.04.14 14:29:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\FarStone
[2008.10.15 19:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\FUJIFILM
[2007.01.09 21:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\GBSudoku
[2007.03.21 20:42:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\ICQLite
[2008.02.03 16:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\InterVideo
[2008.11.26 21:30:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\J River
[2010.05.26 16:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
[2008.02.03 16:11:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\MAGIX
[2009.03.22 19:13:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\NCH Swift Sound
[2008.10.19 16:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\OpenOffice.org
[2006.05.21 15:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Opera
[2008.10.19 15:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Skinux
[2010.06.02 15:54:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
[2008.11.21 16:04:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Songbird2
[2010.06.02 15:54:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
[2006.08.02 20:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\T-Online
[2009.02.28 21:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Teeworlds
[2006.04.23 16:40:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Template
[2006.04.25 16:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Thunderbird
[2007.04.30 13:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\TuneUp Software
[2010.06.06 18:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
[2008.01.13 20:03:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2008.12.12 20:42:34 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2004.11.17 02:36:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008.01.13 20:11:33 | 000,000,256 | ---- | M] () -- C:\Boot.bak
[2010.06.07 20:22:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2006.04.08 00:43:11 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2004.08.03 23:00:10 | 000,262,448 | ---- | M] () -- C:\cmldr
[2010.06.08 17:35:16 | 000,034,294 | ---- | M] () -- C:\ComboFix.txt
[2004.11.17 02:36:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008.01.06 16:52:27 | 000,000,880 | ---- | M] () -- C:\debugInstaller.txt
[1907.12.31 22:49:58 | 000,086,796 | ---- | M] () -- C:\DebugLog.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010.06.08 16:23:52 | 000,003,940 | ---- | M] () -- C:\HelpAsst.log
[2007.11.07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2006.01.05 17:42:00 | 000,001,120 | ---- | M] () -- C:\INSTALL.LOG
[2007.11.07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004.11.17 02:36:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.06.21 11:10:55 | 002,102,300 | ---- | M] () -- C:\Juwe danke.odt
[2009.04.19 18:08:36 | 000,000,608 | ---- | M] () -- C:\logfile
[2004.11.17 02:36:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006.04.08 00:43:11 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.05.13 13:30:38 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.06.08 17:23:52 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2006.08.02 20:37:51 | 000,000,309 | ---- | M] () -- C:\ToCaclLg.txt
[2005.03.19 17:05:02 | 000,000,011 | ---- | M] () -- C:\TOMBPATH.TXT
[2008.01.24 20:07:20 | 000,000,214 | ---- | M] () -- C:\TO_InstallLog.txt
[2001.05.24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2007.11.07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2007.08.18 16:40:37 | 000,134,914 | ---- | M] () -- C:\video56F51CFF-C36D-4CF3-9943-187ED3925413.log
[2006.07.03 20:15:38 | 000,001,557 | ---- | M] () -- C:\_arm_errors.log
[1907.12.31 22:26:06 | 000,000,000 | ---- | M] () -- C:\{{HUGO}}.SWP
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.11.17 03:29:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.11.17 03:29:13 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.11.17 03:29:13 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.06.08 17:41:52 | 000,823,808 | ---- | M] () -- C:\WINDOWS\system32\drivers\avprnzsn.sys
[2010.06.08 17:16:22 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS
 
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=C268AE6C540CC43F2264C8CB7A9A4243 -- C:\WINDOWS\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 04:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll
< End of report >

--- --- ---

Larusso 08.06.2010 16:53

Drücke die Windows + R taste --> helpasst -mbrt (reinkopieren) --> OK

Poste mir bitte die Logfile.
Der Befehl fixmbr in der RC funktionierte ohne Probleme ?
Nebenbei, wie läuft der Rechner ?

blabla 08.06.2010 17:22

logfile
Zitat:

C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\HelpAsst_mebroot_fix.exe
08.06.2010 at 15:50:00,73

HelpAssistant account was found ~ attempting to remove

Konto aktiv Ja
Lokale Gruppenmitgliedschaften *Administratoren

HelpAssistant account successfully removed

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"8518:TCP"=-
"5009:TCP"=-
"3389:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"8518:TCP"=-
"5009:TCP"=-
"3389:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1115070007-3674046497-395584582-1019
HelpAssistant profile directory exists at C:\Dokumente und Einstellungen\HelpAssistant.SCHATZI.000 ~ attempting to remove
~ All C:\Dokumente und Einstellungen\HelpAssistant.SCHATZI.000 files successfully removed ~

~~ Checking mbr ~~

mbr infection detected! ~ running mbr -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86b16b58
NDIS: VIA Rhine III Fast Ethernet Adapter -> SendCompleteHandler -> 0x8631b440
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86b16b58
NDIS: VIA Rhine III Fast Ethernet Adapter -> SendCompleteHandler -> 0x8631b440
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
Use "Recovery Console" command "fixmbr" to clear infection !

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on 08.06.2010 at 16:23:51,14

No HelpAssistant account in User list

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B68328]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86b68328
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
Use "Recovery Console" command "fixmbr" to clear infection !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant
HelpAssistant.SCHATZI

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on 08.06.2010 at 18:23:22,20

No HelpAssistant account in User list

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B404B0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86b404b0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
Use "Recovery Console" command "fixmbr" to clear infection !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant
HelpAssistant.SCHATZI

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

er läuft definitiv schneller.
letztens mal wieder gespielt wo vorher 4 fps waren, waren jetzt 24 sehr viel angenehmer^^

was meinst du mit Problemen?
Ich hab das gestartet dann 1 also, sodass C:\WINDOWS da stand und dann fixmbr dann hat er gewarnt, dass ich evtl nicht mehr auf andere Partitionen zugreifen kann oder so und dann hab ich j gedrückt und dann meinte er fertig und keine Probleme.

Larusso 08.06.2010 19:12

Hast Du einen Dell PC ?

Schritt 1

Windows + R taste --> Helpasst -folder -->OK


Schritt 2

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
  • Aktiviere "Quick-Scan durchführen" => Scan.
  • Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
  • Bei Funden in C:\System Volume Information den Haken entfernen.
    Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
    Er könnte jedoch trotz Malware noch gebraucht werden.
  • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.
Hier findest Du eine ausführliche und bebilderte Anleitung.


Schritt 3

Starte bitte OTL. Wähle unter
Extra Registrierung: Benutze Safe List
und klicke den Scan Button


Bitte poste in Deiner nächsten Antwort
Log von Helpasst
MBAM Log
OTL.txt
Extras.txt

blabla 08.06.2010 19:37

nein habe einen HP
und gab keinen Log?!

Larusso 08.06.2010 19:39

Hast Du dafür eine Recovery Partition? Normalerweise ist bei solch OEMs keine WIndowsCD beim Kauf dabei.


Fahre mal mit den restlichen Schritten fort.

blabla 08.06.2010 19:41

was ist ein Oem?

und ja habe ich aber den hat mein Vater angelegt. konnte damit nie etwas anfangen?!

Larusso 08.06.2010 19:43

Was hat dein Vater angelegt ?

blabla 08.06.2010 19:47

Ein Recovery Laufwerk

Der Suchlauf ist jetzt beendet mit 6 infizierten Objekten davon ist aber keines benannt mit C:\System Volume Information

Larusso 08.06.2010 19:51

Alles entfernen und fertig.

Hoffen wir mal das wir auf die Recovery noch zugreifen können, sonst muss ich mir was einfallen lassen ;)

blabla 08.06.2010 19:58

hier erstma der suchlauf
Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4180

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08.06.2010 20:58:03
mbam-log-2010-06-08 (20-58-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160910
Laufzeit: 7 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\drivers\avprnzsn.sys (Trojan.Rootkit) -> Delete on reboot.
C:\Dokumente und Einstellungen\Sunny Net\Anwendungsdaten\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
hier ist OTL
OTL Logfile:
OTL EXTRAS Logfile:
Code:

OTL logfile created on: 08.06.2010 21:04:45 - Run 3
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Eigene Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 564,00 Mb Available Physical Memory | 55,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 34,51 Gb Free Space | 46,31% Space Free | Partition Type: NTFS
Drive D: | 5,57 Gb Total Space | 4,94 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,41 Gb Free Space | 16,75% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHATZI
Current User Name: Jonas nur Spiele
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
PRC - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.14 04:22:45 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.10.28 17:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2004.04.02 14:31:06 | 000,086,016 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) -- C:\Programme\HHVcdV5Sys\VC5SecS.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009.01.07 19:20:28 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.02.24 15:30:50 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.04 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Programme\HHVcdV5Sys\VC5SecS.exe -- (VC5SecS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.06.08 21:00:28 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.02 00:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.20 19:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 20:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2005.12.21 17:44:28 | 000,299,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
DRV - [2005.12.20 12:42:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005.11.10 18:00:48 | 000,102,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.03.19 11:29:41 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.03 22:08:35 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004.08.03 22:08:29 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003.11.12 09:26:50 | 000,056,064 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBEV5MP.sys -- (vbev5mp)
DRV - [2003.09.11 00:36:53 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003.03.09 18:42:18 | 000,008,672 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscbs108.sys -- (uscbs108)
DRV - [2003.03.09 18:41:38 | 000,102,336 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscsc108.sys -- (uscsc108)
DRV - [2001.11.25 03:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB010B.SYS -- (FINEPIX_PCC)
DRV - [2001.08.17 13:11:05 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001.06.04 07:59:59 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000.01.08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://bit.ly/bxFzgb
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.02 18:02:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.28 12:11:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 12:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.16 12:05:46 | 000,000,000 | ---D | M]
 
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2010.06.08 18:32:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions
[2009.07.18 14:32:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007.12.22 17:13:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.14 19:36:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\personas@christopher.beard
[2010.06.08 18:32:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.01 15:42:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.01 15:42:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.01 15:42:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.01 15:42:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.01 15:42:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.07 20:39:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CmiCnfg.cpl (C-Media Corporation)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} hxxp://files.ea.com/downloads/rtpatch/v2/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101228590656 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.17 02:36:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.08 20:37:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Malwarebytes
[2010.06.08 20:36:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.08 20:36:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.08 20:36:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.08 20:36:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.08 19:00:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Recent
[2010.06.08 19:00:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.08 17:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.07 22:04:36 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010.06.07 20:36:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2010.06.07 20:22:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.07 20:19:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.07 20:19:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.07 20:19:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.07 20:19:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.07 20:19:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.07 20:16:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.07 18:30:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.06 18:26:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
[2010.06.04 20:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Hijack
[2010.06.04 17:01:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.04 15:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.02 15:54:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
[2010.06.02 15:54:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
[2010.06.02 15:54:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla
[2010.06.02 15:52:44 | 000,000,000 | ---D | C] -- C:\Programme\$NtUninstallWTF1012$
[2010.05.31 16:06:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
[2010.05.26 16:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
[2010.05.25 20:41:34 | 000,000,000 | ---D | C] -- C:\Programme\League of Legends
[2010.05.25 19:51:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\PMB Files
[2010.05.25 19:50:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.05.25 19:50:19 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2003.03.09 18:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll
[2003.03.09 18:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys
[2003.03.09 18:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.08 21:07:08 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\avprnzsn.sys
[2010.06.08 21:00:56 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.08 21:00:28 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010.06.08 20:59:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.08 20:59:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.08 20:58:48 | 009,437,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.dat
[2010.06.08 20:58:48 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.ini
[2010.06.08 20:58:44 | 018,746,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.08 20:36:54 | 000,000,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.08 17:32:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.07 20:42:16 | 001,074,602 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.07 20:42:16 | 000,460,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.07 20:42:16 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.07 20:42:16 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.07 20:42:16 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.07 20:39:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.07 20:22:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.06.07 18:23:47 | 000,021,916 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.06 17:23:15 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.06.04 16:25:11 | 000,030,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.03 18:03:40 | 000,209,151 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.05.31 16:06:30 | 000,001,353 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.27 20:31:40 | 000,001,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:05:35 | 000,039,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:43 | 000,000,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
 
========== Files Created - No Company Name ==========
 
[2010.06.08 20:36:54 | 000,000,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.07 20:22:26 | 000,000,256 | ---- | C] () -- C:\Boot.bak
[2010.06.07 20:22:21 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.07 20:19:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.07 20:19:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.07 20:19:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.07 20:19:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.07 20:19:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.07 17:25:19 | 000,021,916 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.06 20:00:19 | 000,016,565 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Kostenaufstellung.ods
[2010.06.06 20:00:19 | 000,011,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Fahrkostenabrechnung Teil 1 BG.odt
[2010.06.03 18:03:38 | 000,209,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.06.02 15:53:13 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\avprnzsn.sys
[2010.06.02 15:44:54 | 000,014,222 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\hs_err_pid3004.log
[2010.05.31 16:06:30 | 000,001,353 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.25 21:05:35 | 000,039,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:46 | 000,001,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:03:42 | 000,000,161 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
[2010.01.11 09:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.11.21 16:16:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.18 14:35:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.24 13:33:50 | 000,000,261 | ---- | C] () -- C:\WINDOWS\mp3merger.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.11.25 23:11:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.19 22:25:25 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\dtirc.dll
[2008.06.27 18:09:18 | 000,000,381 | ---- | C] () -- C:\WINDOWS\WISO.INI
[2008.06.08 13:38:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.06.08 13:37:39 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE V200DEFGIPSRUk.ini
[2008.03.20 18:53:13 | 000,000,034 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2008.03.20 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2008.03.20 18:52:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007.12.25 20:52:35 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.12.25 20:52:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.10.26 19:25:38 | 000,299,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\MRVW225.sys
[2007.06.07 21:35:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2007.05.07 19:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2007.05.05 14:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2007.05.05 14:48:07 | 000,000,868 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007.05.05 14:48:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2007.04.26 13:45:07 | 007,192,736 | ---- | C] () -- C:\WINDOWS\System32\vaengine.dll
[2007.04.10 15:02:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.03.23 17:25:24 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\stepbuttons.dll
[2007.03.23 17:25:24 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.02.22 19:46:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006.11.19 13:42:50 | 000,000,165 | ---- | C] () -- C:\WINDOWS\S3D.ini
[2006.04.19 16:51:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006.04.19 16:41:44 | 000,000,082 | ---- | C] () -- C:\WINDOWS\Pixel.ini
[2006.04.17 17:26:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2006.04.14 12:59:53 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2006.01.29 23:35:46 | 000,000,394 | ---- | C] () -- C:\WINDOWS\VideodeLuxe.INI
[2006.01.29 21:50:03 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.01.29 11:15:13 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006.01.05 17:41:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.01.01 21:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Demo.INI
[2005.12.13 22:22:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.10.11 19:41:40 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.09.25 16:12:59 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Kuss.ini
[2005.09.13 01:00:00 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005.09.13 01:00:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.09.13 01:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.09.13 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.08.08 20:47:33 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cddabase.ini
[2005.05.03 20:58:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DVDKeyAuth.dll
[2005.04.24 08:22:32 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2005.04.20 16:16:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.04.14 18:53:09 | 000,052,858 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys
[2005.04.09 15:39:37 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2005.04.09 15:18:53 | 000,000,195 | ---- | C] () -- C:\WINDOWS\clockwrx.ini
[2005.04.09 14:57:09 | 000,000,472 | ---- | C] () -- C:\WINDOWS\CUBIC.INI
[2005.04.09 12:08:24 | 000,001,498 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.04.02 20:22:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.03.19 11:29:41 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2005.03.13 16:29:01 | 000,000,041 | ---- | C] () -- C:\WINDOWS\DAVILEX.INI
[2004.11.23 20:14:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.11.23 18:20:57 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2004.11.17 03:24:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.DLL
[2004.11.17 03:24:50 | 000,003,488 | ---- | C] () -- C:\WINDOWS\CMIAINFO.SYS
[2004.11.17 03:24:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004.11.17 03:24:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004.11.17 03:24:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004.11.17 03:24:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2004.11.17 02:51:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004.11.17 02:40:25 | 000,000,871 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.11.17 02:34:46 | 001,343,768 | ---- | C] () -- C:\WINDOWS\System32\wuaueng.dll.wusetup.351484.bak
[2004.11.17 02:34:46 | 000,194,840 | ---- | C] () -- C:\WINDOWS\System32\wuaueng1.dll.wusetup.352812.bak
[2004.11.17 02:34:46 | 000,128,280 | ---- | C] () -- C:\WINDOWS\System32\wucltui.dll.wusetup.353078.bak
[2004.11.17 02:33:51 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.11.17 02:06:54 | 000,024,272 | ---- | C] () -- C:\WINDOWS\System32\netcty32.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002.06.20 12:46:00 | 007,190,528 | ---- | C] () -- C:\WINDOWS\System32\vaesaver.dll
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002.02.27 18:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2002.02.21 18:41:20 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll
[2000.10.16 16:16:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000.10.16 16:16:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[2000.03.29 23:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.08.11 16:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.07.29 18:27:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1999.05.21 22:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1998.01.28 01:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
< End of report >

--- --- ---

--- --- ---

hier die extras
OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 08.06.2010 21:04:45 - Run 3
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Eigene Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 564,00 Mb Available Physical Memory | 55,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 34,51 Gb Free Space | 46,31% Space Free | Partition Type: NTFS
Drive D: | 5,57 Gb Total Space | 4,94 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,41 Gb Free Space | 16,75% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHATZI
Current User Name: Jonas nur Spiele
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56608:TCP" = 56608:TCP:*:Enabled:Pando Media Booster
"56608:UDP" = 56608:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56608:TCP" = 56608:TCP:*:Enabled:Pando Media Booster
"56608:UDP" = 56608:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6975:TCP" = 6975:TCP:*:Enabled:League of Legends Launcher
"6975:UDP" = 6975:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"$NtUninstallWTF1012$" = Sky-Banners browser enhancer
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{294EF51E-1453-4F42-8792-77DBFB47D0EC}" = Crazy Machines - Neue Herausforderungen
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{58809833-5E10-4EC7-9F87-DFCFB93E78E6}" = EU Screen Saver
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6419ED85-0F56-473E-9C65-5BFCA43402C0}" = VMXWizard beta
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{700AF45E-6BE8-4850-B3D2-37E3971710FD}" = WISO Haushaltsbuch 2008
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{82C6572B-F9E9-4149-82E3-EA062DB2C75C}" = DaViDeo onDVD
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}" = Crazy Machines
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2299186-2EFA-11D8-9E00-0004769EEFEB}" = Revenge
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B653515B-3228-9A8F-46EF-9572CC401031}" = Nero 7 Premium
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE5272C-CE7D-42D0-B531-D386F6E11774}" = Crazy Machines - Neue Herausforderungen Demo
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E358634B-F124-46FD-8618-C00D0E92B0D3}" = BMWi-Softwarepaket 9.3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL 2.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}" = GameShadow
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ArcSoft VideoImpression 16FP" = ArcSoft VideoImpression 1.6FP
"ASAPI Update" = ASAPI Update
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta_is1" = Audacity 1.3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Mouse" = Browser Mouse
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"ClearProg" = ClearProg 1.6.0 Final
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"EPSON PERFECTION V200 PHOTO Benutzerhandbuch" = EPSON PERFECTION V200 PHOTO Handbuch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESPR200 Referenzhandbuch" = ESPR200 Referenzhandbuch
"ESPR200 Softwarehandbuch" = ESPR200 Softwarehandbuch
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Foxit Reader" = Foxit Reader
"FreePascal_is1" = Free Pascal 2.4.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{82C6572B-F9E9-4149-82E3-EA062DB2C75C}" = DaViDeo onDVD
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Basic)
"League of Legends_is1" = League of Legends
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mapserver 3.2 COM-Module" = mapserver 3.2 COM-Module
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Tools 2.0" = NetShow Tools 3.0
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"Mp3tag" = Mp3tag v2.43
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights (Ahead Software)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PokerStars.net" = PokerStars.net
"PowerArchiver" = PowerArchiver
"PowerDVD" = PowerDVD
"PS2" = PS2
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.2
"Seven Remix XP" = Seven Remix XP 2.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VDMSound" = VDMSound
"VLC media player" = VLC media player 1.0.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2010 12:41:08 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:42:07 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:43:53 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:43:54 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:43:55 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 13:51:39 | Computer Name = SCHATZI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 07.06.2010 11:08:28 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 07.06.2010 11:10:09 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 07.06.2010 11:11:38 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 07.06.2010 11:18:47 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
[ System Events ]
Error - 07.06.2010 12:32:19 | Computer Name = SCHATZI | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 07.06.2010 12:52:11 | Computer Name = SCHATZI | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 07.06.2010 12:52:11 | Computer Name = SCHATZI | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 07.06.2010 14:28:23 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 07.06.2010 14:37:01 | Computer Name = SCHATZI | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_OULTRAF\0000" wurde ohne vorbereitende Maßnahmen
 vom System entfernt.
 
Error - 07.06.2010 14:39:10 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 09:45:59 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 09:53:01 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 11:07:12 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 11:16:08 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
 
< End of report >

--- --- ---

Larusso 08.06.2010 20:50

Schritt 1
Code:

:OTL
[2010.06.08 21:07:08 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\avprnzsn.sys
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:services
:files
:reg
:Commands
[purity]
[emptytemp]

  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
  • Schließe alle Browserfenster.
  • Doppelklicke die JavaRa.exe, um das Programm zu starten.
  • Die Sprache auswählen, nimm Englisch und klicke "Select".
  • Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
  • Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
  • Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
  • Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
  • Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
  • Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
  • Rechner neu starten.
Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.


Schritt 3
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
  • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
  • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
  • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)


Schritt 4

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
Log von OTLfix
Log von ESET
OTL.txt

Berichte wie der Rechner läuft.

blabla 09.06.2010 14:06

hier erstma der Fix
Zitat:

All processes killed
========== OTL ==========
File move failed. C:\WINDOWS\system32\drivers\avprnzsn.sys scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.SCHATZI
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jonas

User: Jonas nur Spiele
->Temp folder emptied: 1393 bytes
->Temporary Internet Files folder emptied: 1089653 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35524805 bytes
->Flash cache emptied: 693 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Sunny Net
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Uli.SCHATZI

User: Utily
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 652317 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36,00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06092010_150526

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\avprnzsn.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...
hier ist die Javara.log datei
Zitat:

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jun 09 15:14:56 2010

Found and removed: C:\Programme\Java\j2re1.4.2_04

Found and removed: C:\Programme\Java\jre1.6.0_01

Found and removed: C:\Programme\Java\jre1.6.0_02

Found and removed: C:\Programme\Java\jre1.6.0_03

Found and removed: C:\Programme\Java\jre1.6.0_04

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142040}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142040}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410204

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410204

Found and removed: SOFTWARE\Classes\JavaPlugin.142_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_04

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\JavaPlugin.142_04

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_04

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_04

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410204

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.




blabla 09.06.2010 17:11

ist das normal das Eset sehr lange benötigt?
hab bei 50 min 11%

Larusso 09.06.2010 18:12

Das geht ja noch schnell ;)

blabla 09.06.2010 21:36

das kam bei eset raus
Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=caf2577c4ca61c43b50fee0c0df502fe
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-09 03:03:39
# local_time=2010-06-09 05:03:39 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 436416 436416 0 0
# compatibility_mode=1797 16775141 100 100 258280 50992286 74640 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 166 166 0 0
# scanned=253
# found=0
# cleaned=0
# scan_time=108
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=caf2577c4ca61c43b50fee0c0df502fe
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-09 08:37:59
# local_time=2010-06-09 10:37:59 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 437852 437852 0 0
# compatibility_mode=1797 16775141 100 100 259716 50993722 76076 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 1602 1602 0 0
# scanned=149957
# found=13
# cleaned=13
# scan_time=18737
C:\Eigene Downloads\Setup_ClearProg_1.6.0_Final.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Eigene Downloads\System\Setup_ClearProg_1.5.1_Beta1.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\HelpAsst_backup\C\DOKUME~1\HelpAssistant\Anwendungsdaten\sdra64.exe Win32/Spy.Zbot.UN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\HelpAsst_backup\C\DOKUME~1\HelpAssistant.SCHATZI\Anwendungsdaten\sdra64.exe Win32/Spy.Zbot.UN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Programme\$NtUninstallWTF1012$\elUninstall.exe Win32/Adware.Lifze.J application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Programme\ClearProg\eBay\eBayShortcuts.exe a variant of Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\rdpcdd.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe Win32/Adware.Lifze.J application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06072010_183037\C_Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\sdra64.exe Win32/Spy.Zbot.UN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06072010_183037\C_WINDOWS\system32\jncegivq.exe Win32/Adware.Lifze.J application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06072010_183037\C_WINDOWS\system32\nznnhkyb.dll Win32/Adware.Lifze.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06072010_183037\C_WINDOWS\system32\sdra64.exe Win32/Spy.Zbot.UN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06072010_183037\C_WINDOWS\system32\uppqhbrc.dll probably a variant of Win32/Adware.Lifze.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

blabla 09.06.2010 21:47

und das bei OTL
OTL Logfile:
Code:

OTL logfile created on: 09.06.2010 22:41:47 - Run 4
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Eigene Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 526,00 Mb Available Physical Memory | 51,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 34,49 Gb Free Space | 46,27% Space Free | Partition Type: NTFS
Drive D: | 5,57 Gb Total Space | 4,94 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,41 Gb Free Space | 16,74% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465,76 Gb Total Space | 425,66 Gb Free Space | 91,39% Space Free | Partition Type: NTFS
 
Computer Name: SCHATZI
Current User Name: Jonas nur Spiele
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
PRC - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.14 04:22:45 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.10.28 17:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2004.04.02 14:31:06 | 000,086,016 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) -- C:\Programme\HHVcdV5Sys\VC5SecS.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009.01.07 19:20:28 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.02.24 15:30:50 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.04 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Programme\HHVcdV5Sys\VC5SecS.exe -- (VC5SecS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.06.09 15:59:16 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.02 00:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.20 19:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 20:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2005.12.21 17:44:28 | 000,299,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
DRV - [2005.12.20 12:42:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005.11.10 18:00:48 | 000,102,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.03.19 11:29:41 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.03 22:08:35 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004.08.03 22:08:29 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003.11.12 09:26:50 | 000,056,064 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBEV5MP.sys -- (vbev5mp)
DRV - [2003.09.11 00:36:53 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003.03.09 18:42:18 | 000,008,672 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscbs108.sys -- (uscbs108)
DRV - [2003.03.09 18:41:38 | 000,102,336 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscsc108.sys -- (uscsc108)
DRV - [2001.11.25 03:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB010B.SYS -- (FINEPIX_PCC)
DRV - [2001.08.17 13:11:05 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001.06.04 07:59:59 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000.01.08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://bit.ly/bxFzgb
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.02 18:02:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.09 15:53:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 12:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.16 12:05:46 | 000,000,000 | ---D | M]
 
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2010.06.09 22:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions
[2010.06.09 16:03:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007.12.22 17:13:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.14 19:36:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\personas@christopher.beard
[2010.06.09 22:39:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.09 15:53:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.09 15:53:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.11.01 15:42:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.01 15:42:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.01 15:42:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.01 15:42:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.01 15:42:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.07 20:39:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CmiCnfg.cpl (C-Media Corporation)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} hxxp://files.ea.com/downloads/rtpatch/v2/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101228590656 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.17 02:36:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.09 16:54:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Neuer Ordner
[2010.06.09 15:54:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.06.09 15:30:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Nvu
[2010.06.09 15:30:19 | 000,000,000 | ---D | C] -- C:\Programme\Nvu
[2010.06.08 20:37:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Malwarebytes
[2010.06.08 20:36:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.08 20:36:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.08 20:36:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.08 20:36:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.08 19:00:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Recent
[2010.06.08 19:00:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.08 17:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.07 22:04:36 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010.06.07 20:22:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.07 20:19:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.07 20:19:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.07 20:19:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.07 20:19:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.07 20:19:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.07 20:16:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.07 18:30:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.06 18:26:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
[2010.06.04 20:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla
[2010.06.04 17:01:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.04 15:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.02 15:54:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
[2010.06.02 15:54:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
[2010.06.02 15:54:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla
[2010.06.02 15:52:44 | 000,000,000 | ---D | C] -- C:\Programme\$NtUninstallWTF1012$
[2010.05.31 16:06:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
[2010.05.26 16:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
[2010.05.25 20:41:34 | 000,000,000 | ---D | C] -- C:\Programme\League of Legends
[2010.05.25 19:51:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\PMB Files
[2010.05.25 19:50:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.05.25 19:50:19 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2010.04.21 20:14:26 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.04.16 12:08:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.16 12:02:18 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.04.12 18:33:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\NiwradSoft Shell Pack
[2010.04.12 18:20:40 | 000,000,000 | ---D | C] -- C:\Programme\Web
[2010.04.12 18:20:40 | 000,000,000 | ---D | C] -- C:\Programme\Resources
[2010.04.10 16:06:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Buhl Data Service GmbH
[2010.04.10 15:59:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\DeskSoft
[2010.03.31 14:54:34 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.03.25 21:08:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Avira
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2003.03.09 18:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll
[2003.03.09 18:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys
[2003.03.09 18:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.09 22:44:49 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\avprnzsn.sys
[2010.06.09 16:58:36 | 002,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\esetsmartinstaller_enu.exe
[2010.06.09 15:59:16 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010.06.09 15:30:27 | 000,000,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Nvu.lnk
[2010.06.09 15:26:39 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.09 15:19:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.09 15:18:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.09 15:18:04 | 009,437,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.dat
[2010.06.09 15:18:04 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.ini
[2010.06.09 15:18:00 | 018,748,270 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.08 17:32:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.07 20:42:16 | 001,074,602 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.07 20:42:16 | 000,460,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.07 20:42:16 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.07 20:42:16 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.07 20:42:16 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.07 20:39:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.07 20:22:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.06.07 18:30:07 | 000,000,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Verknüpfung mit OTL.lnk
[2010.06.07 18:23:47 | 000,021,916 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.06 17:23:15 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.06.04 16:25:11 | 000,030,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.03 18:03:40 | 000,209,151 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.05.31 16:06:30 | 000,001,353 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.27 20:31:40 | 000,001,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:05:35 | 000,039,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:43 | 000,000,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
[2010.05.04 17:56:29 | 000,149,772 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010.04.30 13:02:17 | 000,011,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Fahrkostenabrechnung Teil 1 BG.odt
[2010.04.30 12:36:08 | 000,016,565 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Kostenaufstellung.ods
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.25 15:26:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.13 21:18:36 | 000,012,862 | ---- | M] () -- C:\WINDOWS\EPISMG00.SWB
[2010.04.13 14:15:05 | 000,430,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.06.09 16:58:30 | 002,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\esetsmartinstaller_enu.exe
[2010.06.09 15:30:27 | 000,000,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Nvu.lnk
[2010.06.07 20:22:26 | 000,000,256 | ---- | C] () -- C:\Boot.bak
[2010.06.07 20:22:21 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.07 20:19:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.07 20:19:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.07 20:19:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.07 20:19:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.07 20:19:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.07 18:30:07 | 000,000,503 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Verknüpfung mit OTL.lnk
[2010.06.07 17:25:19 | 000,021,916 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.06 20:00:19 | 000,016,565 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Kostenaufstellung.ods
[2010.06.06 20:00:19 | 000,011,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Fahrkostenabrechnung Teil 1 BG.odt
[2010.06.03 18:03:38 | 000,209,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.06.02 15:53:13 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\avprnzsn.sys
[2010.06.02 15:44:54 | 000,014,222 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\hs_err_pid3004.log
[2010.05.31 16:06:30 | 000,001,353 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.25 21:05:35 | 000,039,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:46 | 000,001,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:03:42 | 000,000,161 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
[2010.04.04 17:12:01 | 000,000,757 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Flyff.lnk
[2010.01.11 09:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.11.21 16:16:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.18 14:35:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.24 13:33:50 | 000,000,261 | ---- | C] () -- C:\WINDOWS\mp3merger.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.11.25 23:11:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.19 22:25:25 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\dtirc.dll
[2008.06.27 18:09:18 | 000,000,381 | ---- | C] () -- C:\WINDOWS\WISO.INI
[2008.06.08 13:38:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.06.08 13:37:39 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE V200DEFGIPSRUk.ini
[2008.03.20 18:53:13 | 000,000,034 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2008.03.20 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2008.03.20 18:52:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007.12.25 20:52:35 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.12.25 20:52:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.10.26 19:25:38 | 000,299,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\MRVW225.sys
[2007.06.07 21:35:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2007.05.07 19:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2007.05.05 14:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2007.05.05 14:48:07 | 000,000,868 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007.05.05 14:48:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2007.04.26 13:45:07 | 007,192,736 | ---- | C] () -- C:\WINDOWS\System32\vaengine.dll
[2007.04.10 15:02:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.03.23 17:25:24 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\stepbuttons.dll
[2007.03.23 17:25:24 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.02.22 19:46:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006.11.19 13:42:50 | 000,000,165 | ---- | C] () -- C:\WINDOWS\S3D.ini
[2006.04.19 16:51:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006.04.19 16:41:44 | 000,000,082 | ---- | C] () -- C:\WINDOWS\Pixel.ini
[2006.04.17 17:26:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2006.04.14 12:59:53 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2006.01.29 23:35:46 | 000,000,394 | ---- | C] () -- C:\WINDOWS\VideodeLuxe.INI
[2006.01.29 21:50:03 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.01.29 11:15:13 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006.01.05 17:41:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.01.01 21:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Demo.INI
[2005.12.13 22:22:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.10.11 19:41:40 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.09.25 16:12:59 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Kuss.ini
[2005.09.13 01:00:00 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005.09.13 01:00:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.09.13 01:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.09.13 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.08.08 20:47:33 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cddabase.ini
[2005.05.03 20:58:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DVDKeyAuth.dll
[2005.04.24 08:22:32 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2005.04.20 16:16:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.04.14 18:53:09 | 000,052,858 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys
[2005.04.09 15:39:37 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2005.04.09 15:18:53 | 000,000,195 | ---- | C] () -- C:\WINDOWS\clockwrx.ini
[2005.04.09 14:57:09 | 000,000,472 | ---- | C] () -- C:\WINDOWS\CUBIC.INI
[2005.04.09 12:08:24 | 000,001,498 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.04.02 20:22:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.03.19 11:29:41 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2005.03.13 16:29:01 | 000,000,041 | ---- | C] () -- C:\WINDOWS\DAVILEX.INI
[2004.11.23 20:14:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.11.23 18:20:57 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2004.11.17 03:24:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.DLL
[2004.11.17 03:24:50 | 000,003,488 | ---- | C] () -- C:\WINDOWS\CMIAINFO.SYS
[2004.11.17 03:24:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004.11.17 03:24:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004.11.17 03:24:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004.11.17 03:24:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2004.11.17 02:51:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004.11.17 02:40:25 | 000,000,871 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.11.17 02:34:46 | 001,343,768 | ---- | C] () -- C:\WINDOWS\System32\wuaueng.dll.wusetup.351484.bak
[2004.11.17 02:34:46 | 000,194,840 | ---- | C] () -- C:\WINDOWS\System32\wuaueng1.dll.wusetup.352812.bak
[2004.11.17 02:34:46 | 000,128,280 | ---- | C] () -- C:\WINDOWS\System32\wucltui.dll.wusetup.353078.bak
[2004.11.17 02:33:51 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.11.17 02:06:54 | 000,024,272 | ---- | C] () -- C:\WINDOWS\System32\netcty32.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002.06.20 12:46:00 | 007,190,528 | ---- | C] () -- C:\WINDOWS\System32\vaesaver.dll
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002.02.27 18:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2002.02.21 18:41:20 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll
[2000.10.16 16:16:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000.10.16 16:16:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[2000.03.29 23:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.08.11 16:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.07.29 18:27:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1999.05.21 22:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1998.01.28 01:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
 
========== LOP Check ==========
 
[2006.05.15 20:19:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buena Vista Games
[2008.06.27 18:12:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2008.11.19 17:06:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarStone
[2007.05.13 11:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FREEDB
[2009.07.15 14:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2007.04.21 14:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2009.03.22 21:07:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010.05.25 19:53:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2007.12.25 19:10:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2008.11.19 22:29:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SongbirdVLC
[2008.06.19 00:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2008.01.24 20:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager
[2009.03.28 13:24:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007.06.07 21:37:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2010.04.16 12:09:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.16 11:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008.11.21 16:09:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\AIMP
[2010.04.10 16:06:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Buhl Data Service GmbH
[2010.04.24 13:39:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\DeskSoft
[2010.02.06 16:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\EPSON
[2006.04.14 14:29:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\FarStone
[2008.10.15 19:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\FUJIFILM
[2007.01.09 21:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\GBSudoku
[2007.03.21 20:42:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\ICQLite
[2008.02.03 16:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\InterVideo
[2008.11.26 21:30:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\J River
[2010.05.26 16:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
[2008.02.03 16:11:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\MAGIX
[2009.03.22 19:13:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\NCH Swift Sound
[2010.06.09 15:30:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Nvu
[2008.10.19 16:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\OpenOffice.org
[2006.05.21 15:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Opera
[2008.10.19 15:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Skinux
[2010.06.02 15:54:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
[2008.11.21 16:04:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Songbird2
[2010.06.02 15:54:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
[2006.08.02 20:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\T-Online
[2009.02.28 21:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Teeworlds
[2006.04.23 16:40:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Template
[2006.04.25 16:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Thunderbird
[2007.04.30 13:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\TuneUp Software
[2010.06.06 18:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
[2008.01.13 20:03:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\XnView
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Larusso 10.06.2010 14:20

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.
  • Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
    Danach wieder anstellen nicht vergessen!
  • Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
Anwendung
  1. Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:
    Code:

    killAll::
    Rootkit::
    C:\WINDOWS\System32\drivers\avprnzsn.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avprnzsn]

  2. Speichere dies als CFScript.txt auf Deinem Desktop
    .
    http://i266.photobucket.com/albums/i.../CFScriptB.gif
    .
  3. In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  4. Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Schritt 2

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
Combofix.txt
OTL.txt
Extras.txt
Berichte ob noch irgendwelche Probleme vorhanden sind.

blabla 10.06.2010 18:55

combofix
Combofix Logfile:
Code:

ComboFix 10-06-09.04 - Jonas nur Spiele 10.06.2010  19:40:53.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.613 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Jonas nur Spiele\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Jonas nur Spiele\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_avprnzsn
-------\Service_avprnzsn


(((((((((((((((((((((((  Dateien erstellt von 2010-05-10 bis 2010-06-10  ))))))))))))))))))))))))))))))
.

2010-06-09 13:54 . 2010-06-09 13:54        503808        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2a3ee72a-n\msvcp71.dll
2010-06-09 13:54 . 2010-06-09 13:54        499712        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2a3ee72a-n\jmc.dll
2010-06-09 13:54 . 2010-06-09 13:54        348160        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2a3ee72a-n\msvcr71.dll
2010-06-09 13:53 . 2010-06-09 13:53        61440        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3714b726-n\decora-sse.dll
2010-06-09 13:53 . 2010-06-09 13:53        12800        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3714b726-n\decora-d3d.dll
2010-06-09 13:53 . 2010-06-09 13:53        411368        ----a-w-        c:\windows\system32\deployJava1.dll
2010-06-09 13:30 . 2010-06-09 13:30        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Nvu
2010-06-09 13:30 . 2010-06-09 13:30        --------        d-----w-        c:\programme\Nvu
2010-06-08 18:37 . 2010-06-08 18:37        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Malwarebytes
2010-06-08 18:36 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-08 18:36 . 2010-06-08 18:36        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-08 18:36 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-06-08 18:36 . 2010-06-08 18:36        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-06-07 20:04 . 2010-06-08 13:50        --------        d-----w-        C:\HelpAsst_backup
2010-06-07 18:36 . 2008-04-14 02:22        39424        ----a-w-        c:\windows\system32\grpconv.exe
2010-06-07 16:30 . 2010-06-07 16:30        --------        d-----w-        C:\_OTL
2010-06-06 16:26 . 2010-06-06 16:26        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
2010-06-04 13:48 . 2010-06-04 13:48        --------        d-----w-        c:\programme\Trend Micro
2010-06-02 14:01 . 2010-06-02 14:01        --------        d-sh--w-        c:\dokumente und einstellungen\NetworkService\IETldCache
2010-06-02 13:54 . 2010-06-02 13:54        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
2010-06-02 13:54 . 2010-06-02 13:54        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
2010-06-02 13:54 . 2010-06-04 13:41        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla
2010-06-02 13:52 . 2010-06-02 13:52        --------        d-sh--w-        c:\windows\system32\config\systemprofile\IETldCache
2010-06-02 13:52 . 2010-06-09 17:10        --------        d-----w-        c:\programme\$NtUninstallWTF1012$
2010-05-31 14:06 . 2010-06-02 12:57        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
2010-05-26 14:38 . 2010-05-26 14:38        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
2010-05-25 18:41 . 2010-06-08 19:13        --------        d-----w-        c:\programme\League of Legends
2010-05-25 17:51 . 2010-05-25 19:52        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\PMB Files
2010-05-25 17:50 . 2010-05-25 17:53        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PMB Files
2010-05-25 17:50 . 2010-05-25 17:50        --------        d-----w-        c:\programme\Pando Networks

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 17:51 . 2004-11-23 16:20        13440        ----a-w-        c:\windows\system32\drivers\USBCRFT.SYS
2010-06-09 13:54 . 2005-03-13 13:09        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java
2010-06-09 13:53 . 2005-03-13 13:09        --------        d-----w-        c:\programme\Java
2010-06-09 13:51 . 2008-10-19 14:16        1        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-08 19:50 . 2008-10-14 18:50        1        ----a-w-        c:\dokumente und einstellungen\Utily\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-07 18:42 . 2004-11-17 00:07        85396        ----a-w-        c:\windows\system32\perfc007.dat
2010-06-07 18:42 . 2004-11-17 00:07        460664        ----a-w-        c:\windows\system32\perfh007.dat
2010-06-06 16:18 . 2008-09-27 16:52        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Skype
2010-06-06 15:23 . 2008-09-27 16:53        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\skypePM
2010-05-08 15:33 . 2009-07-23 12:51        --------        d-----w-        c:\programme\Warcraft III
2010-05-04 15:56 . 2009-08-12 12:48        149772        ----a-w-        c:\windows\War3Unin.dat
2010-04-24 11:39 . 2010-04-10 13:59        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\DeskSoft
2010-04-16 10:09 . 2010-04-16 10:08        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-16 10:05 . 2007-01-05 17:03        --------        d-----w-        c:\programme\QuickTime Alternative
2010-04-16 10:02 . 2010-04-16 10:02        --------        d-----w-        c:\programme\Bonjour
2010-04-12 16:34 . 2004-11-17 00:07        219136        ----a-w-        c:\windows\system32\uxtheme.dll
2010-04-12 16:20 . 2010-04-12 16:20        --------        d-----w-        c:\programme\Web
2010-04-12 16:20 . 2010-04-12 16:20        --------        d-----w-        c:\programme\Resources
2010-04-11 18:30 . 2005-03-13 11:36        --------        d-----w-        c:\programme\CDex_150
2010-03-21 13:29 . 2010-03-21 13:29        8192        ----a-r-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Microsoft\Installer\{E358634B-F124-46FD-8618-C00D0E92B0D3}\IconE358634B.exe
2008-02-26 07:43 . 2008-05-13 10:46        1663        ----a-w-        c:\programme\file_id.diz
2008-02-26 06:39 . 2008-05-13 10:46        1440147        ----a-w-        c:\programme\streamdown.exe
1997-05-13 11:22 . 2005-04-02 18:55        4216        ----a-w-        c:\programme\Readme.txt
1997-03-27 13:50 . 2005-04-02 18:55        7107        ----a-w-        c:\programme\Faq_uk.txt
2008-04-14 02:22 . 2010-04-12 16:40        60416        --sha-w-        c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe
2006-11-03 08:56 . 2010-04-12 16:40        64000        --sha-w-        c:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.

------- Sigcheck -------

[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . E30E7D620E14DFBCF647E019C05260B9 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . E30E7D620E14DFBCF647E019C05260B9 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2005-03-11 . 7DE34867BB84F2A8DD96FD1B7B78F82E . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e7d5f3dc50cc78c5a07ca9b24ee13a63\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-12-21 . A7675CF0A180877D8A312B79594FE16B . 921600 . . [6.0] . . c:\windows\SoftwareDistribution\Download\81b207e4d73b88e755fb591f47d88f3a\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[7] 2010-02-25 . 2127D9862937DBD40882B9417DEB1837 . 5944832 . . [8.00.6001.18904] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2010-02-25 . A674C7FC19E3CBF50A745F9FD53AF384 . 6106112 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-02-25 . A674C7FC19E3CBF50A745F9FD53AF384 . 6106112 . . [8.00.6001.18904] . . c:\windows\system32\mshtml.dll
[-] 2010-02-25 . A674C7FC19E3CBF50A745F9FD53AF384 . 6106112 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-02-25 . 0A164AB476D7835335220D7A2AE5578B . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2009-12-21 . A947E6258FB5FBD0E5F58DA9541D7BE3 . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . DDAAECF8E188A0E2DB93842A7D193641 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 686E3FB68E8E41CD6B2970E6D49F1E14 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . 430315D0CAA115EA42EFDF31A93AB5D0 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . 6FFF8D10D0EF5DBE46B7D035FA4119E4 . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . EFB718C1CD9DD453DEE529DF4F25DBCA . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . 877EC4221F6AF1F51E24110E064CC71E . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . D8AEC29BD4F4C5A9D85F3ADE9B7F8C3F . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . 5267ECEAC80A826F6FC8F092022140DB . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2009-07-19 . 165056346E0A00566A442287DAA7575F . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . CF58DCA3ED911C4C942B941D4ECF6862 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[7] 2009-01-16 . A76EEDA793C9BFC0C1B8C5F3439D8A39 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie8\mshtml.dll
[7] 2009-01-16 . B44AC6A49DA4A5BAA7AFEA0AA6E5B967 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . 6C8D1CF85533A3792DCDDAAE42DBB161 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . E0825D1BC0F0C2B5CA434F7E9CCF10AE . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . AB864B71DF01CC98EAE726DF4BAF73D2 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . C998B6D5E64E11CE8EA8BB22A51CA570 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . 4872C0DA25F551A3E869501833754494 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . 21B2247D24C8A61C12CD3BE8F3C30AC8 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-06-24 . 69AB1CE0E82B8F028EA1DBFD18948DA0 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 209A03C0EEF909DFCDCBB56C2BBF91CD . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 . 8C70EFE0C266BDBD654531900A753236 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-04-23 . 60942CB0B5CADF130FC1795F5FEEE8F5 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-03-01 . 716D486279235CF9B2C16E3D38B6381D . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 74F01522E75B943EA2BC6C0C20CCEA5F . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . 8B9C4948BE88BB7DF9CB4709422F6F9F . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 7A978C65E142C65E349C22E6D7E367E5 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . D7F894D0F9D7662366D1E0EE6800C771 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 5D9F03E82039EB2BACB33370A707A119 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . CD0B02B5A997750D9A6E56CFA02E9257 . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . E5D0E8D922C0809469EE5FDE294E9D48 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . E8EC18571090C12A013B83BA363364A4 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . B91AB1E55D77740D500BE0C4B2861844 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 07ABB2A695B8F91F7A12BE2BDD3E5932 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . CD2DFBDD8C553443DE0EC55552A512C4 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . E2F3DEBB0186D233F5354ADDBD12244E . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . 6B700997DA907ED2FD871FC75973986F . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[7] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[7] 2006-10-27 . 7C91F9D79EC63BEA7CCC23F58F2C7182 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-03-23 . 60567BC15560DDED9CA83D5275BA911A . 3076608 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-03-10 . EFE9BA6DB99D649532A75B52A39EF46D . 3010560 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\mshtml.dll
[-] 2005-03-10 . 243340D137D0B54CC5B440D7E4880B63 . 3011072 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\mshtml.dll
[-] 2005-01-27 . 28A254F37138CB3E6478E131B91314A3 . 3006976 . . [6.00.2900.2604] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\mshtml.dll
[-] 2005-01-27 . 19F79F718CABBFC3DAD25D7914D5601B . 3008000 . . [6.00.2900.2604] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\mshtml.dll

[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 78785EFF8CB90CEC1862A4CCFD9A3C3A . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 492E166CFD26A50FB9160DB536FF7D2B . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2qfe\user32.dll
[-] 2005-03-02 . 3751D7CF0E0A113D84414992146BCE6A . 578560 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2gdr\user32.dll

[7] 2010-02-25 . 7857131DA01250E02BEE64F1163F6159 . 916480 . . [8.00.6001.18904] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2010-02-25 . 0F8D6287627427C3D866EBB6421353D3 . 983040 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-02-25 . 0F8D6287627427C3D866EBB6421353D3 . 983040 . . [8.00.6001.18904] . . c:\windows\system32\wininet.dll
[-] 2010-02-25 . 0F8D6287627427C3D866EBB6421353D3 . 983040 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-02-25 . 3C41EB3A0EC8E2606B6C906993E11C29 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . F2A70583964128530B7E86B1A13023A7 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 5E3A3EB3BC5849BE4D5FE2B5F1869783 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 3426FBE495D1825D5C09C84D1E9361C1 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . 0A4248E124C88EDD1E0A93AE93E4DB6A . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 6B985F8E8ACE6A6424BE04A90C1E652A . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . 11DA6B380B94BAABCFD0854526AFC602 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 3B6D4582FADA3948593C56F96964FEFA . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 6E3E0C6060EFC8B855DFCBC7AE18B377 . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-12-20 . 2B5AE9ACD86E1B8B86D62E153DE130AB . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 . C3D4047626F8CC8EC7DD7558FA5CC2E2 . 826368 . . [7.00.6000.16791] . . c:\windows\ie8\wininet.dll
[7] 2008-10-16 . CBAAEBDFC6F9291D2D31E36FE1AD19AC . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-10-16 . 5A1F997EC096EF26F3A3880347F5F9D8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . E1F83BCC84D6223965D35AB06B63BBEB . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . B905F284F45675F3019413DFF055C666 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 . 7B28D5C8C5C075037F864256E4044B83 . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-06-23 . 4F08E6D8C9DDA8ED4346A1857849ADB3 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . 751EFBEC900CC4E4B41DB6E522B67D41 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . A5795741E53F72C4A2736BC51007A5D5 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-03-01 . 32FC70AC1EFFE28DB72FDF1DCC319E72 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-03-01 . A7B7383EC19F0C5EBD02CB7826C8488B . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . BA4D7D3098E2BA8AEA34A19BBECF9962 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . 16EF6865A405134CE64A3AA6CEF6C69F . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . FA5FA22E6F36F8453E9377810B3F9939 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 6A1AEF7B9E513ACB566B16B0BA133C7C . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . CAFC9797228843012CED767D24D8DCFC . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 283D85F8192FA54F2CA978B659965739 . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 17D39B59E2E3740058AE3FBCD432CEDE . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 0D58CEBD30684B481C8DF3DA69375410 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 26DB81279FED58D5199235C26D4836E2 . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 4E9436B0301B0451ED2FB29364AB090F . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . C601BD2849927D44F8549F720CFA14D3 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . 4EF1AE9A4D801AB63EC752478247BFCE . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2006-10-27 . 7CF0B0D5D9D47585853E2A6978441F64 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-03-04 . C91B7839095133064F9C898897F8D64C . 669184 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2005-03-10 . 0E2E035170CB6C3E0AD629C45BF3F71B . 662528 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\wininet.dll
[-] 2005-03-10 . 235D1D42C2D23FA1BC8A9EDB267FFE86 . 663552 . . [6.00.2900.2627] . . c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\wininet.dll
[-] 2005-01-27 . 5CABB0E97C9A19B2165DD189B04BD006 . 662528 . . [6.00.2900.2577] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\wininet.dll
[-] 2005-01-27 . D9460271895ADBB382769AF1FC701169 . 663552 . . [6.00.2900.2598] . . c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\wininet.dll

[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 64D320C0E301EEDC5A4ADBBDC5024F7F . 1036288 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 331ED93570BAF3CFE30340298762CD56 . 1036288 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" [2004-09-03 2596864]
"Dit"="Dit.exe" [2004-04-02 86016]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"DontSetAutoplayCheckbox"= 1 (0x1)
"NoAutorun"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"DontSetAutoplayCheckbox"= 1 (0x1)
"NoAutorun"= 1 (0x1)

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 08:06        178688        ----a-w-        c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 14:57        102400        ------w-        c:\programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50        155648        ----a-w-        c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        c:\programme\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
2005-06-27 13:32        278528        ----a-w-        c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"REGSHAVE"=c:\programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ISUSPM Startup"=c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\League of Legends\\Air\\LolClient.exe"=
"c:\\Programme\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\League of Legends\\lol.launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56608:TCP"= 56608:TCP:Pando Media Booster
"56608:UDP"= 56608:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher

R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [27.08.2004 16:18 102400]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [03.05.2005 20:35 10240]
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [19.03.2005 11:29 81408]
R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [12.11.2003 09:26 56064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [30.09.2009 19:59 135336]
R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [09.03.2003 18:41 102336]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [23.11.2004 18:20 13440]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys --> c:\windows\system32\Drivers\dsltestSp5.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [21.04.2007 14:05 1527900]
S3 GT680xNT;USB Scanner Driver;c:\windows\system32\drivers\gt680x.sys --> c:\windows\system32\drivers\gt680x.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 MRVW225;USB54M Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [26.10.2007 19:25 299776]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TSMPacket;DSL-Manager Service;c:\windows\system32\DRIVERS\tsmpkt.sys --> c:\windows\system32\DRIVERS\tsmpkt.sys [?]
S3 UPnPService;UPnPService;c:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [21.04.2007 14:04 544768]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://bit.ly/bxFzgb
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programme\PokerStars.NET\PokerStarsUpdate.exe
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
FF - ProfilePath - c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe
AddRemove-$NtUninstallWTF1012$ - c:\programme\$NtUninstallWTF1012$\elUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-10 19:50
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86429CE0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf743dcb8
\Driver\atapi -> 0x86429ce0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: VIA Rhine III Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7186bb0
 PacketIndicateHandler -> NDIS.sys @ 0xf7193a21
 SendHandler -> NDIS.sys @ 0xf717187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\wdigest.dll
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(604)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\HHVcdV5Sys\VC5SecS.exe
c:\windows\Dit.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-10  19:56:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-10 17:56
ComboFix2.txt  2010-06-08 15:35
ComboFix3.txt  2010-06-07 18:47

Vor Suchlauf: 32 Verzeichnis(se), 36.989.952.000 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 36.956.110.848 Bytes frei

- - End Of File - - 0140629E1A49D3632CFB8B5F8B37104A

--- --- ---


OTL.txt
OTL Logfile:
Code:

OTL logfile created on: 10.06.2010 20:01:13 - Run 6
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Eigene Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 602,00 Mb Available Physical Memory | 59,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 34,44 Gb Free Space | 46,21% Space Free | Partition Type: NTFS
Drive D: | 5,57 Gb Total Space | 4,94 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,41 Gb Free Space | 16,74% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHATZI
Current User Name: Jonas nur Spiele
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
PRC - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.14 04:22:45 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.10.28 17:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2004.04.02 14:31:06 | 000,086,016 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) -- C:\Programme\HHVcdV5Sys\VC5SecS.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009.01.07 19:20:28 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.02.24 15:30:50 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.04 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Programme\HHVcdV5Sys\VC5SecS.exe -- (VC5SecS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2010.06.10 19:51:30 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.02 00:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.20 19:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 20:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2005.12.21 17:44:28 | 000,299,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
DRV - [2005.12.20 12:42:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005.11.10 18:00:48 | 000,102,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.03.19 11:29:41 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.03 22:08:35 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004.08.03 22:08:29 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003.11.12 09:26:50 | 000,056,064 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBEV5MP.sys -- (vbev5mp)
DRV - [2003.09.11 00:36:53 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003.03.09 18:42:18 | 000,008,672 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscbs108.sys -- (uscbs108)
DRV - [2003.03.09 18:41:38 | 000,102,336 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscsc108.sys -- (uscsc108)
DRV - [2001.11.25 03:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB010B.SYS -- (FINEPIX_PCC)
DRV - [2001.08.17 13:11:05 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001.06.04 07:59:59 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000.01.08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://bit.ly/bxFzgb
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.02 18:02:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.09 15:53:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 12:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.16 12:05:46 | 000,000,000 | ---D | M]
 
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2010.06.09 22:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions
[2010.06.09 16:03:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007.12.22 17:13:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.14 19:36:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\personas@christopher.beard
[2010.06.09 22:39:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.09 15:53:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.09 15:53:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.11.01 15:42:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.01 15:42:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.01 15:42:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.01 15:42:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.01 15:42:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.10 19:50:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CmiCnfg.cpl (C-Media Corporation)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} hxxp://files.ea.com/downloads/rtpatch/v2/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101228590656 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.17 02:36:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.10 19:47:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.09 16:54:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Neuer Ordner
[2010.06.09 15:54:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.06.09 15:53:45 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.06.09 15:53:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.06.09 15:53:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.06.09 15:53:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.06.09 15:30:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Nvu
[2010.06.09 15:30:19 | 000,000,000 | ---D | C] -- C:\Programme\Nvu
[2010.06.08 20:37:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Malwarebytes
[2010.06.08 20:36:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.08 20:36:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.08 20:36:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.08 20:36:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.08 19:00:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Recent
[2010.06.07 22:04:36 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010.06.07 20:36:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2010.06.07 20:22:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.07 20:19:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.07 20:19:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.07 20:19:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.07 20:19:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.07 20:19:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.07 20:16:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.07 18:30:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.06 18:26:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
[2010.06.04 20:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla
[2010.06.04 17:01:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.04 15:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.02 15:54:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
[2010.06.02 15:54:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
[2010.06.02 15:54:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla
[2010.06.02 15:52:44 | 000,000,000 | ---D | C] -- C:\Programme\$NtUninstallWTF1012$
[2010.05.31 16:06:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
[2010.05.26 16:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
[2010.05.25 20:41:34 | 000,000,000 | ---D | C] -- C:\Programme\League of Legends
[2010.05.25 19:51:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\PMB Files
[2010.05.25 19:50:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.05.25 19:50:19 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2003.03.09 18:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll
[2003.03.09 18:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys
[2003.03.09 18:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.10 19:51:30 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010.06.10 19:50:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.10 19:50:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.10 19:50:00 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.10 19:49:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.10 19:49:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.10 19:48:25 | 009,437,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.dat
[2010.06.10 19:48:25 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.ini
[2010.06.10 19:48:21 | 019,282,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.10 19:33:28 | 003,705,521 | R--- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\ComboFix.exe
[2010.06.09 15:53:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.06.09 15:53:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.06.09 15:53:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.06.09 15:53:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.06.09 15:53:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.06.07 20:42:16 | 001,074,602 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.07 20:42:16 | 000,460,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.07 20:42:16 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.07 20:42:16 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.07 20:42:16 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.07 20:22:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.06.07 18:30:07 | 000,000,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Verknüpfung mit OTL.lnk
[2010.06.07 18:23:47 | 000,021,916 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.06 17:23:15 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.06.04 16:25:11 | 000,030,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.03 18:03:40 | 000,209,151 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.05.31 16:06:30 | 000,001,353 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.27 20:31:40 | 000,001,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:05:35 | 000,039,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:43 | 000,000,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
 
========== Files Created - No Company Name ==========
 
[2010.06.10 19:33:17 | 003,705,521 | R--- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\ComboFix.exe
[2010.06.07 20:22:26 | 000,000,256 | ---- | C] () -- C:\Boot.bak
[2010.06.07 20:22:21 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.07 20:19:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.07 20:19:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.07 20:19:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.07 20:19:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.07 20:19:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.07 18:30:07 | 000,000,503 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Verknüpfung mit OTL.lnk
[2010.06.07 17:25:19 | 000,021,916 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.06 20:00:19 | 000,016,565 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Kostenaufstellung.ods
[2010.06.06 20:00:19 | 000,011,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Fahrkostenabrechnung Teil 1 BG.odt
[2010.06.03 18:03:38 | 000,209,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.06.02 15:44:54 | 000,014,222 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\hs_err_pid3004.log
[2010.05.31 16:06:30 | 000,001,353 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.25 21:05:35 | 000,039,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:46 | 000,001,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:03:42 | 000,000,161 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
[2010.01.11 09:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.11.21 16:16:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.18 14:35:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.24 13:33:50 | 000,000,261 | ---- | C] () -- C:\WINDOWS\mp3merger.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.11.25 23:11:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.19 22:25:25 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\dtirc.dll
[2008.06.27 18:09:18 | 000,000,381 | ---- | C] () -- C:\WINDOWS\WISO.INI
[2008.06.08 13:38:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.06.08 13:37:39 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE V200DEFGIPSRUk.ini
[2008.03.20 18:53:13 | 000,000,034 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2008.03.20 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2008.03.20 18:52:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007.12.25 20:52:35 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.12.25 20:52:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.10.26 19:25:38 | 000,299,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\MRVW225.sys
[2007.06.07 21:35:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2007.05.07 19:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2007.05.05 14:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2007.05.05 14:48:07 | 000,000,868 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007.05.05 14:48:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2007.04.26 13:45:07 | 007,192,736 | ---- | C] () -- C:\WINDOWS\System32\vaengine.dll
[2007.04.10 15:02:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.03.23 17:25:24 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\stepbuttons.dll
[2007.03.23 17:25:24 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.02.22 19:46:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006.11.19 13:42:50 | 000,000,165 | ---- | C] () -- C:\WINDOWS\S3D.ini
[2006.04.19 16:51:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006.04.19 16:41:44 | 000,000,082 | ---- | C] () -- C:\WINDOWS\Pixel.ini
[2006.04.17 17:26:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2006.04.14 12:59:53 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2006.01.29 23:35:46 | 000,000,394 | ---- | C] () -- C:\WINDOWS\VideodeLuxe.INI
[2006.01.29 21:50:03 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.01.29 11:15:13 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006.01.05 17:41:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.01.01 21:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Demo.INI
[2005.12.13 22:22:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.10.11 19:41:40 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.09.25 16:12:59 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Kuss.ini
[2005.09.13 01:00:00 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005.09.13 01:00:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.09.13 01:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.09.13 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.08.08 20:47:33 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cddabase.ini
[2005.05.03 20:58:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DVDKeyAuth.dll
[2005.04.24 08:22:32 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2005.04.20 16:16:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.04.14 18:53:09 | 000,052,858 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys
[2005.04.09 15:39:37 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2005.04.09 15:18:53 | 000,000,195 | ---- | C] () -- C:\WINDOWS\clockwrx.ini
[2005.04.09 14:57:09 | 000,000,472 | ---- | C] () -- C:\WINDOWS\CUBIC.INI
[2005.04.09 12:08:24 | 000,001,498 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.04.02 20:22:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.03.19 11:29:41 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2005.03.13 16:29:01 | 000,000,041 | ---- | C] () -- C:\WINDOWS\DAVILEX.INI
[2004.11.23 20:14:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.11.23 18:20:57 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2004.11.17 03:24:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.DLL
[2004.11.17 03:24:50 | 000,003,488 | ---- | C] () -- C:\WINDOWS\CMIAINFO.SYS
[2004.11.17 03:24:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004.11.17 03:24:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004.11.17 03:24:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004.11.17 03:24:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2004.11.17 02:51:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004.11.17 02:40:25 | 000,000,871 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.11.17 02:34:46 | 001,343,768 | ---- | C] () -- C:\WINDOWS\System32\wuaueng.dll.wusetup.351484.bak
[2004.11.17 02:34:46 | 000,194,840 | ---- | C] () -- C:\WINDOWS\System32\wuaueng1.dll.wusetup.352812.bak
[2004.11.17 02:34:46 | 000,128,280 | ---- | C] () -- C:\WINDOWS\System32\wucltui.dll.wusetup.353078.bak
[2004.11.17 02:33:51 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.11.17 02:06:54 | 000,024,272 | ---- | C] () -- C:\WINDOWS\System32\netcty32.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002.06.20 12:46:00 | 007,190,528 | ---- | C] () -- C:\WINDOWS\System32\vaesaver.dll
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002.02.27 18:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2002.02.21 18:41:20 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll
[2000.10.16 16:16:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000.10.16 16:16:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[2000.03.29 23:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.08.11 16:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.07.29 18:27:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1999.05.21 22:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1998.01.28 01:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
< End of report >

--- --- ---

blabla 10.06.2010 19:03

Probleme inwiefern?

Wäre ich ansonsten clean?
Extras.txt
OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 10.06.2010 20:01:13 - Run 6
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Eigene Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 602,00 Mb Available Physical Memory | 59,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 34,44 Gb Free Space | 46,21% Space Free | Partition Type: NTFS
Drive D: | 5,57 Gb Total Space | 4,94 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,41 Gb Free Space | 16,74% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHATZI
Current User Name: Jonas nur Spiele
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56608:TCP" = 56608:TCP:*:Enabled:Pando Media Booster
"56608:UDP" = 56608:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56608:TCP" = 56608:TCP:*:Enabled:Pando Media Booster
"56608:UDP" = 56608:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6975:TCP" = 6975:TCP:*:Enabled:League of Legends Launcher
"6975:UDP" = 6975:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6944:TCP" = 6944:TCP:*:Enabled:League of Legends Launcher
"6944:UDP" = 6944:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Programme\League of Legends\lol.launcher.exe" = C:\Programme\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- (Solid State Networks)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{294EF51E-1453-4F42-8792-77DBFB47D0EC}" = Crazy Machines - Neue Herausforderungen
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{58809833-5E10-4EC7-9F87-DFCFB93E78E6}" = EU Screen Saver
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6419ED85-0F56-473E-9C65-5BFCA43402C0}" = VMXWizard beta
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{700AF45E-6BE8-4850-B3D2-37E3971710FD}" = WISO Haushaltsbuch 2008
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{82C6572B-F9E9-4149-82E3-EA062DB2C75C}" = DaViDeo onDVD
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}" = Crazy Machines
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2299186-2EFA-11D8-9E00-0004769EEFEB}" = Revenge
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B653515B-3228-9A8F-46EF-9572CC401031}" = Nero 7 Premium
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE5272C-CE7D-42D0-B531-D386F6E11774}" = Crazy Machines - Neue Herausforderungen Demo
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E358634B-F124-46FD-8618-C00D0E92B0D3}" = BMWi-Softwarepaket 9.3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL 2.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}" = GameShadow
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ArcSoft VideoImpression 16FP" = ArcSoft VideoImpression 1.6FP
"ASAPI Update" = ASAPI Update
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta_is1" = Audacity 1.3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Mouse" = Browser Mouse
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"ClearProg" = ClearProg 1.6.0 Final
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"EPSON PERFECTION V200 PHOTO Benutzerhandbuch" = EPSON PERFECTION V200 PHOTO Handbuch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESPR200 Referenzhandbuch" = ESPR200 Referenzhandbuch
"ESPR200 Softwarehandbuch" = ESPR200 Softwarehandbuch
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Foxit Reader" = Foxit Reader
"FreePascal_is1" = Free Pascal 2.4.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{82C6572B-F9E9-4149-82E3-EA062DB2C75C}" = DaViDeo onDVD
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Basic)
"League of Legends_is1" = League of Legends
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mapserver 3.2 COM-Module" = mapserver 3.2 COM-Module
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Tools 2.0" = NetShow Tools 3.0
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"Mp3tag" = Mp3tag v2.43
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights (Ahead Software)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nvu_is1" = Nvu 1.0
"Picasa 3" = Picasa 3
"PokerStars.net" = PokerStars.net
"PowerArchiver" = PowerArchiver
"PowerDVD" = PowerDVD
"PS2" = PS2
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.2
"Seven Remix XP" = Seven Remix XP 2.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VDMSound" = VDMSound
"VLC media player" = VLC media player 1.0.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2010 12:42:07 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:43:53 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:43:54 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:43:55 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 13:51:39 | Computer Name = SCHATZI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 07.06.2010 11:08:28 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 07.06.2010 11:10:09 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 07.06.2010 11:11:38 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 07.06.2010 11:18:47 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 09.06.2010 09:53:57 | Computer Name = SCHATZI | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 07.06.2010 12:52:11 | Computer Name = SCHATZI | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 07.06.2010 12:52:11 | Computer Name = SCHATZI | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 07.06.2010 14:28:23 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 07.06.2010 14:37:01 | Computer Name = SCHATZI | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_OULTRAF\0000" wurde ohne vorbereitende Maßnahmen
 vom System entfernt.
 
Error - 07.06.2010 14:39:10 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 09:45:59 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 09:53:01 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 11:07:12 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 11:16:08 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 10.06.2010 13:47:57 | Computer Name = SCHATZI | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_AVPRNZSN\0000" wurde ohne vorbereitende Maßnahmen
 vom System entfernt.
 
 
< End of report >

--- --- ---




dAmit kann ich grad nichts anfangen?!

Zitat:

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Larusso 11.06.2010 13:16

Ne noch nicht ganz -.-
Iwas läuft da mit und will sich nicht wirklich finden lassen.

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com - GeeksTogo.com
und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.
  • Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
    Danach wieder anstellen nicht vergessen!
  • Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
Anwendung
  1. Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument: (nutze den "alles auswählen" Button)
    Code:

    KillAll::

    FCopy::
    c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe | c:\windows\system32\winlogon.exe
    c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe | c:\windows\ServicePackFiles\i386\winlogon.exe
    c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll | c:\windows\ServicePackFiles\i386\comctl32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll | c:\windows\system32\comctl32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll | c:\windows\$NtServicePackUninstall$\comctl32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll | c:\windows\SoftwareDistribution\Download\e7d5f3dc50cc78c5a07ca9b24ee13a63\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll | c:\windows\SoftwareDistribution\Download\81b207e4d73b88e755fb591f47d88f3a\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\ServicePackFiles\i386\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\system32\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\system32\dllcache\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\ie7updates\KB947864-IE7\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\ie7updates\KB944533-IE7\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\ie7updates\KB942615-IE7\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\ie7updates\KB939653-IE7\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\ie7updates\KB937143-IE7\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\ie7updates\KB933566-IE7\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll | c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\mshtml.dll
    c:\windows\NiwradSoft Shell Pack\Backup\user32.dll | c:\windows\ServicePackFiles\i386\user32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\user32.dll | c:\windows\system32\user32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\user32.dll | c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\user32.dll | c:\windows\$NtServicePackUninstall$\user32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\user32.dll | c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2qfe\user32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\user32.dll | c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2gdr\user32.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\ServicePackFiles\i386\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\system32\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\system32\dllcache\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\ie7updates\KB947864-IE7\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\ie7updates\KB944533-IE7\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\ie7updates\KB942615-IE7\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\ie7updates\KB939653-IE7\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\ie7updates\KB937143-IE7\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\ie7updates\KB933566-IE7\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll | c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\wininet.dll
    c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe | c:\windows\explorer.exe
    c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe | c:\windows\ServicePackFiles\i386\explorer.exe
    c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe | c:\windows\$NtServicePackUninstall$\explorer.exe
    c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe | c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe | c:\windows\ServicePackFiles\i386\ctfmon.exe
    c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe | c:\windows\$NtServicePackUninstall$\ctfmon.exe
    MBR::

  2. Speichere dies als CFScript.txt auf Deinem Desktop
    .
    http://i266.photobucket.com/albums/i.../CFScriptB.gif
    .
  3. In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  4. Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

blabla 11.06.2010 14:08

hier die Logdatei
Combofix Logfile:
Code:

ComboFix 10-06-10.04 - Jonas nur Spiele 11.06.2010  14:56:44.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.621 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Jonas nur Spiele\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Jonas nur Spiele\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe --> c:\windows\ServicePackFiles\i386\winlogon.exe
c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll --> c:\windows\ServicePackFiles\i386\comctl32.dll
c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll --> c:\windows\system32\comctl32.dll
c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll --> c:\windows\$NtServicePackUninstall$\comctl32.dll
c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll --> c:\windows\SoftwareDistribution\Download\e7d5f3dc50cc78c5a07ca9b24ee13a63\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll --> c:\windows\SoftwareDistribution\Download\81b207e4d73b88e755fb591f47d88f3a\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\ServicePackFiles\i386\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\system32\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\system32\dllcache\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\ie7updates\KB947864-IE7\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\ie7updates\KB944533-IE7\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\ie7updates\KB942615-IE7\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\ie7updates\KB939653-IE7\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\ie7updates\KB937143-IE7\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\ie7updates\KB933566-IE7\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\mshtml.dll
c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\ServicePackFiles\i386\user32.dll
c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\system32\user32.dll
c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\$NtServicePackUninstall$\user32.dll
c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2qfe\user32.dll
c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\SoftwareDistribution\Download\6f667da50bb6ed52a71fae1f7f60833d\sp2gdr\user32.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\ServicePackFiles\i386\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\system32\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\system32\dllcache\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\ie7updates\KB947864-IE7\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\ie7updates\KB944533-IE7\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\ie7updates\KB942615-IE7\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\ie7updates\KB939653-IE7\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\ie7updates\KB937143-IE7\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\ie7updates\KB933566-IE7\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2gdr\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\SoftwareDistribution\Download\2f38e2f82437bdec6ae09cb7068d115b\sp2qfe\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2gdr\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\SoftwareDistribution\Download\1179fdacaf30ac4fd417b6324d828e12\sp2qfe\wininet.dll
c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\explorer.exe
c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\ServicePackFiles\i386\explorer.exe
c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\$NtServicePackUninstall$\explorer.exe
c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe --> c:\windows\ServicePackFiles\i386\ctfmon.exe
c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe --> c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((  Dateien erstellt von 2010-05-11 bis 2010-06-11  ))))))))))))))))))))))))))))))
.

2010-06-10 18:31 . 2010-05-06 10:31        743424        -c----w-        c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 13:54 . 2010-06-09 13:54        503808        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2a3ee72a-n\msvcp71.dll
2010-06-09 13:54 . 2010-06-09 13:54        499712        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2a3ee72a-n\jmc.dll
2010-06-09 13:54 . 2010-06-09 13:54        348160        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2a3ee72a-n\msvcr71.dll
2010-06-09 13:53 . 2010-06-09 13:53        61440        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3714b726-n\decora-sse.dll
2010-06-09 13:53 . 2010-06-09 13:53        12800        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3714b726-n\decora-d3d.dll
2010-06-09 13:53 . 2010-06-09 13:53        411368        ----a-w-        c:\windows\system32\deployJava1.dll
2010-06-09 13:30 . 2010-06-09 13:30        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Nvu
2010-06-09 13:30 . 2010-06-09 13:30        --------        d-----w-        c:\programme\Nvu
2010-06-08 18:37 . 2010-06-08 18:37        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Malwarebytes
2010-06-08 18:36 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-08 18:36 . 2010-06-08 18:36        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-08 18:36 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-06-08 18:36 . 2010-06-08 18:36        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-06-07 20:04 . 2010-06-08 13:50        --------        d-----w-        C:\HelpAsst_backup
2010-06-07 18:36 . 2008-04-14 02:22        39424        ----a-w-        c:\windows\system32\grpconv.exe
2010-06-07 16:30 . 2010-06-07 16:30        --------        d-----w-        C:\_OTL
2010-06-06 16:26 . 2010-06-06 16:26        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
2010-06-04 13:48 . 2010-06-04 13:48        --------        d-----w-        c:\programme\Trend Micro
2010-06-02 14:01 . 2010-06-02 14:01        --------        d-sh--w-        c:\dokumente und einstellungen\NetworkService\IETldCache
2010-06-02 13:54 . 2010-06-02 13:54        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Sky-Banners
2010-06-02 13:54 . 2010-06-02 13:54        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Street-Ads
2010-06-02 13:54 . 2010-06-04 13:41        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla
2010-06-02 13:52 . 2010-06-02 13:52        --------        d-sh--w-        c:\windows\system32\config\systemprofile\IETldCache
2010-06-02 13:52 . 2010-06-09 17:10        --------        d-----w-        c:\programme\$NtUninstallWTF1012$
2010-05-31 14:06 . 2010-06-10 18:24        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
2010-05-26 14:38 . 2010-05-26 14:38        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
2010-05-25 18:41 . 2010-06-10 18:25        --------        d-----w-        c:\programme\League of Legends
2010-05-25 17:51 . 2010-05-25 19:52        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\PMB Files
2010-05-25 17:50 . 2010-05-25 17:53        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PMB Files
2010-05-25 17:50 . 2010-05-25 17:50        --------        d-----w-        c:\programme\Pando Networks

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 12:55 . 2004-11-23 16:20        13440        ----a-w-        c:\windows\system32\drivers\USBCRFT.SYS
2010-06-10 19:44 . 2004-11-17 00:07        460664        ----a-w-        c:\windows\system32\perfh007.dat
2010-06-10 19:44 . 2004-11-17 00:07        85396        ----a-w-        c:\windows\system32\perfc007.dat
2010-06-09 13:54 . 2005-03-13 13:09        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java
2010-06-09 13:53 . 2005-03-13 13:09        --------        d-----w-        c:\programme\Java
2010-06-09 13:51 . 2008-10-19 14:16        1        ----a-w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-08 19:50 . 2008-10-14 18:50        1        ----a-w-        c:\dokumente und einstellungen\Utily\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-06 16:18 . 2008-09-27 16:52        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Skype
2010-06-06 15:23 . 2008-09-27 16:53        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\skypePM
2010-05-08 15:33 . 2009-07-23 12:51        --------        d-----w-        c:\programme\Warcraft III
2010-05-04 15:56 . 2009-08-12 12:48        149772        ----a-w-        c:\windows\War3Unin.dat
2010-05-02 08:05 . 2004-11-17 00:07        1851392        ----a-w-        c:\windows\system32\win32k.sys
2010-04-24 11:39 . 2010-04-10 13:59        --------        d-----w-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\DeskSoft
2010-04-20 05:29 . 2004-11-17 00:06        285696        ----a-w-        c:\windows\system32\atmfd.dll
2010-04-16 10:09 . 2010-04-16 10:08        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-16 10:05 . 2007-01-05 17:03        --------        d-----w-        c:\programme\QuickTime Alternative
2010-04-16 10:02 . 2010-04-16 10:02        --------        d-----w-        c:\programme\Bonjour
2010-04-12 16:34 . 2004-11-17 00:07        219136        ----a-w-        c:\windows\system32\uxtheme.dll
2010-04-12 16:20 . 2010-04-12 16:20        --------        d-----w-        c:\programme\Web
2010-04-12 16:20 . 2010-04-12 16:20        --------        d-----w-        c:\programme\Resources
2010-03-21 13:29 . 2010-03-21 13:29        8192        ----a-r-        c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Microsoft\Installer\{E358634B-F124-46FD-8618-C00D0E92B0D3}\IconE358634B.exe
2008-02-26 07:43 . 2008-05-13 10:46        1663        ----a-w-        c:\programme\file_id.diz
2008-02-26 06:39 . 2008-05-13 10:46        1440147        ----a-w-        c:\programme\streamdown.exe
1997-05-13 11:22 . 2005-04-02 18:55        4216        ----a-w-        c:\programme\Readme.txt
1997-03-27 13:50 . 2005-04-02 18:55        7107        ----a-w-        c:\programme\Faq_uk.txt
2008-04-14 02:22 . 2010-04-12 16:40        60416        --sha-w-        c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe
2006-11-03 08:56 . 2010-04-12 16:40        64000        --sha-w-        c:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.

------- Sigcheck -------

[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" [2004-09-03 2596864]
"Dit"="Dit.exe" [2004-04-02 86016]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"DontSetAutoplayCheckbox"= 1 (0x1)
"NoAutorun"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"DontSetAutoplayCheckbox"= 1 (0x1)
"NoAutorun"= 1 (0x1)

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 08:06        178688        ----a-w-        c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 14:57        102400        ------w-        c:\programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50        155648        ----a-w-        c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        c:\programme\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
2005-06-27 13:32        278528        ----a-w-        c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"REGSHAVE"=c:\programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ISUSPM Startup"=c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\League of Legends\\Air\\LolClient.exe"=
"c:\\Programme\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56608:TCP"= 56608:TCP:Pando Media Booster
"56608:UDP"= 56608:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher

R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [27.08.2004 16:18 102400]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [03.05.2005 20:35 10240]
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [19.03.2005 11:29 81408]
R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [12.11.2003 09:26 56064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [30.09.2009 19:59 135336]
R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [09.03.2003 18:41 102336]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [23.11.2004 18:20 13440]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys --> c:\windows\system32\Drivers\dsltestSp5.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [21.04.2007 14:05 1527900]
S3 GT680xNT;USB Scanner Driver;c:\windows\system32\drivers\gt680x.sys --> c:\windows\system32\drivers\gt680x.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 MRVW225;USB54M Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [26.10.2007 19:25 299776]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TSMPacket;DSL-Manager Service;c:\windows\system32\DRIVERS\tsmpkt.sys --> c:\windows\system32\DRIVERS\tsmpkt.sys [?]
S3 UPnPService;UPnPService;c:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [21.04.2007 14:04 544768]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://bit.ly/bxFzgb
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programme\PokerStars.NET\PokerStarsUpdate.exe
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
FF - ProfilePath - c:\dokumente und einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\programme\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-11 15:06
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86161348]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf743dcb8
\Driver\atapi -> 0x86161348
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: VIA Rhine III Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf72bdbb0
 PacketIndicateHandler -> NDIS.sys @ 0xf72caa21
 SendHandler -> NDIS.sys @ 0xf72a887b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\wdigest.dll
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(2548)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\HHVcdV5Sys\VC5SecS.exe
c:\windows\Dit.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-11  15:11:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-11 13:11
ComboFix2.txt  2010-06-10 17:56
ComboFix3.txt  2010-06-08 15:35
ComboFix4.txt  2010-06-07 18:47

Vor Suchlauf: 32 Verzeichnis(se), 36.154.286.080 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 35.867.152.384 Bytes frei

- - End Of File - - 20E141A95CC91704326ABC2CBE8A4A53

--- --- ---

Larusso 11.06.2010 16:38

:wallbash:

Fehler im Skript

Bitte folgendes erneut als CFScript.txt speichern und wie vorher verwenden
Code:

KillAll:
FCopy::
c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe | c:\windows\system32\ctfmon.exe

Schritt 2

Lade Dir bitte Gmer neu herunter und führe es laut Anweisung aus.

blabla 13.06.2010 20:32

hier die combofix
hxxp://www.file-upload.net/download-2597215/ComboFix.txt.html

war zu lang

blabla 13.06.2010 21:28

hier die gmer log.txt
GMER Logfile:
Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-13 22:28:18
Windows 5.1.2600 Service Pack 3
Running: 7r721k1l.exe; Driver: C:\DOKUME~1\JONASN~1\LOKALE~1\Temp\fxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT            F7BB57D6                                                                ZwCreateKey
SSDT            F7BB57CC                                                                ZwCreateThread
SSDT            F7BB57DB                                                                ZwDeleteKey
SSDT            F7BB57E5                                                                ZwDeleteValueKey
SSDT            F7BB57EA                                                                ZwLoadKey
SSDT            F7BB57B8                                                                ZwOpenProcess
SSDT            F7BB57BD                                                                ZwOpenThread
SSDT            F7BB57F4                                                                ZwReplaceKey
SSDT            F7BB57EF                                                                ZwRestoreKey
SSDT            F7BB57E0                                                                ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!_abnormal_termination + 1D4                                804E2840 4 Bytes  JMP B8F7BB57
.text          C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                section is writeable [0xF6CD8000, 0x1B601E, 0xE8000020]
.text          C:\WINDOWS\system32\drivers\SSHDRV86.sys                                section is writeable [0xEE726000, 0x26354, 0xE8000020]
.pklstb        C:\WINDOWS\system32\drivers\SSHDRV86.sys                                entry point in ".pklstb" section [0xEE75B000]
.relo2          C:\WINDOWS\system32\drivers\SSHDRV86.sys                                unknown last section [0xEE772000, 0x8E, 0x42000040]
?              C:\DOKUME~1\JONASN~1\LOKALE~1\Temp\mbr.sys                              Das System kann die angegebene Datei nicht finden. !
?              C:\ComboFix\catchme.sys                                                  Das System kann den angegebenen Pfad nicht finden. !
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                              Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                  SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)

Device          \Driver\Cdrom \Device\CdRom0                                            86B49870
Device          \Driver\Cdrom \Device\CdRom1                                            86B49870
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                              86B3A458
Device          \Driver\atapi \Device\Ide\IdePort0                                      86B3A458
Device          \Driver\atapi \Device\Ide\IdePort1                                      86B3A458
Device          \Driver\atapi \Device\Ide\IdePort2                                      86B3A458
Device          \Driver\atapi \Device\Ide\IdePort3                                      86B3A458
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-13                            86B3A458
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-1b                            86B3A458
Device          \Driver\Cdrom \Device\CdRom2                                            86B49870
Device          \Driver\Cdrom \Device\CdRom3                                            86B49870
Device          \Driver\Cdrom \Device\CdRom4                                            86B49870
Device          \Driver\Cdrom \Device\CdRom5                                            86B49870
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1Port4Path0Target0Lun0              864BC150
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1Port4Path0Target2Lun0              864BC150
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1Port4Path0Target3Lun0              864BC150
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1Port4Path0Target1Lun0              864BC150
Device          \Driver\vbev5mp \Device\Scsi\vbev5mp1                                    864BC150

AttachedDevice  \FileSystem\Fastfat \Fat                                                SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice  \FileSystem\Fastfat \Fat                                                fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdawdm\ParaMeters\PnpInterface@1  1
Reg            HKLM\SYSTEM\ControlSet002\Services\cdawdm\ParaMeters\PnpInterface@1      1

---- EOF - GMER 1.0.15 ----

--- --- ---

Larusso 14.06.2010 19:08

Sieht alles gut aus. Noch Probleme ?

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt

blabla 14.06.2010 21:01

ja er könnte noch schneller sein :)
ein paar tricks nachdem ich dir jetzt meinen ganzen PC veröffentlicht hab :)
OTL Logfile:
OTL EXTRAS Logfile:
Code:

OTL logfile created on: 14.06.2010 21:53:13 - Run 7
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Eigene Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 725,00 Mb Available Physical Memory | 71,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 33,52 Gb Free Space | 44,98% Space Free | Partition Type: NTFS
Drive D: | 5,57 Gb Total Space | 4,94 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,41 Gb Free Space | 16,74% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHATZI
Current User Name: Jonas nur Spiele
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
PRC - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.10.28 17:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2004.04.02 14:31:06 | 000,086,016 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) -- C:\Programme\HHVcdV5Sys\VC5SecS.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.07 17:27:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Eigene Downloads\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.19 19:07:07 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009.01.07 19:20:28 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008.11.19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.02.24 15:30:50 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.04 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2003.11.07 09:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Programme\HHVcdV5Sys\VC5SecS.exe -- (VC5SecS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.06.14 20:08:21 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.02 00:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.20 19:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 20:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2005.12.21 17:44:28 | 000,299,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
DRV - [2005.12.20 12:42:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005.11.10 18:00:48 | 000,102,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.03.19 11:29:41 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.03 22:08:35 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004.08.03 22:08:29 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003.11.12 09:26:50 | 000,056,064 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBEV5MP.sys -- (vbev5mp)
DRV - [2003.09.11 00:36:53 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003.03.09 18:42:18 | 000,008,672 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscbs108.sys -- (uscbs108)
DRV - [2003.03.09 18:41:38 | 000,102,336 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscsc108.sys -- (uscsc108)
DRV - [2001.11.25 03:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB010B.SYS -- (FINEPIX_PCC)
DRV - [2001.08.17 13:11:05 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001.06.04 07:59:59 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000.01.08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://bit.ly/bxFzgb
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.02 18:02:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.09 15:53:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 12:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.16 12:05:46 | 000,000,000 | ---D | M]
 
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions
[2008.11.21 16:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2010.06.13 22:38:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions
[2010.06.09 16:03:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007.12.22 17:13:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.14 19:36:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Mozilla\Firefox\Profiles\yl2znjtz.default\extensions\personas@christopher.beard
[2010.06.13 22:38:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.09 15:53:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.09 15:53:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.11.01 15:42:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.01 15:42:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.01 15:42:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.01 15:42:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.01 15:42:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.13 21:25:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CmiCnfg.cpl (C-Media Corporation)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} hxxp://files.ea.com/downloads/rtpatch/v2/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101228590656 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.17 02:36:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.14 15:48:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.06.14 15:47:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.13 11:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.10 20:31:09 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.06.09 16:54:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Neuer Ordner
[2010.06.09 15:54:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.06.09 15:53:45 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.06.09 15:53:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.06.09 15:53:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.06.09 15:53:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.06.09 15:30:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Nvu
[2010.06.09 15:30:19 | 000,000,000 | ---D | C] -- C:\Programme\Nvu
[2010.06.08 20:37:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Malwarebytes
[2010.06.08 20:36:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.08 20:36:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.08 20:36:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.08 20:36:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.08 19:00:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Recent
[2010.06.07 22:04:36 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010.06.07 20:36:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2010.06.07 20:22:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.07 20:19:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.07 20:19:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.07 20:19:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.07 20:19:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.07 20:19:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.07 20:16:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.07 18:30:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.06 18:26:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\Uniblue
[2010.06.04 20:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla
[2010.06.04 17:01:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.04 15:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.02 15:54:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla
[2010.06.02 15:52:44 | 000,000,000 | ---D | C] -- C:\Programme\$NtUninstallWTF1012$
[2010.05.31 16:06:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
[2010.05.26 16:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Anwendungsdaten\LolClient
[2010.05.25 20:41:34 | 000,000,000 | ---D | C] -- C:\Programme\League of Legends
[2010.05.25 19:51:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\PMB Files
[2010.05.25 19:50:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.05.25 19:50:19 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2003.03.09 18:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll
[2003.03.09 18:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys
[2003.03.09 18:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.14 20:08:23 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.14 20:08:21 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010.06.14 20:07:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.14 20:07:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.14 18:30:28 | 009,437,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.dat
[2010.06.14 18:30:28 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\ntuser.ini
[2010.06.14 18:30:16 | 019,283,944 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.13 21:25:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.13 21:25:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.12 19:03:28 | 000,202,278 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11315-2010-06-12 19_03_23.562500.dmp
[2010.06.11 16:41:51 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.06.11 14:40:28 | 000,430,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.10 22:47:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.10 21:44:53 | 000,460,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.10 21:44:53 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.10 21:44:53 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.10 21:44:52 | 001,029,698 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.10 21:44:52 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.09 15:53:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.06.09 15:53:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.06.09 15:53:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.06.09 15:53:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.06.09 15:53:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.06.07 20:22:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.06.07 18:30:07 | 000,000,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Verknüpfung mit OTL.lnk
[2010.06.07 18:23:47 | 000,021,916 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.04 16:25:11 | 000,030,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.03 18:03:40 | 000,209,151 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.05.31 16:06:30 | 000,001,353 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.27 20:31:40 | 000,001,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:05:35 | 000,039,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:43 | 000,000,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
 
========== Files Created - No Company Name ==========
 
[2010.06.12 19:03:23 | 000,202,278 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11315-2010-06-12 19_03_23.562500.dmp
[2010.06.10 20:32:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.06.07 20:22:26 | 000,000,256 | ---- | C] () -- C:\Boot.bak
[2010.06.07 20:22:21 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.07 20:19:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.07 20:19:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.07 20:19:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.07 20:19:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.07 20:19:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.07 18:30:07 | 000,000,503 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Verknüpfung mit OTL.lnk
[2010.06.07 17:25:19 | 000,021,916 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Musik.odt
[2010.06.07 16:51:11 | 000,062,917 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage02.jpg
[2010.06.06 20:00:19 | 000,016,565 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Kostenaufstellung.ods
[2010.06.06 20:00:19 | 000,011,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Fahrkostenabrechnung Teil 1 BG.odt
[2010.06.03 18:03:38 | 000,209,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Eigene Dateien\ts3_clientui-win32-11239-2010-06-03 18_03_38.343750.dmp
[2010.06.02 15:44:54 | 000,014,222 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\hs_err_pid3004.log
[2010.05.31 16:06:30 | 000,001,353 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\TeamSpeak 3 Client.lnk
[2010.05.25 21:05:35 | 000,039,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\Zwischenablage01.jpg
[2010.05.25 21:03:46 | 000,001,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\bla.html
[2010.05.25 21:03:42 | 000,000,161 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas nur Spiele\Desktop\test.html
[2010.05.25 20:50:23 | 000,001,637 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
[2010.01.11 09:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.11.21 16:16:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.18 14:35:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.24 13:33:50 | 000,000,261 | ---- | C] () -- C:\WINDOWS\mp3merger.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.11.25 23:11:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.19 22:25:25 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\dtirc.dll
[2008.06.27 18:09:18 | 000,000,381 | ---- | C] () -- C:\WINDOWS\WISO.INI
[2008.06.08 13:38:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.06.08 13:37:39 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE V200DEFGIPSRUk.ini
[2008.03.20 18:53:13 | 000,000,034 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2008.03.20 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2008.03.20 18:52:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007.12.25 20:52:35 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.12.25 20:52:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.10.26 19:25:38 | 000,299,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\MRVW225.sys
[2007.06.07 21:35:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2007.05.07 19:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2007.05.05 14:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2007.05.05 14:48:07 | 000,000,868 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007.05.05 14:48:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2007.04.26 13:45:07 | 007,192,736 | ---- | C] () -- C:\WINDOWS\System32\vaengine.dll
[2007.04.10 15:02:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.03.23 17:25:24 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\stepbuttons.dll
[2007.03.23 17:25:24 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.02.22 19:46:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006.11.19 13:42:50 | 000,000,165 | ---- | C] () -- C:\WINDOWS\S3D.ini
[2006.04.19 16:51:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006.04.19 16:41:44 | 000,000,082 | ---- | C] () -- C:\WINDOWS\Pixel.ini
[2006.04.17 17:26:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2006.04.14 12:59:53 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2006.01.29 23:35:46 | 000,000,394 | ---- | C] () -- C:\WINDOWS\VideodeLuxe.INI
[2006.01.29 21:50:03 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.01.29 11:15:13 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006.01.05 17:41:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.01.01 21:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Demo.INI
[2005.12.13 22:22:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.10.11 19:41:40 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.09.25 16:12:59 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Kuss.ini
[2005.09.13 01:00:00 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005.09.13 01:00:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.09.13 01:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.09.13 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.08.08 20:47:33 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cddabase.ini
[2005.05.03 20:58:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DVDKeyAuth.dll
[2005.04.24 08:22:32 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2005.04.20 16:16:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.04.14 18:53:09 | 000,052,858 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys
[2005.04.09 15:39:37 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2005.04.09 15:18:53 | 000,000,195 | ---- | C] () -- C:\WINDOWS\clockwrx.ini
[2005.04.09 14:57:09 | 000,000,472 | ---- | C] () -- C:\WINDOWS\CUBIC.INI
[2005.04.09 12:08:24 | 000,001,498 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.04.02 20:22:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.03.19 11:29:41 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2005.03.13 16:29:01 | 000,000,041 | ---- | C] () -- C:\WINDOWS\DAVILEX.INI
[2004.11.23 20:14:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.11.23 18:20:57 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2004.11.17 03:24:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.DLL
[2004.11.17 03:24:50 | 000,003,488 | ---- | C] () -- C:\WINDOWS\CMIAINFO.SYS
[2004.11.17 03:24:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004.11.17 03:24:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004.11.17 03:24:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004.11.17 03:24:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2004.11.17 02:51:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004.11.17 02:40:25 | 000,000,871 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.11.17 02:34:46 | 001,343,768 | ---- | C] () -- C:\WINDOWS\System32\wuaueng.dll.wusetup.351484.bak
[2004.11.17 02:34:46 | 000,194,840 | ---- | C] () -- C:\WINDOWS\System32\wuaueng1.dll.wusetup.352812.bak
[2004.11.17 02:34:46 | 000,128,280 | ---- | C] () -- C:\WINDOWS\System32\wucltui.dll.wusetup.353078.bak
[2004.11.17 02:33:51 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.11.17 02:06:54 | 000,024,272 | ---- | C] () -- C:\WINDOWS\System32\netcty32.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002.06.20 12:46:00 | 007,190,528 | ---- | C] () -- C:\WINDOWS\System32\vaesaver.dll
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002.02.27 18:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2002.02.21 18:41:20 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll
[2000.10.16 16:16:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000.10.16 16:16:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[2000.03.29 23:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.08.11 16:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.07.29 18:27:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1999.05.21 22:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1998.01.28 01:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
< End of report >

--- --- ---

--- --- ---

OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 14.06.2010 22:12:57 - Run 7
OTL by OldTimer - Version 3.2.5.3    Folder = C:\Eigene Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 680,00 Mb Available Physical Memory | 66,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 33,52 Gb Free Space | 44,98% Space Free | Partition Type: NTFS
Drive D: | 5,57 Gb Total Space | 4,94 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,41 Gb Free Space | 16,74% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHATZI
Current User Name: Jonas nur Spiele
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56608:TCP" = 56608:TCP:*:Enabled:Pando Media Booster
"56608:UDP" = 56608:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56608:TCP" = 56608:TCP:*:Enabled:Pando Media Booster
"56608:UDP" = 56608:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6975:TCP" = 6975:TCP:*:Enabled:League of Legends Launcher
"6975:UDP" = 6975:UDP:*:Enabled:League of Legends Launcher
"6944:TCP" = 6944:TCP:*:Enabled:League of Legends Launcher
"6944:UDP" = 6944:UDP:*:Enabled:League of Legends Launcher
"6895:TCP" = 6895:TCP:*:Enabled:League of Legends Launcher
"6895:UDP" = 6895:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{294EF51E-1453-4F42-8792-77DBFB47D0EC}" = Crazy Machines - Neue Herausforderungen
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{58809833-5E10-4EC7-9F87-DFCFB93E78E6}" = EU Screen Saver
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6419ED85-0F56-473E-9C65-5BFCA43402C0}" = VMXWizard beta
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{700AF45E-6BE8-4850-B3D2-37E3971710FD}" = WISO Haushaltsbuch 2008
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{82C6572B-F9E9-4149-82E3-EA062DB2C75C}" = DaViDeo onDVD
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}" = Crazy Machines
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2299186-2EFA-11D8-9E00-0004769EEFEB}" = Revenge
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B653515B-3228-9A8F-46EF-9572CC401031}" = Nero 7 Premium
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE5272C-CE7D-42D0-B531-D386F6E11774}" = Crazy Machines - Neue Herausforderungen Demo
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E358634B-F124-46FD-8618-C00D0E92B0D3}" = BMWi-Softwarepaket 9.3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL 2.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}" = GameShadow
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ArcSoft VideoImpression 16FP" = ArcSoft VideoImpression 1.6FP
"ASAPI Update" = ASAPI Update
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta_is1" = Audacity 1.3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Mouse" = Browser Mouse
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"ClearProg" = ClearProg 1.6.0 Final
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"EPSON PERFECTION V200 PHOTO Benutzerhandbuch" = EPSON PERFECTION V200 PHOTO Handbuch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESPR200 Referenzhandbuch" = ESPR200 Referenzhandbuch
"ESPR200 Softwarehandbuch" = ESPR200 Softwarehandbuch
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Foxit Reader" = Foxit Reader
"FreePascal_is1" = Free Pascal 2.4.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{82C6572B-F9E9-4149-82E3-EA062DB2C75C}" = DaViDeo onDVD
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Basic)
"League of Legends_is1" = League of Legends
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mapserver 3.2 COM-Module" = mapserver 3.2 COM-Module
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Tools 2.0" = NetShow Tools 3.0
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"Mp3tag" = Mp3tag v2.43
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights (Ahead Software)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nvu_is1" = Nvu 1.0
"Picasa 3" = Picasa 3
"PokerStars.net" = PokerStars.net
"PowerArchiver" = PowerArchiver
"PowerDVD" = PowerDVD
"PS2" = PS2
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.2
"Seven Remix XP" = Seven Remix XP 2.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VDMSound" = VDMSound
"VLC media player" = VLC media player 1.0.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2010 12:42:07 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:43:53 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:43:54 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 12:43:55 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 06.06.2010 13:51:39 | Computer Name = SCHATZI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 07.06.2010 11:08:28 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 07.06.2010 11:10:09 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 07.06.2010 11:11:38 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 07.06.2010 11:18:47 | Computer Name = SCHATZI | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
 mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
 
Error - 09.06.2010 09:53:57 | Computer Name = SCHATZI | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 07.06.2010 12:52:11 | Computer Name = SCHATZI | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 07.06.2010 12:52:11 | Computer Name = SCHATZI | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 07.06.2010 14:28:23 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 07.06.2010 14:37:01 | Computer Name = SCHATZI | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_OULTRAF\0000" wurde ohne vorbereitende Maßnahmen
 vom System entfernt.
 
Error - 07.06.2010 14:39:10 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 09:45:59 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 09:53:01 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 11:07:12 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.06.2010 11:16:08 | Computer Name = SCHATZI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 10.06.2010 13:47:57 | Computer Name = SCHATZI | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_AVPRNZSN\0000" wurde ohne vorbereitende Maßnahmen
 vom System entfernt.
 
 
< End of report >

--- --- ---

Larusso 15.06.2010 14:45

Schneller ? :uglyhammer:

Sie dir mal deine Installierten Programme an ;)

Kannst Du mir zu folgendem Ordner was sagen?
C:\Dokumente und Einstellungen\Jonas nur Spiele\Lokale Einstellungen\Anwendungsdaten\tpyqislla


Schau mal was sich darin befindet.

blabla 15.06.2010 16:05

nichts :daumenhoc:
gelöscht :)

achja nochmal großes :dankeschoen:für alles :)

Larusso 15.06.2010 16:23

Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Windows + R Taste --> helpasst -cleanup (eingeben) --> OK


Schritt 2

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.


Schritt 3

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 4

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 5

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 6

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

blabla 15.06.2010 16:39

fix und fertig :daumenhoc

blabla 13.07.2010 14:10

ich will das theman löschen bitte hilfe^^


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131