Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antivir meldet das Trojanische Pferd TR/Inject.azat (https://www.trojaner-board.de/95004-antivir-meldet-trojanische-pferd-tr-inject-azat.html)

Demonish 24.01.2011 02:12
Antivir meldet das Trojanische Pferd TR/Inject.azat
 
vorhin meldete antivir das Trojanische Pferd TR/Inject.azat in der datei C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNW6ZRH2\cnkqaweuesfzxwcoct[1].exe und seitdem läuft mein pc recht langsam manche seiten brauchen bis zu 10minuten bist die fertig geladen sind teilweise habe ich auch garkeine internet verbindung mehr ich hoffe ihr könnt mir weiterhelfen


Code:
OTL logfile created on: 24.01.2011 01:11:58 - Run 2
OTL by OldTimer - Version 3.2.20.4    Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 72,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,87 Gb Total Space | 16,25 Gb Free Space | 27,14% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 463,93 Gb Free Space | 77,82% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 593,87 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
Drive F: | 59,87 Gb Total Space | 56,45 Gb Free Space | 94,29% Space Free | Partition Type: NTFS
Drive H: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.23 01:02:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.12.15 16:55:46 | 000,944,496 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010.12.10 14:21:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.02 14:23:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.02 14:23:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2008.06.18 13:54:20 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe
PRC - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008.02.25 17:57:48 | 000,034,040 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008.02.25 17:57:22 | 000,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008.02.25 17:53:16 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008.02.25 01:02:54 | 000,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008.01.25 17:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.01.23 01:02:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV - [2011.01.06 03:07:40 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010.12.10 14:21:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.17 14:44:10 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.02 14:23:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.24 17:19:18 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.14 12:26:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe -- (Sound Blaster MB Licensing Service)
SRV - [2008.05.02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.04.25 12:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.02.25 17:57:22 | 000,021,752 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008.02.25 17:53:16 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008.02.25 01:02:54 | 000,049,152 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008.01.25 17:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.11.22 16:14:24 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2008.02.29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.02.29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.02.29 03:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.02.21 03:55:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008.01.30 10:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2007.12.14 09:10:00 | 000,092,160 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys -- (SkLaggProtocol)
DRV:64bit: - [2007.11.26 04:16:32 | 000,086,016 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2007.11.23 09:10:00 | 000,025,088 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys -- (SkVlanProtocol)
DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2010c\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2008.06.18 13:54:58 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.25 12:23:40 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2005.01.04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.10.15 06:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.09 17:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.09 17:32:10 | 000,000,000 | ---D | M]
 
[2009.02.04 13:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\mozilla\Extensions
[2010.08.28 02:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions
[2010.04.27 13:24:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.28 02:33:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.28 02:30:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.23 22:32:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.23 22:32:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.23 00:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\kvab3347.Standard-Benutzer\extensions
[2010.12.02 23:26:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\kvab3347.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.28 02:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.15 06:59:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.08.22 13:16:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.22 13:16:44 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.22 13:16:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.22 13:16:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.22 13:16:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [EmpoweringTechnology]  File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steven\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steven\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.11 00:09:29 | 000,000,047 | -H-- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- [2010.09.11 00:09:30 | 002,508,760 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.23 01:02:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011.01.12 21:23:05 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 21:23:05 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.12 21:23:00 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.24 01:05:20 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{660A2F38-EA1B-4456-9F77-936D0B0101C3}.job
[2011.01.23 23:50:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.23 23:50:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.23 19:56:53 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.23 19:56:53 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.23 19:56:53 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.23 19:56:53 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.23 19:56:53 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.23 19:51:13 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.01.23 19:51:13 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.01.23 19:50:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011.01.23 19:50:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.23 01:02:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.01.22 03:11:49 | 000,464,261 | ---- | M] () -- C:\Users\***\Desktop\WoW_UI.jpg
[2011.01.20 23:53:19 | 000,484,593 | ---- | M] () -- C:\Users\***\Desktop\7b48d3508f1a4f5691d624d966a62c0a.jpg
[2011.01.14 15:33:17 | 000,589,916 | ---- | M] () -- C:\Users\***\Desktop\raidingtactics.jpg
[2011.01.03 16:26:20 | 000,036,542 | ---- | M] () -- C:\Users\***\Desktop\conquestpointcapvsperso.png
[2010.12.28 17:08:18 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.22 03:12:31 | 000,464,261 | ---- | C] () -- C:\Users\***\Desktop\WoW_UI.jpg
[2011.01.20 23:53:18 | 000,484,593 | ---- | C] () -- C:\Users\***\Desktop\7b48d3508f1a4f5691d624d966a62c0a.jpg
[2011.01.14 15:33:17 | 000,589,916 | ---- | C] () -- C:\Users\***\Desktop\raidingtactics.jpg
[2011.01.06 03:08:53 | 000,359,782 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI62F4.txt
[2011.01.06 03:08:53 | 000,011,194 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI62F4.txt
[2011.01.03 16:26:20 | 000,036,542 | ---- | C] () -- C:\Users\***\Desktop\conquestpointcapvsperso.png
[2010.12.09 00:49:53 | 000,360,550 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI6CD8.txt
[2010.12.09 00:49:53 | 000,011,226 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI6CD8.txt
[2010.12.01 03:13:03 | 000,358,630 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI695B.txt
[2010.12.01 03:13:03 | 000,011,146 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI695B.txt
[2010.11.30 22:08:41 | 000,359,398 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI0067.txt
[2010.11.30 22:08:41 | 000,011,178 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI0067.txt
[2010.11.29 21:33:41 | 000,358,632 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI1778.txt
[2010.11.29 21:33:40 | 000,011,146 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI1778.txt
[2010.11.11 04:01:37 | 000,358,248 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI73DE.txt
[2010.11.11 04:01:37 | 000,011,130 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI73DE.txt
[2010.09.23 02:39:53 | 000,359,400 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI40CB.txt
[2010.09.23 02:39:53 | 000,011,178 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI40CB.txt
[2010.09.11 10:19:25 | 000,360,930 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI76E9.txt
[2010.09.11 10:19:25 | 000,011,242 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI76E9.txt
[2010.08.11 06:25:21 | 000,000,638 | ---- | C] () -- C:\Users\***\AppData\Roaming\MPQEditor.ini
[2010.03.26 02:16:15 | 000,442,410 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI70A2.txt
[2010.03.26 02:16:15 | 000,011,714 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI70A2.txt
[2010.03.19 06:59:57 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys
[2010.02.14 07:11:05 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss
[2010.02.06 18:13:56 | 012,427,264 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.01.31 21:44:21 | 000,024,088 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.01.19 13:49:50 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2010.01.19 13:49:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010.01.11 05:50:08 | 000,418,354 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI7E7E.txt
[2010.01.11 05:50:08 | 000,011,482 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI7E7E.txt
[2009.09.24 17:13:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.24 17:13:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.27 15:04:00 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.27 02:01:30 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.20 17:34:47 | 000,329,138 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI088C.txt
[2009.06.20 17:34:47 | 000,011,162 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI088C.txt
[2009.06.18 13:48:34 | 000,328,676 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI3F21.txt
[2009.06.18 13:48:33 | 000,012,178 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI3F21.txt
[2009.06.18 13:47:50 | 000,330,658 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI3E95.txt
[2009.06.18 13:47:50 | 000,011,226 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI3E95.txt
[2009.06.18 02:35:35 | 000,001,000 | ---- | C] () -- C:\Windows\wininit.ini
[2009.06.17 13:42:37 | 000,810,510 | ---- | C] () -- C:\Users\***\AppData\Local\dd_NET_Framework35_LangPack_MSI6C75.txt
[2009.06.17 13:42:35 | 000,036,144 | ---- | C] () -- C:\Users\***\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009.06.17 13:42:32 | 000,076,494 | ---- | C] () -- C:\Users\***\AppData\Local\dd_dotnetfx35install_lp.txt
[2009.06.17 13:42:32 | 000,001,604 | ---- | C] () -- C:\Users\***\AppData\Local\uxeventlog.txt
[2009.06.17 13:42:32 | 000,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\dd_dotnetfx35error_lp.txt
[2009.05.14 10:40:20 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2009.04.22 01:41:19 | 000,003,688 | ---- | C] () -- C:\Windows\jtxpv_vp.ini
[2009.04.22 01:41:19 | 000,001,431 | ---- | C] () -- C:\Windows\cwzwtsh32.ini
[2009.04.22 00:41:19 | 000,420,746 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI7F06.txt
[2009.04.22 00:41:19 | 000,011,450 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI7F06.txt
[2009.03.14 18:52:04 | 000,024,576 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.02 18:16:56 | 000,002,032 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.10.14 12:33:31 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.10.14 12:33:31 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.04.30 18:01:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008.04.30 18:01:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008.04.30 17:48:30 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll
[2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll
[2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\SysWow64\libpostproc.dll
[2002.04.19 14:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
[2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\MPEG2DEC.dll
 
========== LOP Check ==========
 
[2010.01.29 15:18:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010.07.28 04:36:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cewuqo
[2010.08.28 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.06 15:19:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2009.09.01 01:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fizzy
[2009.03.14 11:14:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FOG Downloader
[2009.03.15 10:01:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2009.05.22 16:51:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.12.06 03:14:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.04.22 01:51:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2009.10.15 16:15:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Multi File Downloader
[2010.05.27 00:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2009.03.17 12:44:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2010.01.31 21:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.06.09 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\thriXXX
[2010.01.12 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2010.07.28 15:18:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wiutez
[2011.01.23 19:49:45 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.24 01:05:20 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{660A2F38-EA1B-4456-9F77-936D0B0101C3}.job
 
========== Purity Check ==========
 
 

< End of report >

Code:
OTL Extras logfile created on: 24.01.2011 01:11:58 - Run 2
OTL by OldTimer - Version 3.2.20.4    Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 72,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,87 Gb Total Space | 16,25 Gb Free Space | 27,14% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 463,93 Gb Free Space | 77,82% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 593,87 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
Drive F: | 59,87 Gb Total Space | 56,45 Gb Free Space | 94,29% Space Free | Partition Type: NTFS
Drive H: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = A0 0D 74 08 32 A0 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03513A5C-343E-43A6-9C7F-33EBA81685E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{093A54DF-DDEA-4909-8B64-8ABDB52AC525}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{097C57BB-23AE-4748-B603-8E72C132D057}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0AB17E55-724F-41BE-B4A5-A9C1095057EF}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{0AD6468B-FD58-46CA-8B27-AC3162504140}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{1E440AF0-8CC1-4094-990C-CE17846B9A63}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{224FB75D-7742-478B-B4AF-A1E25644FED1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{279997E7-90B0-4506-B943-7DA5FE17AACC}" = rport=445 | protocol=6 | dir=out | app=system |
"{3363AA05-64ED-4EBA-92E9-87288D9169FE}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{37EAAEF1-3130-4F52-8D77-EF98F8C80396}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{4D10BEDE-BCB1-4202-9C72-43D453028B55}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{62C409A9-DAB5-469E-AE8F-A909D7FA5AE2}" = lport=445 | protocol=6 | dir=in | app=system |
"{699FD8CB-D989-4589-A4F0-4797331FD7D8}" = rport=137 | protocol=17 | dir=out | app=system |
"{91E1DC29-09CA-4178-ADF5-8C5761154446}" = rport=138 | protocol=17 | dir=out | app=system |
"{9FE04F8A-3621-458B-A9C0-F9BDE34D6733}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF0BE660-80BB-4268-A776-15F3BADD7700}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{D18E3C64-C0DF-417E-8935-06749F8C44AD}" = lport=138 | protocol=17 | dir=in | app=system |
"{D90207CA-5E71-4121-BC31-6D934F3D39D3}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{EB2D9683-B100-4512-89BB-CD3935F06032}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005166BD-BBDD-4C08-9374-B09D0B65F39A}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{052FBE7B-DADB-4C1D-A7BB-C24A4351B712}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{05379253-FE95-4265-AB23-337EFA555607}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{05DF7B9C-8859-4484-9FD5-C3BBA9FF138D}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{0630D2C0-B945-4517-BA4E-F656A7173E69}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{06F70A8D-E906-4956-A6EF-0B1F0E90573E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0B5F3844-7CE8-4BE5-A1D8-C5993A1BAA61}" = protocol=17 | dir=in | app=d:\world of warcraft public test\launcher.exe |
"{0DCD6FC0-2936-4FCB-98C8-D53C4A24AC9B}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{0E741F55-E79F-4F01-9315-F6A3CB6BCFE2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0F80C433-F49B-4880-9857-89B237678385}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{101266E2-B923-48C4-88C9-034E6135EF87}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\pmvservice.exe |
"{105437F4-6152-411F-9286-489EDBC069D0}" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base15405\sc2.exe |
"{12C9B0FA-4B33-4797-9772-5505CDA0BAFA}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\playmovie.exe |
"{1355A462-D46C-439E-913D-988F74650225}" = protocol=17 | dir=in | app=d:\icq7.0\aolload.exe |
"{169A1FD8-9A43-4169-964D-B0660A30916C}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{191F3D32-5A4E-4F77-82C5-34D86D197943}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{1BFE8954-8150-46E5-A523-327828C8748B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1DB90D25-282F-4156-BDDC-5DC6C2ADE624}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2030C680-0A39-4455-8633-9BDB76677A5E}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{25E500D4-2913-4914-BEA7-469DF23AFF31}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{27C0214E-3ABB-4F03-B573-F95F3BD2F99C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2B7F6C71-B331-4430-AAAC-9C5E8DA4E3C4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{2BCC1D58-2386-49A0-B24A-4F42D0C9F2CD}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{2BEB0C3B-A16D-4AA7-8F8B-A1ABF937B273}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2E462275-E5F4-496B-9028-FC0001B61043}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{30986A02-92A4-4494-8B28-354B2582767B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe |
"{30E64774-3950-47C7-B4E1-9116B67C7264}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{30FA1D15-0465-4E44-AC58-E3F622D0060F}" = protocol=17 | dir=in | app=d:\icq7.0\aolload.exe |
"{350E126E-0EC6-4760-940C-18C261AF7B61}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{40BC9CA5-BE55-438A-81A2-7E2B4C14A778}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{42B7160E-65DF-4E4C-AC7F-3C77A9D06C2E}" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base15405\sc2.exe |
"{450414CA-FD97-4448-91DC-497C4C6E5916}" = protocol=6 | dir=in | app=d:\icq7.0\icq.exe |
"{4CEF297D-6BB1-494B-90BA-AED44C78E6CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50CE056A-5733-4745-9FFE-B628E469A308}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{53E3CFC7-82E7-4A25-85C2-ACC3884410EF}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{57394E59-EBB5-409D-99E4-564099B95930}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{57D81137-4B70-4BA7-A2EC-CD07AC597E75}" = protocol=17 | dir=in | app=d:\icq7.0\icq.exe |
"{587B9219-66BA-4C9C-9809-354590F284C0}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{5EFCB4C1-BF43-4D9C-BF99-40328D6D3128}" = protocol=6 | dir=in | app=d:\world of warcraft public test\launcher.exe |
"{6004C96E-AAC2-4B47-AED8-5C48A4BC06C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{682644CC-5087-4A98-8D8B-DA7F652F6EFF}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{74043A72-42B0-459C-AB2E-88E9817B2F52}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{75E83B53-63B8-4352-B96A-524CD5276DAA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{7822894B-27E7-4B8D-A6BD-73491F51C5A2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe |
"{8079B1EF-AB1D-4C6F-8E98-3608C69FBD1E}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{8266D179-9B25-4858-957C-0F9391794CF4}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{85ED011E-611E-4E9B-A07A-4A879B8304C0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{87296A24-7EA6-4B5D-A748-5AE363B1CD2D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{88452F52-57C3-4FCB-83EB-1C489652E6F9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{95F5DFA7-6966-4223-8561-1584A83379F8}" = protocol=6 | dir=in | app=d:\icq7.0\icq.exe |
"{97782F54-6D7E-49CB-A774-36C792662657}" = protocol=6 | dir=in | app=d:\icq7.0\icq.exe |
"{A218AB84-EF0C-4B64-B481-34F52A1B1DF2}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{A2CFC459-D444-4902-AC6B-8484D0D24742}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{A410D1C2-B7A5-44BD-B69B-0B71D2F8DC1D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{A444FA16-3DC2-4405-AC25-D84F6E6BD253}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{A4F8FA68-FD88-4D47-A6C6-F31E3F7CF648}" = protocol=6 | dir=in | app=d:\icq7.0\aolload.exe |
"{A5CFD1A0-9610-4D1E-A197-603F2CBE54E0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{A6033152-D00E-40B0-80E4-E9CCCFF638FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A9E983A0-0845-4481-881D-EB4531E32067}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{AE238DA1-08EC-4ADB-A198-480993598B63}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{AE50672B-D24F-4F77-90D9-BCB90C5B56E4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{B3639CA8-F03C-4BD6-9E89-31CB696DE1D6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{B4CB7B43-A390-4AC8-A4F6-9B5832AC6D9D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C1E3E8D3-4F83-4317-902C-B303E97AA94F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C82FE470-073C-4B01-A0EF-F7C8E1B03024}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{C87D5A30-9E92-41C8-AA2A-9533EADE18CF}" = protocol=6 | dir=in | app=d:\world of warcraft public test\launcher.patch.exe |
"{CC4FC1F3-0FAF-4735-9E73-51129454BB6F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{D3AABF3B-9170-44D8-8C3E-8531FA15CAF3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{D506CD02-A1FB-4A46-AA9E-3D1B25D7364A}" = protocol=17 | dir=in | app=d:\icq7.0\icq.exe |
"{D5121C37-E81D-4A70-ABE7-E73B4CB8CD9E}" = protocol=17 | dir=in | app=d:\world of warcraft public test\launcher.patch.exe |
"{D8B00843-8317-4635-90A6-3FEB82FC1BAB}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{DB300369-54C7-4F9E-88EC-1E8B92F11D75}" = protocol=17 | dir=in | app=d:\icq7.0\icq.exe |
"{DFEEC633-6EAA-42E1-BBC3-856CAFB55E77}" = protocol=6 | dir=in | app=d:\icq7.0\aolload.exe |
"{E794B4E0-77E6-4CE0-9F3E-117FB4378A88}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{EBEDEAF4-7120-4603-A96D-47C130DF82D3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{F66C57DC-59DF-46ED-B981-322F45237DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FC75459E-4FB1-4373-AA94-14E4EEEC3C58}" = protocol=6 | dir=in | app=d:\icq7.0\aolload.exe |
"{FEB56707-64DA-426C-9451-2B63E59E754E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{FED231F3-8F49-44F2-95F8-420E445D572D}" = protocol=17 | dir=in | app=d:\icq7.0\aolload.exe |
"TCP Query User{10406898-3385-4495-B591-5B134DEA9EF4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{20F87E5A-6865-4B42-8B0C-57F37F6DD4E9}C:\users\***\appdata\roaming\wiutez\fiuhi.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\wiutez\fiuhi.exe |
"TCP Query User{45AF3DFF-7F0A-4121-908D-93A74DDD6B6B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{53C5BC60-3958-47A9-A9C2-D7FB7484F59D}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{70046869-3509-49DC-B449-6B03EA9344F5}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{7BEDCF02-34B4-4D21-8874-6041AEBBACC8}C:\program files (x86)\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\recordingmanager.exe |
"TCP Query User{8641C09E-98E4-4FE2-9441-ABDBED734718}D:\lf2_v2.0\lf2.exe" = protocol=6 | dir=in | app=d:\lf2_v2.0\lf2.exe |
"TCP Query User{8D810DB9-DE0B-4717-8F39-D3202343DC1D}C:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"TCP Query User{99EBDA11-B20F-4C00-9B3C-C4FDF1027933}C:\users\***\downloads\teamspeak3-server_win64-3.0.0-beta15\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\teamspeak3-server_win64-3.0.0-beta15\teamspeak3-server_win64\ts3server_win64.exe |
"TCP Query User{AD6E2585-95C2-4CA3-BD34-03981C1CF2BF}C:\program files (x86)\tortun\gui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tortun\gui.exe |
"TCP Query User{AD709E33-1E6C-4280-8479-B6018E5E1672}D:\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{AF60850A-ACB7-4C72-AEDF-B303FFA172FB}D:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{B0A2471F-B30D-44F1-986A-E1274BB92A35}D:\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{CD12E129-56CE-4D85-B94C-33AE09543440}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{D4DB6FAA-5B13-418C-8668-9FFAC785E106}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{E7CD2306-3263-4403-BA71-89111DEB494E}C:\program files (x86)\multi file downloader\multifiledownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\multi file downloader\multifiledownloader.exe |
"UDP Query User{04790CB6-8F63-4B6D-A10E-7C08AF5BCF56}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{07E12E15-CC5E-4919-BDB2-BFA71B5A45F3}C:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"UDP Query User{2C8DF1AC-F28E-4ED6-B56E-B9DAA018A42C}C:\users\***\downloads\teamspeak3-server_win64-3.0.0-beta15\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\teamspeak3-server_win64-3.0.0-beta15\teamspeak3-server_win64\ts3server_win64.exe |
"UDP Query User{3088D6AA-5BA8-43CD-9FD7-75A31C325B65}D:\lf2_v2.0\lf2.exe" = protocol=17 | dir=in | app=d:\lf2_v2.0\lf2.exe |
"UDP Query User{330CA299-7F9D-451D-BA74-163935AAAD5C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{50939D78-44C8-4516-A8F2-8F15DDE7055A}D:\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{62E01EAA-71DA-4981-AFB6-EAD7FBC0488E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{63984F3B-9B08-478F-A7BA-EE654A449B80}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{67889728-4589-45DF-B132-DD0540838EBD}C:\program files (x86)\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\recordingmanager.exe |
"UDP Query User{686ADBBF-C361-4391-823A-D8451A169142}C:\program files (x86)\multi file downloader\multifiledownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\multi file downloader\multifiledownloader.exe |
"UDP Query User{8D63EB5A-F905-4536-8928-69EC18D8D5F8}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{AC55E75A-9373-493E-891B-DCDB427CED1C}D:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{B5826EF2-BBB9-4DCC-923E-782BA2CF798E}C:\program files (x86)\tortun\gui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tortun\gui.exe |
"UDP Query User{E002995B-D049-4BED-9836-976480CACBFF}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{ED93CC83-44E8-4E9C-94A2-0B83DD0AC208}C:\users\***\appdata\roaming\wiutez\fiuhi.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\wiutez\fiuhi.exe |
"UDP Query User{EFAF022F-0E32-4100-9784-A24358F46EBD}D:\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base16605\sc2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{906BDDA8-9E8F-45B7-8520-36F7961FD65D}" = Logitech GamePanel Software 2.02
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010c
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Defraggler" = Defraggler
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{143C7D3A-02DD-4163-9880-11B202B7E3E6}" = Creative Sound Blaster MB
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"ALchemy SB MB" = Creative ALchemy (SB MB Edition)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2011 22:42:25 | Computer Name = ***-PC | Source = Perflib | ID = 1008
Description =
 
Error - 21.01.2011 22:42:25 | Computer Name = ***-PC | Source = Perflib | ID = 1005
Description =
 
Error - 21.01.2011 22:42:25 | Computer Name = ***-PC | Source = Perflib | ID = 1018
Description =
 
Error - 21.01.2011 22:42:25 | Computer Name = ***-PC | Source = Perflib | ID = 1008
Description =
 
Error - 22.01.2011 10:32:23 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.01.2011 10:32:23 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.01.2011 11:31:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.01.2011 11:31:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.01.2011 14:50:56 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.01.2011 14:50:56 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 20.01.2011 10:50:04 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
 
Error - 20.01.2011 23:15:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21.01.2011 10:32:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21.01.2011 10:33:02 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
 
Error - 22.01.2011 10:32:28 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
 
Error - 22.01.2011 10:32:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 23.01.2011 11:32:00 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
 
Error - 23.01.2011 11:32:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 23.01.2011 14:51:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 23.01.2011 14:52:50 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5583

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

24.01.2011 01:10:45
mbam-log-2011-01-24 (01-10-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|J:\|K:\|L:\|)
Durchsuchte Objekte: 316757
Laufzeit: 29 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 24.01.2011 11:39
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Demonish 24.01.2011 16:00
gibt keine weiteren dies ist das einzigste

cosinus 24.01.2011 16:23
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.11 00:09:29 | 000,000,047 | -H-- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- [2010.09.11 00:09:30 | 002,508,760 | ---- | M] ()
[2010.03.19 06:59:57 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys
[2009.04.22 01:41:19 | 000,003,688 | ---- | C] () -- C:\Windows\jtxpv_vp.ini
[2009.04.22 01:41:19 | 000,001,431 | ---- | C] () -- C:\Windows\cwzwtsh32.ini
[2010.01.29 15:18:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010.07.28 04:36:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cewuqo
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Demonish 24.01.2011 16:44
habe alles so ausgeführt wie beschrieben kurz nachdem ich auf Fix geklickt hatte kam eine meldung "Access violation at adress 005CC7ED in module 'OTL.exe' Read of address 00000000" die ich mit OK weggeklickt habe kurz darauf ist der pc neugestartet und folgendes logfile hat sich geöffnet

Code:
All processes killed
Error: Unable to interpret <O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- [2010.09.11 00:09:30 | 002,508,760 | ---- | M] ()> in the current context!
Error: Unable to interpret <[2010.03.19 06:59:57 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys> in the current context!
Error: Unable to interpret <[2009.04.22 01:41:19 | 000,003,688 | ---- | C] () -- C:\Windows\jtxpv_vp.ini> in the current context!
Error: Unable to interpret <[2009.04.22 01:41:19 | 000,001,431 | ---- | C] () -- C:\Windows\cwzwtsh32.ini> in the current context!
Error: Unable to interpret <[2010.01.29 15:18:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#> in the current context!
Error: Unable to interpret <[2010.07.28 04:36:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cewuqo> in the current context!
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 98150 bytes
->Temporary Internet Files folder emptied: 188592 bytes
->Flash cache emptied: 75 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 1337742 bytes
->Temporary Internet Files folder emptied: 18211696 bytes
->Java cache emptied: 7617522 bytes
->FireFox cache emptied: 147253713 bytes
->Opera cache emptied: 73273319 bytes
->Flash cache emptied: 1130063 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37137 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 238,00 mb
 
 
OTL by OldTimer - Version 3.2.20.4 log created on 01242011_162934

Files\Folders moved on Reboot...
File move failed. H:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 24.01.2011 20:07
Das ":OTL" hast du mitkopiert? Sieht nämlich nicht danach aus. Wiederhol den Schritt bitte.

Demonish 24.01.2011 20:26
das :OTL habe ich mitkopiert habe den vorgang nochmal wiederholt diesmal kam die selbe meldung wie beim ersten mal "Access violation at adress 005CC7ED in module 'OTL.exe' Read of address 00000000" pc wurde neugestartet ein logfile wurde geöffnet wo nicht wirklich viel drinne steht diesmal

Code:
Files\Folders moved on Reboot...
File move failed. H:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 24.01.2011 20:35
Nagut. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Demonish 24.01.2011 20:59
alles wie beschrieben ausgeführt

Code:
ComboFix 11-01-23.07 - *** 24.01.2011  20:45:11.1.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.8190.6641 [GMT 1:00]
ausgeführt von:: c:\users\Steven\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\.#

.
(((((((((((((((((((((((  Dateien erstellt von 2010-12-24 bis 2011-01-24  ))))))))))))))))))))))))))))))
.

2011-01-24 19:48 . 2011-01-24 19:48        --------        d-----w-        c:\users\***\AppData\Local\temp
2011-01-24 19:48 . 2011-01-24 19:48        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-01-24 19:48 . 2011-01-24 19:48        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2011-01-24 15:26 . 2011-01-24 15:26        --------        dc----w-        C:\_OTL
2011-01-21 14:37 . 2011-01-13 10:20        7844688        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{21B99109-50B5-4BC6-B9F4-35AADB18A9D5}\mpengine.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-11-28 18:55        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-28 18:55        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-22 15:14 . 2009-06-20 16:35        83120        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-11-06 11:18 . 2010-12-15 12:00        500224        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:18 . 2010-12-15 12:00        655872        ----a-w-        c:\windows\system32\taskschd.dll
2010-11-06 11:18 . 2010-12-15 12:00        410112        ----a-w-        c:\windows\system32\taskcomp.dll
2010-11-06 11:18 . 2010-12-15 12:00        855040        ----a-w-        c:\windows\system32\schedsvc.dll
2010-11-04 23:58 . 2010-12-15 12:00        267776        ----a-w-        c:\windows\system32\taskeng.exe
2010-11-04 18:55 . 2010-12-15 12:00        352768        ----a-w-        c:\windows\SysWow64\taskschd.dll
2010-11-04 18:55 . 2010-12-15 12:00        270336        ----a-w-        c:\windows\SysWow64\taskcomp.dll
2010-11-04 16:34 . 2010-12-15 12:00        171520        ----a-w-        c:\windows\SysWow64\taskeng.exe
2010-11-02 06:27 . 2010-12-15 12:00        1147904        ----a-w-        c:\windows\system32\wininet.dll
2010-11-02 06:24 . 2010-12-15 12:00        56832        ----a-w-        c:\windows\system32\licmgr10.dll
2010-11-02 06:23 . 2010-12-15 12:00        1538560        ----a-w-        c:\windows\system32\inetcpl.cpl
2010-11-02 06:23 . 2010-12-15 12:00        77312        ----a-w-        c:\windows\system32\iesetup.dll
2010-11-02 06:23 . 2010-12-15 12:00        132096        ----a-w-        c:\windows\system32\iesysprep.dll
2010-11-02 06:01 . 2010-12-15 12:00        916480        ----a-w-        c:\windows\SysWow64\wininet.dll
2010-11-02 05:57 . 2010-12-15 12:00        43520        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 12:00        1469440        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 12:00        71680        ----a-w-        c:\windows\SysWow64\iesetup.dll
2010-11-02 05:57 . 2010-12-15 12:00        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2010-11-02 05:25 . 2010-12-15 12:00        479232        ----a-w-        c:\windows\system32\html.iec
2010-11-02 05:01 . 2010-12-15 12:00        385024        ----a-w-        c:\windows\SysWow64\html.iec
2010-11-02 04:45 . 2010-12-15 12:00        162816        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-11-02 04:44 . 2010-12-15 12:00        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2010-11-02 04:26 . 2010-12-15 12:00        133632        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 12:00        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2010-10-28 16:29 . 2010-12-15 12:01        48128        ----a-w-        c:\windows\system32\atmlib.dll
2010-10-28 15:44 . 2010-12-15 12:01        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2010-10-28 14:05 . 2010-12-15 12:01        367104        ----a-w-        c:\windows\system32\atmfd.dll
2010-10-28 13:56 . 2010-12-15 12:00        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-10-28 13:27 . 2010-12-15 12:01        292352        ----a-w-        c:\windows\SysWow64\atmfd.dll
2010-10-28 13:20 . 2010-12-15 12:00        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2008-06-18 172032]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-10 0]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-2 1196048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R3 dump_wmimmc;dump_wmimmc;d:\flyff\GameGuard\dump_wmimmc.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\sisoftware sandra lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]
R3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\DRIVERS\yk60x64l.sys [2007-12-14 92160]
R3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\DRIVERS\yk60x64v.sys [2007-11-23 25088]
R3 Sound Blaster MB Licensing Service;Sound Blaster MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe [2008-10-14 79360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl [2008-06-18 32240]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2008-02-21 393728]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners

2011-01-24 c:\windows\Tasks\User_Feed_Synchronization-{660A2F38-EA1B-4456-9F77-936D0B0101C3}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-10-26 286752]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-29 5682688]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 374808]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 3040280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.intl.acer.yahoo.com/
mStart Page = hxxp://de.intl.acer.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kvab3347.Standard-Benutzer\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Wow6432Node-HKLM-Run-eRecoveryService - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2011-01-24  20:50:08
ComboFix-quarantined-files.txt  2011-01-24 19:50

Vor Suchlauf: 17 Verzeichnis(se), 19.091.755.008 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 18.989.166.592 Bytes frei

- - End Of File - - 948C67C970A6986566FE2C3E67E18F7A

cosinus 24.01.2011 21:34
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Demonish 24.01.2011 22:10
habe beide programme wie beschrieben ausgeführt allerdings habe ich bei GMER nach klicken auf Copy kein log bekommen


MBRCheck:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer:        Acer
BIOS Manufacturer:                AMI
System Manufacturer:                Acer
System Product Name:                Aspire G7700
Logical Drives Mask:                0x00000ffc

Kernel Drivers (total 149):
  0x02A5E000 \SystemRoot\system32\ntoskrnl.exe
  0x02A18000 \SystemRoot\system32\hal.dll
  0x0060A000 \SystemRoot\system32\kdcom.dll
  0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x0064F000 \SystemRoot\system32\PSHED.dll
  0x00663000 \SystemRoot\system32\CLFS.SYS
  0x006C0000 \SystemRoot\system32\CI.dll
  0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x008F6000 \SystemRoot\system32\drivers\acpi.sys
  0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
  0x0095F000 \SystemRoot\system32\drivers\pci.sys
  0x0098F000 \SystemRoot\System32\drivers\partmgr.sys
  0x009A4000 \SystemRoot\system32\drivers\volmgr.sys
  0x00772000 \SystemRoot\System32\drivers\volmgrx.sys
  0x009B8000 \SystemRoot\system32\drivers\nvrd64.sys
  0x00A0A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x00A36000 \SystemRoot\system32\drivers\pciide.sys
  0x00A3D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00A4D000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00A60000 \SystemRoot\system32\drivers\nvraid.sys
  0x00A83000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x00A8B000 \SystemRoot\system32\drivers\atapi.sys
  0x00A93000 \SystemRoot\system32\drivers\ataport.SYS
  0x00AB7000 \SystemRoot\system32\drivers\nvstor64.sys
  0x00AE1000 \SystemRoot\system32\drivers\storport.sys
  0x00B3E000 \SystemRoot\system32\DRIVERS\jraid.sys
  0x00B58000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x00B86000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00BCD000 \SystemRoot\system32\drivers\fileinfo.sys
  0x00C0C000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x00E03000 \SystemRoot\system32\drivers\ndis.sys
  0x00C93000 \SystemRoot\system32\drivers\msrpc.sys
  0x00CE3000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01003000 \SystemRoot\System32\drivers\tcpip.sys
  0x01179000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0120F000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0138F000 \SystemRoot\system32\drivers\wd.sys
  0x01397000 \SystemRoot\system32\drivers\volsnap.sys
  0x013DB000 \SystemRoot\System32\Drivers\spldr.sys
  0x013E3000 \SystemRoot\System32\Drivers\mup.sys
  0x011A5000 \SystemRoot\System32\drivers\ecache.sys
  0x011D1000 \SystemRoot\system32\drivers\disk.sys
  0x013F5000 \SystemRoot\system32\drivers\crcdisk.sys
  0x011EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x00FF0000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x00D3C000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x03A05000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x04697000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x04699000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x0477C000 \SystemRoot\System32\drivers\watchdog.sys
  0x0478C000 \SystemRoot\system32\DRIVERS\yk60x64.sys
  0x00D4F000 \SystemRoot\system32\DRIVERS\serial.sys
  0x047F1000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x00D6C000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x00D77000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x00DBD000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x00DCE000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x00DEA000 \SystemRoot\system32\Drivers\NTIDrvr.sys
  0x0480F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x048FC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x0490E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x0491E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x04927000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x04960000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0496D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x04990000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x0499C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x049CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x049DD000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x00BE1000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x009E4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x04800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x00DF2000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x049FB000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x04A0C000 \SystemRoot\system32\DRIVERS\ks.sys
  0x04A40000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x04A4B000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04A5B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x04AA3000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05000000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x0514A000 \SystemRoot\system32\drivers\portcls.sys
  0x05185000 \SystemRoot\system32\drivers\drmk.sys
  0x051A8000 \SystemRoot\system32\drivers\ksthunk.sys
  0x051AE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x051B8000 \SystemRoot\System32\Drivers\Null.SYS
  0x051CC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x051EA000 \SystemRoot\System32\drivers\vga.sys
  0x04AB7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x051C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x051D4000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x051DD000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x04ADC000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x04AED000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x04AF6000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x04B13000 \SystemRoot\system32\DRIVERS\smb.sys
  0x04B2E000 \SystemRoot\system32\drivers\afd.sys
  0x04B99000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x04BDD000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x007D8000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x05207000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x05222000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x0526F000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0527B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x05298000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x052B4000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x052B6000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x052D8000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x052E1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x052F3000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x05306000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x05311000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x05325000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x0533D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x05348000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x05396000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x053A4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x053AE000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
  0x00090000 \SystemRoot\System32\win32k.sys
  0x053D8000 \SystemRoot\System32\drivers\Dxapi.sys
  0x053E4000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00410000 \SystemRoot\System32\TSDDD.dll
  0x006B0000 \SystemRoot\System32\cdd.dll
  0x00FC6000 \SystemRoot\system32\drivers\luafv.sys
  0x0920F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x0922C000 \SystemRoot\system32\drivers\spsys.sys
  0x092C6000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x092DA000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x092F2000 \SystemRoot\system32\drivers\HTTP.sys
  0x09395000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x093BE000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x093DC000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x09A08000 \SystemRoot\system32\drivers\mrxdav.sys
  0x09A2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x09A58000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x09AA1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x09AC0000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x09AF2000 \SystemRoot\System32\DRIVERS\srv.sys
  0x09B86000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
  0x0A00A000 \SystemRoot\system32\drivers\peauth.sys
  0x0A0C0000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x0A0CB000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x0A0DB000 \??\C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl
  0x0A100000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x0A120000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x0A136000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x0A152000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x77940000 \Windows\System32\ntdll.dll

Processes (total 68):
      0 System Idle Process
      4 System
    464 C:\Windows\System32\smss.exe
    532 csrss.exe
    584 C:\Windows\System32\wininit.exe
    604 csrss.exe
    640 C:\Windows\System32\services.exe
    652 C:\Windows\System32\lsass.exe
    660 C:\Windows\System32\lsm.exe
    828 C:\Windows\System32\svchost.exe
    840 C:\Windows\System32\winlogon.exe
    932 C:\Windows\System32\nvvsvc.exe
    960 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    292 C:\Windows\System32\svchost.exe
    344 C:\Windows\System32\svchost.exe
    480 C:\Windows\System32\svchost.exe
    536 C:\Windows\System32\audiodg.exe
    632 C:\Windows\System32\svchost.exe
    656 C:\Windows\System32\SLsvc.exe
    512 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\svchost.exe
    1348 C:\Windows\System32\spoolsv.exe
    1376 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1400 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1416 C:\Windows\System32\svchost.exe
    1548 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1808 C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    1864 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    1892 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    1052 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1460 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2000 C:\Windows\System32\svchost.exe
    1824 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    2080 C:\Windows\System32\svchost.exe
    2128 C:\Windows\System32\svchost.exe
    2148 C:\Windows\System32\SearchIndexer.exe
    2448 WUDFHost.exe
    2620 C:\Windows\System32\taskeng.exe
    2880 C:\Windows\System32\nvvsvc.exe
    1260 C:\Windows\System32\dwm.exe
    812 C:\Windows\explorer.exe
    2780 C:\Windows\System32\taskeng.exe
    3408 C:\Program Files\Windows Defender\MSASCui.exe
    3416 C:\Windows\System32\nvraidservice.exe
    3424 C:\Windows\RAVCpl64.exe
    3468 WmiPrvSE.exe
    3480 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    3584 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    3704 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    3716 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    3724 C:\Program Files\Windows Sidebar\sidebar.exe
    3736 C:\Windows\ehome\ehtray.exe
    3784 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3840 C:\Windows\ehome\ehmsas.exe
    3880 C:\Windows\System32\wbem\unsecapp.exe
    3892 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    3920 C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe
    3956 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3984 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    2968 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    4500 C:\Windows\SysWOW64\svchost.exe
    4872 C:\Windows\System32\conime.exe
    3320 C:\Windows\System32\SearchProtocolHost.exe
    3940 C:\Windows\System32\SearchFilterHost.exe
    2932 dllhost.exe
    1948 dllhost.exe
    3440 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000005`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000013`f7800000  (NTFS)

PhysicalDrive2 Model Number: WDC WD1500HLFS-01G6U, Rev: 04.0
PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
PhysicalDrive1 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

      Size  Device Name          MBR Status
  --------------------------------------------
    139 GB  \\.\PhysicalDrive2  RE: Acer MBR code detected
            SHA1: D0A1D48D923816C1D3F4541365161CF9C2B53818
    596 GB  \\.\PhysicalDrive0  RE: Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    596 GB  \\.\PhysicalDrive1  RE: Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 24.01.2011 22:20
Sieht ok aus. gabs bei GMER irgendetwas Nennenswertes?

Demonish 24.01.2011 22:21
nein bei GMER wurde nichts gefunden

cosinus 24.01.2011 22:23
Gut. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Demonish 25.01.2011 01:44
nach einer kleinen verzögerung hier nun die logs und so wies aussieht läuft der pc besser wie vorher auch wenn ich nicht wirklich ne ahnung davon habe was wir hier gemacht haben^^

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5592

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

25.01.2011 01:38:25
mbam-log-2011-01-25 (01-38-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|J:\|K:\|L:\|)
Durchsuchte Objekte: 317256
Laufzeit: 21 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/25/2011 at 01:09 AM

Application Version : 4.48.1000

Core Rules Database Version : 6264
Trace Rules Database Version: 4076

Scan type      : Complete Scan
Total Scan Time : 01:09:37

Memory items scanned      : 591
Memory threats detected  : 0
Registry items scanned    : 11274
Registry threats detected : 0
File items scanned        : 168556
File threats detected    : 0

cosinus 25.01.2011 08:41
Sieht ok aus, keie Funde.
Rechner wieder ok? :)

Demonish 25.01.2011 15:50
jop rechner ok läuft besser wie vorher danke für die hilfe

cosinus 25.01.2011 19:35
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131