Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antivir findet drop.agent.bsbe (https://www.trojaner-board.de/87363-antivir-findet-drop-agent-bsbe.html)

-max- 20.06.2010 15:32
Antivir findet drop.agent.bsbe
 
Hallo,

mein problem ist, dass ich mir vor einiger zeit einen virus gedownloadet und auch ausgeführt habe. Erst hat der PC die BenutzerkontrollSteuerung oder wie das heißt, von win 7 deaktiviert. Antivir, hat das zum glück sofort gemeldet und den virus in die Quarantäne verschoben. Ich habe die Benutzerkontensteuerung wieder aktiviert und kann den PC normal benutzen. Aber heute hat antivir schon wieder 4 viren gefunden. D.h. der virus ist noch da, aber macht zurzeit nichts.


Da ich ihn jedoch gerne loswerden würde, bitte ich euch um hilfe.

Hier der log:

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:20, on 20.06.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Max\Downloads\HiJackThis204.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://questler.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted IP range: hxxp://192.168.178.1
O15 - ESC Trusted IP range: hxxp://192.168.178.1
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10623 bytes
Der virus war immer im verzeichniss:


C:Windows/SYSWOW64
Der name war immer eine zufällige kombination von buchstaben:
zaqsku.exe
yuzaza.exe
usw.

p.s. ich möchte windows nur sehr ungerne neu aufsetzen müssen, da ich keine windows cd habe(nur key), und auch keien funktionierende sicherheitskopie ( als ich anfangs dazu aufgefordert wurde, ging der brennvorgang bei cd 3 schief, und ich hatte keien rohlinge mehr.)

cosinus 20.06.2010 18:44
Hallo und :hallo:

Zitat:
mein problem ist, dass ich mir vor einiger zeit einen virus gedownloadet und auch ausgeführt habe.
Was für eine Datei mit welchem angeblichen Zweck hast Du Dir von wo runtergeladen?
Poste bitte mal das Log von AntiVir vollständig.

-max- 20.06.2010 20:22
Die datei war ein Trainer für ein Spiel.

Und wegen dem log: meinst du das hier?

Code:
Exportierte Ereignisse:


20.06.2010 16:13 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\yuzaza.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51ada984.qua'
      verschoben!

20.06.2010 16:13 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\zaqsku.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '492d86df.qua'
      verschoben!

20.06.2010 16:13 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\yspvqi.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '03e4f362.qua'
      verschoben!

20.06.2010 16:13 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\yryvid.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '65cabca3.qua'
      verschoben!

20.06.2010 16:11 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\dhjqlf.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '483486a3.qua'
      verschoben!

20.06.2010 16:11 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\zaqsku.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.06.2010 16:11 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\yspvqi.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.06.2010 16:11 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\yuzaza.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.06.2010 16:11 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\yryvid.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.06.2010 16:10 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\dhjqlf.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.06.2010 19:34 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\zrbigu.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51ece372.qua'
      verschoben!

14.06.2010 19:34 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\zxmooc.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4980cc2f.qua'
      verschoben!

14.06.2010 19:34 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\zkgepl.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '03b6b993.qua'
      verschoben!

14.06.2010 19:34 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\zjapjs.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '658bf650.qua'
      verschoben!

14.06.2010 19:33 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\zkgepl.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.06.2010 19:33 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\zrbigu.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.06.2010 19:33 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\zxmooc.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.06.2010 19:33 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\zjapjs.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:39 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\emzbvk.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49f1880e.qua'
      verschoben!

13.06.2010 02:39 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\emzbvk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:30 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\ihubdw.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49bf863e.qua'
      verschoben!

13.06.2010 02:30 [Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\ufmotz.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5120a99f.qua'
      verschoben!

13.06.2010 02:30 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:30 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:30 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:30 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:30 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:30 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:30 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\ihubdw.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:30 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.06.2010 02:30 [Guard] Malware gefunden
      In der Datei 'C:\Windows\SysWOW64\ihubdw.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

cosinus 20.06.2010 20:47
bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

-max- 21.06.2010 13:51
Hier die OTL Scans:


Code:
OTL logfile created on: 21.06.2010 14:36:02 - Run 1
OTL by OldTimer - Version 3.2.6.1    Folder = C:\Users\Max\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
10,00 Gb Paging File | 9,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 69,97 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 596,02 Gb Total Space | 387,91 Gb Free Space | 65,08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAX-PC
Current User Name: Max
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.21 14:20:56 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Downloads\OTL.exe
PRC - [2010.06.19 17:05:42 | 000,202,040 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010.06.17 19:46:05 | 000,395,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.12 16:36:47 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.05.07 14:13:51 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010.04.24 12:11:03 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.04.02 21:08:01 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.08.28 07:02:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.08.21 02:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.08.18 11:42:34 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.07.28 14:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009.07.07 07:47:54 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.04.16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.21 14:20:56 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Downloads\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.06.19 17:05:42 | 000,202,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010.06.17 19:46:05 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.05.12 16:36:47 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.24 12:11:03 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.04 01:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.10.28 00:09:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.04.29 05:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.03.29 16:06:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.03.29 16:06:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.02.02 23:45:08 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.01.29 18:13:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.10 05:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.24 12:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.18 14:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.06 18:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.05.14 02:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.30 15:43:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.04.29 05:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008.02.22 16:33:00 | 000,151,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2008.02.22 16:32:58 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2008.02.22 16:32:58 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2006.06.18 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009.07.07 14:47:48 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/10/27 23:21:33] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009.03.26 05:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.06.18 00:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://questler.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
 
FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.28 15:41:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.09 23:00:23 | 000,000,000 | ---D | M]
 
[2010.02.03 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2010.02.03 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.06.20 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions
[2010.04.30 18:14:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.30 18:14:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.30 18:14:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.03.18 19:22:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.05.08 22:52:03 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\battlefieldheroespatcher@ea.com
[2010.05.12 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\eafo3fflauncher@ea.com
[2010.06.10 19:12:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\foxyproxy@eric.h.jung
[2010.06.09 23:00:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.06.09 23:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.09 23:00:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.02 03:10:39 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MsgCenterExe] C:\Program Files (x86)\Common Files\Real\Update_OB\RealOneMessageCenter.exe File not found
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a0bf9a30-0e50-11df-b350-0026227a3ac9}\Shell - "" = AutoRun
O33 - MountPoints2\{a0bf9a30-0e50-11df-b350-0026227a3ac9}\Shell\AutoRun\command - "" = E:\autorun.exe autorun.hta -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.21 14:23:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.21 14:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.18 14:01:10 | 000,000,000 | ---D | C] -- C:\Windows\Simple Port Forwarding
[2010.06.18 13:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simple Port Forwarding
[2010.06.17 20:03:27 | 000,000,000 | ---D | C] -- C:\HLServer
[2010.06.15 14:17:03 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Eidos
[2010.06.15 14:03:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Downloaded Installations
[2010.06.14 18:00:06 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Command and Conquer Generals Data
[2010.06.13 22:30:00 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\World in Conflict
[2010.06.13 22:17:54 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\World in Conflict
[2010.06.12 21:15:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\vghd
[2010.06.10 15:49:32 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.10 15:49:32 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.10 15:49:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.10 15:49:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.09 23:00:23 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.06.09 23:00:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.06.09 23:00:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.06.09 23:00:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.06.09 23:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.06.06 13:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.06.05 12:23:45 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\GetRightToGo
[2010.06.03 16:44:04 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Electronic_Arts_Inc
[2010.06.03 16:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.06.02 17:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2010.06.02 02:39:29 | 000,000,000 | -H-D | C] -- C:\Users\Max\Documents\Runes of Magic
[2010.05.31 01:06:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\InstallShield Installation Information
[2010.05.31 00:45:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\TrackMania
[2010.05.31 00:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010.05.30 23:06:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\FFSJ
[2010.05.30 21:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2010.05.30 13:29:39 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\LimeWire
[2010.05.29 00:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\P.Portable.CodeArmor
[2010.05.28 22:35:32 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.05.28 22:35:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.05.28 22:35:32 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.05.28 22:35:31 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.05.28 22:35:31 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.05.28 22:35:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.05.28 22:35:31 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.05.28 22:35:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.05.28 18:41:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Braid
[2010.05.28 16:39:21 | 000,000,000 | ---D | C] -- C:\ijji
[2010.05.28 15:41:19 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\SysWow64\ijjiSetup.exe
[2010.05.28 15:41:19 | 000,208,384 | ---- | C] (<YNK Intractive>) -- C:\Windows\SysWow64\uc_rohan_launching.dll
[2010.05.28 15:41:19 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll
[2010.05.28 15:41:19 | 000,086,624 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\ijjiChannelingPlugin.dll
[2010.05.28 15:41:19 | 000,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_sfighters_launching.dll
[2010.05.28 15:41:19 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\SysWow64\ijjiProcessRestarter.exe
[2010.05.28 15:41:19 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_atlantica_launching.dll
[2010.05.28 15:41:19 | 000,057,952 | ---- | C] (NHN USA Corp.) -- C:\Windows\SysWow64\ijjiPlugin2.dll
[2010.05.28 15:41:19 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_luminary_launching.dll
[2010.05.28 15:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ijji
[2010.05.25 17:15:28 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Teeworlds
[2010.05.24 13:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VZPRP
[2010.05.22 20:10:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\DivX
[2010.05.22 20:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.05.22 20:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.21 14:34:39 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.21 14:34:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.21 14:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.21 14:34:06 | 3219,636,224 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.21 14:33:26 | 004,194,304 | -HS- | M] () -- C:\Users\Max\ntuser.dat
[2010.06.21 14:33:23 | 003,155,919 | -H-- | M] () -- C:\Users\Max\AppData\Local\IconCache.db
[2010.06.21 14:28:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.21 14:24:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.21 14:24:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.20 18:06:35 | 000,001,112 | ---- | M] () -- C:\Users\Max\Desktop\Left 4 Dead 2 By Fakoykas.lnk
[2010.06.20 16:56:23 | 000,038,768 | ---- | M] () -- C:\Users\Max\Documents\Link.doc
[2010.06.19 17:05:42 | 000,202,040 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.06.19 16:49:52 | 000,000,004 | -H-- | M] () -- C:\Windows\SysWow64\__iw3mp
[2010.06.17 14:10:36 | 000,085,840 | ---- | M] () -- C:\Users\Max\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.17 14:10:13 | 000,358,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.15 19:58:01 | 001,639,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.15 19:58:01 | 000,706,838 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.15 19:58:01 | 000,660,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.15 19:58:01 | 000,152,398 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.15 19:58:01 | 000,124,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.15 14:16:29 | 000,000,837 | ---- | M] () -- C:\Users\Max\SciTE.session
[2010.06.15 13:50:15 | 000,424,624 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.06.15 13:50:14 | 000,138,472 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.06.15 13:50:12 | 000,418,480 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.06.15 13:50:11 | 000,115,432 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.06.15 02:18:57 | 000,124,653 | ---- | M] () -- C:\Users\Max\Documents\Chat.doc
[2010.06.13 17:52:48 | 000,000,613 | ---- | M] () -- C:\Windows\eReg.dat
[2010.06.13 02:28:48 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Roaming\chrtmp
[2010.06.12 21:16:04 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin
[2010.06.12 21:15:59 | 000,152,904 | ---- | M] () -- C:\Windows\SysWow64\vghd.scr
[2010.06.10 19:13:19 | 000,015,138 | -HS- | M] () -- C:\Users\Max\Folder.jpg
[2010.06.10 19:13:19 | 000,004,256 | -HS- | M] () -- C:\Users\Max\AlbumArtSmall.jpg
[2010.06.10 19:08:44 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.09 23:00:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.06.09 23:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.06.09 23:00:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.06.09 23:00:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.06.02 17:00:22 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.06.02 02:38:58 | 000,000,798 | ---- | M] () -- C:\Users\Max\Desktop\Runes of Magic.lnk
[2010.05.31 20:41:46 | 000,089,946 | ---- | M] () -- C:\ReactorException.dmp
[2010.05.30 23:06:01 | 000,004,147 | ---- | M] () -- C:\Windows\unins000.dat
[2010.05.30 23:05:56 | 000,794,906 | ---- | M] () -- C:\Windows\unins000.exe
[2010.05.29 01:50:56 | 000,001,897 | ---- | M] () -- C:\Users\Max\Desktop\Prey.lnk
[2010.05.28 22:44:01 | 001,617,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.05.27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.05.27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.05.22 20:29:03 | 000,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.05.22 19:15:56 | 000,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.19 16:49:52 | 000,000,004 | -H-- | C] () -- C:\Windows\SysWow64\__iw3mp
[2010.06.13 23:21:22 | 000,001,897 | ---- | C] () -- C:\Users\Max\Desktop\Prey.lnk
[2010.06.13 17:52:48 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat
[2010.06.13 02:28:48 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Roaming\chrtmp
[2010.06.12 21:16:04 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010.06.05 21:05:01 | 000,000,798 | ---- | C] () -- C:\Users\Max\Desktop\Runes of Magic.lnk
[2010.06.02 17:00:22 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.05.31 20:41:44 | 000,089,946 | ---- | C] () -- C:\ReactorException.dmp
[2010.05.30 23:06:00 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2010.05.30 23:06:00 | 000,004,147 | ---- | C] () -- C:\Windows\unins000.dat
[2010.05.28 15:41:19 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.05 19:17:13 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010.02.12 17:40:53 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\libmySQL.dll
[2010.02.12 17:40:53 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\TrackerNET.dll
[2010.02.05 16:16:30 | 000,000,886 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.01.31 17:38:31 | 000,000,600 | ---- | C] () -- C:\Windows\rtcwgoty.INI
[2010.01.29 13:29:14 | 000,000,510 | ---- | C] () -- C:\Windows\wininit.ini
[2010.01.22 11:59:48 | 001,617,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.22 10:29:51 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.01.17 01:21:50 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.01.09 22:41:47 | 000,000,000 | -HSD | M] -- C:\Users\Max\AppData\Roaming\.#
[2010.03.22 21:34:53 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Audacity
[2010.05.11 21:06:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Bioshock2
[2010.05.28 18:42:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Braid
[2010.02.07 02:37:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Camfrog
[2010.01.28 23:38:01 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Command and Conquer 4 Beta
[2010.01.31 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2010.01.29 18:17:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Pro
[2010.05.30 23:07:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\FFSJ
[2010.01.14 23:08:39 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\FOG Downloader
[2010.01.09 22:38:10 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\GameConsole
[2010.06.05 12:24:31 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\GetRightToGo
[2010.03.16 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Hardcore
[2010.05.09 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ICQ
[2010.01.11 00:18:54 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ijjigame
[2010.03.16 20:38:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Juce VST Host
[2010.01.09 23:37:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Leadertech
[2010.06.20 20:21:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\LimeWire
[2010.04.07 15:26:35 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.02.07 01:57:42 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ManyCam
[2010.03.05 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\MotioninJoy
[2010.02.18 22:25:54 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\OtakuSoftware
[2010.01.09 18:45:33 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Packard Bell
[2010.01.18 13:11:56 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PC Suite
[2010.04.23 16:59:32 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Red Alert 3
[2010.04.24 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Red Alert 3 Uprising
[2010.01.18 13:46:44 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Samsung
[2010.04.05 00:16:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TeamDrive
[2010.05.25 17:19:47 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Teeworlds
[2010.03.10 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TS3Client
[2010.03.29 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ubisoft
[2010.06.13 00:45:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\vghd
[2010.05.10 23:13:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:93DE1838
< End of report >

-max- 21.06.2010 13:53
und teil 2. (das board, gibt anscheinend den geist auf, wenn ich alles in einen post tue)

Code:
OTL Extras logfile created on: 21.06.2010 14:36:02 - Run 1
OTL by OldTimer - Version 3.2.6.1    Folder = C:\Users\Max\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
10,00 Gb Paging File | 9,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 69,97 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 596,02 Gb Total Space | 387,91 Gb Free Space | 65,08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAX-PC
Current User Name: Max
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UACDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Uforia\Mercenary Wars\Bin\MWGame.exe" = C:\Uforia\Mercenary Wars\Bin\MWGame.exe:*:Enabled:MWGame -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exed | Stopped] -- C:\Windows\Vss -- (VSS) -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exeArms.exed | Stopped] -- C:\Windows\Vss -- (VSS) -- File not found
"C:\Uforia\Mercenary Wars\Bin\MWGame.exe" = C:\Uforia\Mercenary Wars\Bin\MWGame.exe:*:Enabled:MWGame -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exewallPolicy\StandardProfile\AuthorizedApplications\List -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"KeyLemon" = KeyLemon
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{16393B5A-43A8-434B-B22A-0724581F7873}" = GameShadow
"{179F3115-969C-454C-B524-464A026FD202}" = NavyFIELD Europa (DE)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62c03d48-3ad9-437c-a33c-a28d8104884b}" = Nero 9 Essentials
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{830AEB51-7904-4163-939D-2640E0E125BA}" = Far Cry
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91CD08AA-5402-4C64-A9CA-C7B4A479C003}_is1" = Counter Strike Source v1.0.0.34
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.2 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE4BA4C3-6DE4-404C-9B69-A84709BED752}" = Conflict Denied Ops
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"ASIO4ALL" = ASIO4ALL
"AutoItv3" = AutoIt v3.3.4.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"Cross Fire_is1" = Cross Fire En
"DivX Setup.divx.com" = DivX-Setup
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.4
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Half-Life" = Half-Life
"Hardcore" = Hardcore
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"Just Cause 2_is1" = Just Cause 2
"League of Legends_is1" = League of Legends
"Left 4 Dead" = Left 4 Dead
"Left4Dead2-hohesC_is1" = Left 4 Dead 2 - 2.0.2.3
"LimeWire" = LimeWire 5.5.8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenAL" = OpenAL
"Pack 500 track" = Pack 500 track
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Plants vs. Zombies" = Plants vs. Zombies
"PoiZone" = PoiZone
"Portal1.5" = Portal
"PunkBusterSvc" = PunkBuster Services
"Sauerbraten" = Sauerbraten
"Sawer" = Sawer
"SciTE4AutoIt3" = SciTE4AutoIt3 2/6/2010
"Sierra Utilities" = Sierra Utilities
"Simple Port Forwarding" = Simple Port Forwarding
"SpeedFan" = SpeedFan (remove only)
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 13140" = America's Army 3
"Steam App 25700" = Madballs in...Babo: Invasion
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3483" = Peggle Extreme
"Steam App 40" = Deathmatch Classic
"Steam App 5" = Dedicated Server
"Steam App 60" = Ricochet
"Steam App 80" = Condition Zero
"SystemRequirementsLab" = System Requirements Lab
"Tactical Ops" = Tactical Ops
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"Urban Terror_is1" = Urban Terror 4.1
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Visual Zip Password Recovery" = Visual Zip Password Recovery
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"World in Conflict - Deutsche Texte für V.1.0.0.0_is1" = World in Conflict - Deutsch Texte für V.1.0.0.0
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Filmmakers Video Uploader" = Filmmakers Video Uploader
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"NCsoft-Aion" = Aion
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >




Malware bytes braucht noch ein bisschen

-max- 21.06.2010 15:29
Malwarebytes hat nichts interessantes gefunden:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4220

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.06.2010 16:25:56
mbam-log-2010-06-21 (16-25-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 436839
Laufzeit: 1 Stunde(n), 48 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Max\Anderes\AutoIt3\Extras\SQLite\sqlite3.exe (Trojan.Clicker) -> No action taken.
C:\Users\Max\Anderes\hacks\PerX Injector\PerX.exe (Backdoor.Bot) -> No action taken.
1. Denke mal, dass die beiden fehlalarme sind. Perx ist ein injector, und den benutze ich schon seid ewigkeiten ohne probleme (um spiele zu modden)
2. Autoit kann ich mir auch nicht vorstellen, dass es ein virus ist.

cosinus 21.06.2010 15:32
Zitat:
Perx ist ein injector, und den benutze ich schon seid ewigkeiten ohne probleme (um spiele zu modden)
Was genau meinst Du mit "modden"?

-max- 21.06.2010 15:45
Mit perx kann man ddl datein in ein programm hinzufügen.

Also kann man z.b. bei spielen wie call of duty einen mod laufen lassen (z.b. zombie gegner im multiplayer)


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27