Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   tr/kazy.mekml.1 (https://www.trojaner-board.de/97782-tr-kazy-mekml-1-a.html)

s0ny 21.04.2011 03:29

tr/kazy.mekml.1
 
Hallo,

habe mir wahrscheinlich auch den tr/kazy.mekml.1 eingefangen.

Antivir spuckt diese Meldung aus, schwarzer Bildschirm, kein Zugriff auf eigene Dateien und ständige Fehlermeldungen meine Festplatte sei defekt!

Hier meine OTL-Logs:
OTL.txt
Code:

OTL logfile created on: 21.04.2011 03:18:45 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47,31 Gb Total Space | 11,26 Gb Free Space | 23,80% Space Free | Partition Type: NTFS
Drive D: | 179,72 Gb Total Space | 2,74 Gb Free Space | 1,53% Space Free | Partition Type: NTFS
Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.21 03:08:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
PRC - [2011.04.21 02:45:48 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe
PRC - [2011.03.24 17:05:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.05.25 19:53:50 | 002,155,848 | ---- | M] () -- D:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 14:03:47 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.24 14:03:45 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.06.12 14:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 00:33:32 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.19 00:33:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.09.27 03:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2007.09.11 16:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.07 15:38:42 | 000,561,152 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe
PRC - [2007.04.04 00:29:15 | 000,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe
PRC - [2007.03.22 14:06:10 | 000,028,672 | ---- | M] () -- C:\Programme\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
PRC - [2007.03.09 16:17:06 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007.03.07 14:01:18 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.02.27 20:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.27 19:57:56 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.02.27 14:31:34 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.01.30 17:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
PRC - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.10.23 00:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Programme\Syncrosoft\POS\H2O\cledx.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.21 03:08:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (LiveUpdate Notice Ex)
SRV - [2011.03.30 21:43:13 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2010.07.25 08:26:02 | 000,884,736 | -H-- | M] () [Auto | Stopped] -- C:\Users\Basti\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010.05.25 19:53:50 | 002,155,848 | ---- | M] () [Auto | Running] -- D:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2008.10.24 14:03:47 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.24 14:03:45 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService)
SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.10.15 05:29:31 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.05.31 10:56:18 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.31 10:56:14 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.31 10:56:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009.01.30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.30 14:08:50 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.06.25 07:37:00 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.30 00:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.07 10:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.03.01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.02.28 22:27:06 | 000,041,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.12.22 05:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.17 10:57:00 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2006.10.18 08:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.08.01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.11.01 05:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 17:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 17:05:39 | 000,000,000 | ---D | M]
 
[2009.03.09 10:10:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2011.04.20 14:02:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions
[2010.06.28 18:11:26 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.03 19:10:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2011.03.11 00:43:23 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.03 20:04:54 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\firefox@tvunetworks.com
[2009.05.06 23:43:10 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\moveplayer@movenetworks.com
[2009.03.09 10:11:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\toolbar_extras@de.yahoo.com
[2010.08.15 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.15 19:24:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.03.09 09:43:37 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2009.04.07 23:28:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.08.15 19:24:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.10 01:18:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.10 01:18:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.10 01:18:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.10 01:18:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.10 01:18:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [AveoKeySti]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cmds]  File not found
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [MSServer]  File not found
O4 - HKCU..\Run: [Smart Antivirus-2009.exe]  File not found
O4 - HKCU..\Run: [UEBeSifOsb] C:\ProgramData\UEBeSifOsb.exe (WinTrust)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: msn.com ([zone] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.205.211 192.168.205.212
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Basti\Pictures\pamela_anderson_wallpaper_1024x768_003.jpg
O24 - Desktop BackupWallPaper: C:\Users\Basti\Pictures\pamela_anderson_wallpaper_1024x768_003.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{257c9a53-a34a-11dd-914c-0019db99ae46}\Shell - "" = AutoRun
O33 - MountPoints2\{257c9a53-a34a-11dd-914c-0019db99ae46}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{257c9a53-a34a-11dd-914c-0019db99ae46}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\{9aea7971-e0db-11dd-8e18-0019db99ae46}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{9aea7971-e0db-11dd-8e18-0019db99ae46}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O33 - MountPoints2\{bfd3ff16-8b50-11dd-8d16-0019db99ae46}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe UTELIAS.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 03:22:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 03:22:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.21 03:21:57 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.21 03:08:02 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2011.04.21 02:45:49 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe
[2011.04.13 12:14:36 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 12:14:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 12:14:33 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 12:14:32 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 12:14:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 12:14:23 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.13 12:14:22 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 12:14:22 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 12:14:22 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.13 12:14:21 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.13 12:14:21 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 12:14:21 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.13 12:14:21 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 12:14:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.13 12:14:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.13 12:14:18 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 12:14:16 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.13 12:14:16 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.29 21:07:19 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Documents\wohnung
[2011.03.29 20:37:40 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Documents\PIXMA_MX850_MANUAL
[2011.03.27 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX850 series Benutzerregistrierung
[2011.03.27 19:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX850 series
[2011.03.27 19:02:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011.03.27 19:01:04 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011.03.27 18:57:20 | 000,223,744 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM98.DLL
[2011.03.27 18:56:01 | 000,204,800 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC850L.DLL
[2011.03.27 18:56:01 | 000,188,416 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNC850O.DLL
[2011.03.27 18:56:01 | 000,098,304 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC850I.DLL
[2011.03.27 18:56:00 | 001,339,392 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC850C.DLL
[2011.03.27 18:55:55 | 000,106,496 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFMSf.EXE
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfUS.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfTW.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfTR.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfTH.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfSE.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfRU.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfPT.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfPL.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfNO.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfKR.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfIT.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfID.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfHU.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfGR.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfFR.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfFI.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfES.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfDK.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfDE.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfCZ.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfCN.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfAR.DLL
[2011.03.27 18:55:55 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfJP.DLL
[2011.03.27 18:55:54 | 000,156,160 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCF2Lf.DLL
[2011.03.27 18:55:42 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ
[2011.03.27 18:55:28 | 000,363,520 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPPM.DLL
[2011.03.27 18:55:28 | 000,143,360 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL
[2011.03.27 18:54:49 | 000,000,000 | ---D | C] -- C:\Programme\Canon
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 03:22:37 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 03:22:00 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.21 03:12:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 03:12:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 03:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 03:08:13 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2011.04.21 02:48:57 | 000,102,035 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.21 02:45:48 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe
[2011.04.21 00:05:08 | 000,102,035 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.20 13:53:27 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8D3263E7-530E-4AF9-89AC-C8AF1A32D293}.job
[2011.04.15 14:24:59 | 000,206,848 | -H-- | M] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.14 03:37:04 | 000,363,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 03:07:57 | 000,670,934 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.14 03:07:57 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.14 03:07:57 | 000,143,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.14 03:07:57 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.29 20:37:21 | 014,389,179 | -H-- | M] () -- C:\Users\Basti\Documents\PIXMA_MX850_MANUAL.zip
[2011.03.27 19:08:54 | 000,086,432 | -H-- | M] () -- C:\Users\Basti\Documents\ausbi67.ods
[2011.03.27 19:08:46 | 000,085,941 | -H-- | M] () -- C:\Users\Basti\Documents\ausbi65.ods
[2011.03.27 19:08:38 | 000,086,983 | -H-- | M] () -- C:\Users\Basti\Documents\ausbi66.ods
[2011.03.27 19:06:11 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX850 series Benutzerregistrierung.LNK
[2011.03.27 16:30:35 | 000,107,520 | -H-- | M] () -- C:\Users\Basti\Documents\ausbinachweis.xlt
[2011.03.22 17:11:42 | 000,007,592 | -H-- | M] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 03:22:37 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.29 20:36:18 | 014,389,179 | -H-- | C] () -- C:\Users\Basti\Documents\PIXMA_MX850_MANUAL.zip
[2011.03.27 19:06:11 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX850 series Benutzerregistrierung.LNK
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL
[2011.03.27 16:57:05 | 000,086,432 | -H-- | C] () -- C:\Users\Basti\Documents\ausbi67.ods
[2011.03.27 16:50:54 | 000,086,983 | -H-- | C] () -- C:\Users\Basti\Documents\ausbi66.ods
[2011.03.27 16:50:45 | 000,085,941 | -H-- | C] () -- C:\Users\Basti\Documents\ausbi65.ods
[2011.03.27 16:30:34 | 000,107,520 | -H-- | C] () -- C:\Users\Basti\Documents\ausbinachweis.xlt
[2010.08.25 10:43:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.03.09 15:45:51 | 000,164,193 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.03.09 15:45:36 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009.09.09 17:31:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.29 15:25:52 | 000,007,592 | -H-- | C] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat
[2009.05.12 10:12:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
[2009.04.11 16:03:57 | 000,000,020 | ---- | C] () -- C:\Windows\powerlist.ini
[2009.04.11 15:44:37 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2009.04.11 15:43:57 | 000,000,829 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009.04.11 15:43:57 | 000,000,412 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009.03.09 15:36:08 | 000,102,035 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009.03.09 15:36:08 | 000,102,035 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.12.02 19:48:48 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.12.02 19:48:37 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.12.02 19:48:29 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.11.28 02:15:17 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.05 01:25:51 | 000,206,848 | -H-- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.06 23:44:41 | 000,075,069 | -H-- | C] () -- C:\Users\Basti\AppData\Roaming\nvModes.001
[2008.07.06 23:44:40 | 000,075,069 | -H-- | C] () -- C:\Users\Basti\AppData\Roaming\nvModes.dat
[2007.09.02 07:37:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2007.09.02 07:37:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 17:33:31 | 000,670,934 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,143,888 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,363,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,631,636 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,118,262 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

Extras.txt
Code:

OTL Extras logfile created on: 21.04.2011 03:41:01 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47,31 Gb Total Space | 11,11 Gb Free Space | 23,48% Space Free | Partition Type: NTFS
Drive D: | 179,72 Gb Total Space | 2,74 Gb Free Space | 1,53% Space Free | Partition Type: NTFS
Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\Basti\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0480238D-A439-4BBC-89BE-8D84DD82B9E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{0CEEBE93-4ED9-48EB-A444-F6AFF087E0EA}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{10176D6B-3C9A-4EF0-A73B-CA3F9ADBCA9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14EA2ABE-8687-40AB-88DB-379553C89D98}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16FC42EC-F47D-4776-A9E8-322E81B607B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1CF57C01-0B7D-4DA6-982A-B7E9E0488776}" = lport=50001 | protocol=6 | dir=in | name=vuze |
"{2D4E0BBE-BE7B-4A4F-8E4C-42CC35BBDEED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B0D828B-D1C4-4518-9897-A1AE8EC89FE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E6C8C36-28C2-4688-8BAC-A058B75D3C9E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{435C7F28-3AF6-4191-B2F0-BDCF83CE3D06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48690AC3-3002-43EE-8B2D-DEC79F8A1FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{4A02DC9F-4706-4C6A-8B64-28D2005F1E42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6663AA09-EE6F-433E-ADFA-611061FF7264}" = rport=10244 | protocol=6 | dir=out | app=system |
"{66D624CC-8AD4-44E7-9644-16C4445A1241}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68D09A99-649C-4B8D-998F-D102F74E22E2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74943D2A-320B-41AE-BBB9-999FD4340CB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{785C353D-AA32-458D-ADC0-8FE2808B5347}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7A51C5B3-3C9A-4B5D-83AD-A72B78C859A3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{7F68F46F-2100-484C-9A5E-1C486CA0E4CA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{8752B766-2AFC-41B8-9811-7EEA6D4BC344}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8EF7ACDC-E5F9-4715-A540-870F5F171AFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{90EC38E8-6D35-4DBC-A7D0-FF90A0EF7704}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{917F1CEB-D2D8-4ACC-95B9-E469B79C5692}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9405977B-AF36-4958-A0EF-FAA105692365}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{94533F7A-49A5-4A01-A1A4-563EF992D488}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A1402820-8DC9-469C-9493-6B47510D4D04}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A1F27024-27CA-46DA-B105-DC424F7E1750}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A6A37339-7143-45F6-93C3-4D9CF6670A42}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AADB7CA4-B33C-4DC9-8F7C-3628EF5D4906}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAFD726B-0064-43A6-8DC2-C29525722BEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BC90D045-1A35-415B-9740-4D4C69F3859D}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{D0573E56-1291-48F3-916D-A1A76A429163}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D6915033-CE42-453F-B5E3-FFF11623E397}" = lport=3390 | protocol=6 | dir=in | app=system |
"{DB2FA487-7C5A-4387-8A73-A84F6435BB1C}" = lport=50001 | protocol=17 | dir=in | name=vuzeudp |
"{DC039100-8836-4E52-9C74-CFCCF1FCFC76}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DCB48DAC-8033-4DED-8D68-A4EB20A32E6D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{DDB6495B-1564-4D68-AADE-43A730F15E3A}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{E13BBC2B-1EE4-4AA6-A967-5F7E630E0DC4}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{F5334E2A-414A-405D-BB74-05CB3F7941C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F78E9F03-AD05-443A-9311-3B939C97BC72}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013BD9BC-540B-4FC1-9BD7-27A95CFBAA1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0760B0C7-3119-47B6-B571-4BA89AC2BFFB}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{0C94A18E-9B3A-45E9-AEB7-C7EF43D08070}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{2C55B68C-99D6-4B7E-8547-4668A161F0D1}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{31E216C4-332A-406E-90EB-FDFE3DB4003A}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{3D8009F9-66E8-4F31-956F-5210050FBB20}" = protocol=17 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"{3DBA5B88-D456-4B1B-B3E2-D5367EFADEBE}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{458BF580-CB93-4DC9-B32D-FF2B588F9ED2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{517C3996-CAF0-4C52-9D91-BC5647153A52}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{75014B41-C0BF-47DA-99EB-E624F6638FC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BBDF974-EF4C-44F4-AD49-53EEEFEC33B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F44CB82-B290-4741-951E-548B1F2B8FD7}" = protocol=6 | dir=in | app=d:\call of duty - world at war\codwawmp.exe |
"{99C17028-F6C6-46DE-AA02-1E28F78072C6}" = protocol=6 | dir=in | app=c:\users\basti\appdata\local\tversity\media server\mediaserver.exe |
"{9ADA5464-5E57-452D-A8E4-63756EF73AE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D77A592-11CF-44B3-A76B-D38D0DDD8F7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9ED7FCDC-6F4F-4D91-9747-965015E41069}" = protocol=6 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"{A0D955D3-1D1A-4F12-A255-13113B61BCA8}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{A6A2206A-8EDC-4FF7-82D5-C509FA43B009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA37E326-1306-4127-8A4C-1CEF576726B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AB610899-5CBD-4F21-9E3C-5855E2EB0070}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AB8C0860-F581-401A-AD73-D0F6DE69EB67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B09EAC25-88C6-4C93-9ECF-4741F525CD92}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{B0B5BA1B-F4D3-46D5-90A0-05CE25717085}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1609969-BEA3-4725-BBB0-2B160CDA20F9}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{BC141F76-40BB-4673-A0D6-04604A9DDA9D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{BCF2C58F-9FA7-451B-BB38-F78752A05475}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C90D13C4-D0AF-49C0-BEE8-0260CBEEA456}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"{CEF1E102-F108-45F1-AD70-BAD9B904F686}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{D3832025-A589-4F0D-877A-CEAA160F765E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4258166-D00E-4785-9286-17AA09A01CE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCD0F455-EA11-4C75-87B0-8649F2A72622}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{E1E749EA-C830-4C97-A757-351DF17A1A3D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E57BBC30-7B60-40B2-8F42-48D99522B74C}" = protocol=17 | dir=in | app=c:\users\basti\appdata\local\tversity\media server\mediaserver.exe |
"{E77089A5-087B-4D50-BB08-9A30FEB42139}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{F0995D43-341C-4140-85F3-3A961A80F153}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3B917CF-9E3D-4ECC-AAA7-AE4E92A35279}" = protocol=6 | dir=out | app=system |
"{FDBEC566-A783-468E-8D59-E5F224F0F64B}" = protocol=17 | dir=in | app=d:\call of duty - world at war\codwawmp.exe |
"TCP Query User{11864471-F79F-4726-9615-A4AA9C07BA2C}D:\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\electronic arts\eadm\core.exe |
"TCP Query User{27C7DD88-072E-4A39-96CE-A4BF54815C8C}D:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=d:\program files\vuze\azureus.exe |
"TCP Query User{3AF0B694-6DD0-44CE-90F6-003DDC190CDE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4B033598-C7E1-41A4-BE04-A642C846E292}D:\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\electronic arts\eadm\core.exe |
"TCP Query User{58971C0B-F701-462A-8462-D2DB83A94DBE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{66A8E826-0BEF-4EBA-94F7-512EB7DE1FC3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D12808A3-6582-45D7-B8C4-2F6FEBBA2917}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D6DE786D-1C09-4E64-8AD4-CDAA8E10413C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FE28C814-1C12-48EB-A445-AC8B819989B0}D:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=d:\program files\vuze\azureus.exe |
"UDP Query User{07DB2828-EB82-44B6-9D92-3F577FDDB594}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1407F657-A510-4803-9209-8C3EE32CC405}D:\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\electronic arts\eadm\core.exe |
"UDP Query User{323E3039-3CBB-4D94-8E70-955B0ED29CEF}D:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=d:\program files\vuze\azureus.exe |
"UDP Query User{3F43C682-71B6-4584-9F97-F34298307D9F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{478DECA8-3DB5-499D-99A8-AF9474F4B180}D:\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\electronic arts\eadm\core.exe |
"UDP Query User{6D3FAD3B-91E8-409E-8624-617616CA2E81}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{841738A0-A188-4901-873C-E6F8597F04EC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{94895169-7EE6-4AE1-803D-011FFB25C8AA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E1B666E7-F5C2-4A4C-8D78-B236A23DAF7F}D:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=d:\program files\vuze\azureus.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis*Disk*Director*Home
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B727BD4D-0C42-43F7-AC60-4AFBDDC732BD}" = FlexPoints 2.01
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"AC3Filter" = AC3Filter (remove only)
"Achtung, die Kurve!" = Achtung, die Kurve!
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AskSBar Uninstall" = Ask Toolbar
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Explorer Suite_is1" = Explorer Suite III
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Next Generation Graphic Patch Update" = Next Generation Graphic Patch Update
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PPStream" = PPStream
"SopCast" = SopCast 3.2.4
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SystemRequirementsLab" = System Requirements Lab
"The Magic Fireplace Screensaver 1.4_is1" = The Magic Fireplace Screensaver 1.4
"TVAnts 1.0" = TVAnts 1.0
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"Vuze" = Vuze
"Wave Editor_is1" = Wave Editor 3.1.0.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"World Series of Poker 2008" = World Series of Poker 2008: Battle for the Bracelets
"YDKJV2" = YOU DON'T KNOW JACK Volume 2
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
"Zatacka_is1" = Zatacka 0.1.7
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.12.2010 12:52:34 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x03a84730,  Prozess-ID 0xe78,
Anwendungsstartzeit 01cb9f9bf1b11553.
 
Error - 19.12.2010 14:49:54 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x079a4733,  Prozess-ID 0xca4,
Anwendungsstartzeit 01cb9f8737b6daa7.
 
Error - 19.12.2010 15:02:54 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x08884730,  Prozess-ID 0x1338,
 Anwendungsstartzeit 01cb9fad89e9cdb8.
 
Error - 01.01.2011 16:28:10 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MGSysCtrl.exe, Version 1.2.9.0, Zeitstempel
0x46e10001, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xd58, Anwendungsstartzeit
 01cba9d5d1220cd6.
 
Error - 04.01.2011 13:50:18 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MGSysCtrl.exe, Version 1.2.9.0, Zeitstempel
0x46e10001, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xf50, Anwendungsstartzeit
 01cbac19603d732f.
 
Error - 11.02.2011 15:04:10 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cledx.exe, Version 0.3.1412.777, Zeitstempel
 0x427ec9c6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x004605d2,  Prozess-ID 0x678, Anwendungsstartzeit
 01cbca1e3cf7025a.
 
Error - 11.02.2011 15:21:26 | Computer Name = Basti-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 11.02.2011 15:21:26 | Computer Name = Basti-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 10.03.2011 05:09:23 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cledx.exe, Version 0.3.1412.777, Zeitstempel
 0x427ec9c6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x004605d2,  Prozess-ID 0xf14, Anwendungsstartzeit
 01cbdf02cd57eb7f.
 
Error - 27.03.2011 13:01:29 | Computer Name = Basti-PC | Source = Application Hang | ID = 1002
Description = Programm SETUP.EXE, Version 1.3.0.60 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 548  Anfangszeit: 01cbec9fc7cbe1ac  Zeitpunkt der Beendigung:
 0
 
[ Media Center Events ]
Error - 18.08.2010 14:28:43 | Computer Name = Basti-PC | Source = Mcx2Dvcs | ID = 401
Description =
 
Error - 18.08.2010 14:35:02 | Computer Name = Basti-PC | Source = McrMgr | ID = 107
Description =
 
Error - 24.08.2010 07:10:09 | Computer Name = Basti-PC | Source = McrMgr | ID = 107
Description =
 
Error - 24.08.2010 07:18:24 | Computer Name = Basti-PC | Source = McrMgr | ID = 108
Description =
 
Error - 24.08.2010 07:18:24 | Computer Name = Basti-PC | Source = McrMgr | ID = 108
Description =
 
Error - 24.08.2010 07:18:39 | Computer Name = Basti-PC | Source = McrMgr | ID = 100
Description =
 
Error - 24.08.2010 07:18:39 | Computer Name = Basti-PC | Source = McrMgr | ID = 107
Description =
 
[ System Events ]
Error - 09.12.2009 12:26:04 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.12.2009 12:58:37 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.12.2009 16:48:17 | Computer Name = Basti-PC | Source = DCOM | ID = 10010
Description =
 
Error - 11.12.2009 08:39:29 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 11.12.2009 09:06:37 | Computer Name = Basti-PC | Source = DCOM | ID = 10010
Description =
 
Error - 11.12.2009 09:09:25 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 12.12.2009 07:18:20 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 12.12.2009 11:42:49 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 14.12.2009 02:35:30 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 14.12.2009 10:37:16 | Computer Name = Basti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.12.2009 um 08:49:03 unerwartet heruntergefahren.
 
 
< End of report >

Habe da ein paar im Auge, aber bin wahrlich kein Experte:
C:\ProgramData\UEBeSifOsb.exe
C:\Users\Basti\AppData\Local\d3d9caps.dat
C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\ezsidmv.dat

Bekomme außerdem ab und zu eine Meldung von Antivir, dass eine 40230664.exe zugreifen möchte.

Bin über jede Hilfe dankbar! Vielen Dank im Voraus!

kira 21.04.2011 07:24

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:

  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:

:OTL
PRC - [2011.04.21 02:45:48 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKCU..\Run: [Smart Antivirus-2009.exe]  File not found

:Files
C:\ProgramData\UEBeSifOsb.exe

:Commands
[purity]
[emptytemp]


2.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:

Malwarebytes
3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow

s0ny 21.04.2011 14:13

Vielen Dank für die schnelle Hilfe!

Das hat OTL nach dem Neustart ausgespuckt:

Code:

All processes killed
========== OTL ==========
No active process named UEBeSifOsb.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
File C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.
File C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Smart Antivirus-2009.exe deleted successfully.
========== FILES ==========
File move failed. C:\ProgramData\UEBeSifOsb.exe scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Basti
->Temp folder emptied: 712105557 bytes
->Temporary Internet Files folder emptied: 176970532 bytes
->Java cache emptied: 102291907 bytes
->FireFox cache emptied: 107793376 bytes
->Flash cache emptied: 11451304 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1
->Temp folder emptied: 28876 bytes
->Temporary Internet Files folder emptied: 365997 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 173919 bytes
%systemroot%\System32 .tmp files removed: 1249280 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1793720513 bytes
RecycleBin emptied: 1576716085 bytes
 
Total Files Cleaned = 4.275,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_150201

Files\Folders moved on Reboot...
File\Folder C:\ProgramData\UEBeSifOsb.exe not found!

Registry entries deleted on Reboot...

Malwarebytes-Ergebnis folgt gleich..

s0ny 21.04.2011 15:57

So, hier das Malwarebytes-Ergebnis:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.04.2011 16:55:50
mbam-log-2011-04-21 (16-55-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 316703
Laufzeit: 1 Stunde(n), 24 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Smart Antivirus 2009 (Rogue.SmartAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Value: cmds -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\downloads\programme\Download\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Not selected for removal.
d:\downloads\programme\Download\cryptload\router\fritz!box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
c:\Users\Basti\AppData\Roaming\microsoft\internet explorer\quick launch\smart antivirus-2009.lnk (Rogue.SmartAntiVirus) -> Quarantined and deleted successfully.

Edit:

und schließlich noch die hjtscanlist:
Code:


                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.0.6001]
 
 
C:

      C:\pagefile.sys ---------   
  21.04.2011 15:06    C:\Windows --------- 28672 
  21.04.2011 15:03    C:\ProgramData --------- 8192 
  21.04.2011 03:22    C:\Program Files --------- 24576 
  20.04.2011 16:04    C:\System Volume Information --------- 16384 
  14.04.2011 03:35    C:\Config.Msi --------- 0 
  18.08.2010 20:29    C:\Users --------- 4096 
  03.02.2010 17:56    C:\IO.SYS --------- 0 
  03.02.2010 17:56    C:\MSDOS.SYS --------- 0 
  09.03.2009 15:30    C:\NVIDIA --------- 0 
  28.11.2008 02:45    C:\Boot --------- 4096 
  28.11.2008 02:35    C:\PerfLogs --------- 0 
  28.11.2008 02:10    C:\16b0a3b01fc182f98d3a611bb32fd9 --------- 0 
  30.08.2008 14:28    C:\test.log --------- 54178 
  04.07.2008 17:25    C:\$Recycle.Bin --------- 4096 
  04.07.2008 17:23    C:\Programme --------- 0 
  04.07.2008 17:23    C:\Dokumente und Einstellungen --------- 0 
  09.05.2008 01:22    C:\aol --------- 0 
  09.05.2008 01:20    C:\RECYCLER --------- 0 
  19.01.2008 00:45    C:\bootmgr --------- 333203 
  02.09.2007 08:31    C:\MSOCache --------- 0 
  02.09.2007 07:45    C:\deviceInfo.txt --------- 14469 
  02.09.2007 07:02    C:\Intel --------- 0 
  02.09.2007 00:02    C:\BOOTSECT.BAK --------- 8192 
  02.11.2006 15:02    C:\Documents and Settings --------- 0 
  18.09.2006 23:43    C:\config.sys --------- 10 
  18.09.2006 23:43    C:\autoexec.bat --------- 24 
  01.01.2005 01:07    C:\Bios --------- 0 
----------------------------------------

 
C:\Windows

  21.04.2011 17:04    C:\Windows\bootstat.dat --------- 67584 
  21.04.2011 17:08    C:\Windows\WindowsUpdate.log --------- 1117149 
  21.04.2011 02:48    C:\Windows\PFRO.log --------- 90638 
  01.04.2011 01:09    C:\Windows\setupact.log --------- 33883 
  16.11.2010 14:23    C:\Windows\win.ini --------- 179 
  15.10.2010 22:09    C:\Windows\ie8_main.log --------- 2067 
  09.03.2010 16:08    C:\Windows\hpoins19.dat --------- 164193 
  09.03.2010 15:49    C:\Windows\DPINST.LOG --------- 56122 
  25.11.2009 18:01    C:\Windows\msxml4-KB973688-enu.LOG --------- 271828 
  14.11.2009 21:28    C:\Windows\DirectX.log --------- 385630 
  11.04.2009 16:49    C:\Windows\psnetwork.ini --------- 829 
  11.04.2009 16:49    C:\Windows\powerplayer.ini --------- 412 
  11.04.2009 16:49    C:\Windows\msgtn.ini --------- 13 
  11.04.2009 16:04    C:\Windows\powerlist.ini --------- 20 
  02.03.2009 19:41    C:\Windows\DIFxAPI.dll --------- 319456 
  18.02.2009 22:21    C:\Windows\avmsysnet.log --------- 107 
  18.02.2009 22:18    C:\Windows\avmadd321.log --------- 2536 
  18.02.2009 22:18    C:\Windows\avmadd32.log --------- 2840 
  28.11.2008 02:45    C:\Windows\WindowsShell.Manifest --------- 749 
  28.11.2008 02:43    C:\Windows\DtcInstall.log --------- 3297 
  28.11.2008 02:23    C:\Windows\SPInstall.etl --------- 196608 
  14.11.2008 04:00    C:\Windows\msxml4-KB954430-enu.LOG --------- 281072 
  29.10.2008 08:29    C:\Windows\explorer.exe --------- 2927104 
  04.07.2008 23:20    C:\Windows\TSSysprep.log --------- 3540 
  19.01.2008 00:33    C:\Windows\regedit.exe --------- 134656 
  19.01.2008 00:33    C:\Windows\notepad.exe --------- 151040 
  19.01.2008 00:33    C:\Windows\HelpPane.exe --------- 498176 
  19.01.2008 00:33    C:\Windows\fveupdate.exe --------- 13312 
  19.01.2008 00:33    C:\Windows\bfsvc.exe --------- 58880 
  02.09.2007 19:40    C:\Windows\bcdtmp.cmd --------- 165 
  02.09.2007 08:02    C:\Windows\csup.txt --------- 10 
  02.09.2007 07:20    C:\Windows\HideWin.exe --------- 315392 
  02.09.2007 06:54    C:\Windows\msxml4-KB936181-deu.LOG --------- 411380 
  13.03.2007 21:50    C:\Windows\hpomdl19.dat --------- 26952 
  02.01.2007 18:27    C:\Windows\Twunk_16.dll --------- 12288 
  02.01.2007 18:27    C:\Windows\Twunk_32.dll --------- 12288 
  02.11.2006 14:52    C:\Windows\setuperr.log --------- 0 
  02.11.2006 14:47    C:\Windows\SETUPAPI.LOG --------- 94 
  02.11.2006 14:35    C:\Windows\WMSysPr9.prx --------- 316640 
  02.11.2006 14:34    C:\Windows\twunk_16.exe --------- 49680 
  02.11.2006 14:34    C:\Windows\twunk_32.exe --------- 31232 
  02.11.2006 14:34    C:\Windows\twain_32.dll --------- 50688 
  02.11.2006 14:34    C:\Windows\twain.dll --------- 94784 
  02.11.2006 11:45    C:\Windows\winhlp32.exe --------- 9216 
  02.11.2006 11:45    C:\Windows\hh.exe --------- 14848 
  02.11.2006 09:46    C:\Windows\mib.bin --------- 43131 
  26.10.2006 07:08    C:\Windows\agrsmdel.exe --------- 50752 
  19.09.2006 13:41    C:\Windows\HomePremium.xml --------- 8328 
  18.09.2006 23:46    C:\Windows\system.ini --------- 219 
  18.09.2006 23:43    C:\Windows\_default.pif --------- 707 
  18.09.2006 23:43    C:\Windows\winhelp.exe --------- 256192 
  18.09.2006 23:30    C:\Windows\msdfmap.ini --------- 1405 
  11.12.2002 20:11    C:\Windows\WMPrfDEU.prx --------- 33820 
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------

 
C:\Windows\System32

 21.04.2011 17:04    C:\Windows\system32\TVersityMediaServer.log --------- 485 
 21.04.2011 17:04    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3168 
 21.04.2011 17:04    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3168 
 21.04.2011 17:03    C:\Windows\system32\drivers --------- 65536 
 14.04.2011 03:37    C:\Windows\system32\FNTCACHE.DAT --------- 363352 
 14.04.2011 03:17    C:\Windows\system32\catroot --------- 4096 
 14.04.2011 03:17    C:\Windows\system32\catroot2 --------- 8192 
 14.04.2011 03:07    C:\Windows\system32\perfh009.dat --------- 631636 
 14.04.2011 03:07    C:\Windows\system32\perfc009.dat --------- 118262 
 14.04.2011 03:07    C:\Windows\system32\perfh007.dat --------- 670934 
 14.04.2011 03:07    C:\Windows\system32\perfc007.dat --------- 143888 
 14.04.2011 03:07    C:\Windows\system32\PerfStringBackup.INI --------- 1581174 
 14.04.2011 03:03    C:\Windows\system32\mrt.exe --------- 39828936 
 27.03.2011 19:01    C:\Windows\system32\CanonIJ Uninstaller Information --------- 0 
 10.03.2011 18:12    C:\Windows\system32\mfc42u.dll --------- 1161728 
 10.03.2011 18:12    C:\Windows\system32\mfc42.dll --------- 1136640 
 03.03.2011 17:00    C:\Windows\system32\inetcomm.dll --------- 738816 
 03.03.2011 14:53    C:\Windows\system32\win32k.sys --------- 2040832 
 02.03.2011 16:49    C:\Windows\system32\dnsrslvr.dll --------- 86528 
 02.03.2011 16:49    C:\Windows\system32\dnsapi.dll --------- 167936 
 18.02.2011 17:48    C:\Windows\system32\wininet.dll --------- 833024 
 18.02.2011 17:48    C:\Windows\system32\urlmon.dll --------- 1174528 
 18.02.2011 17:47    C:\Windows\system32\occache.dll --------- 146432 
 18.02.2011 17:46    C:\Windows\system32\mstime.dll --------- 671232 
 18.02.2011 17:45    C:\Windows\system32\mshtmled.dll --------- 476672 
 18.02.2011 17:45    C:\Windows\system32\mshtml.dll --------- 3592704 
 18.02.2011 17:45    C:\Windows\system32\msfeeds.dll --------- 467456 
 18.02.2011 17:45    C:\Windows\system32\jsproxy.dll --------- 28160 
 18.02.2011 17:45    C:\Windows\system32\iertutil.dll --------- 270848 
 18.02.2011 17:45    C:\Windows\system32\iepeers.dll --------- 193024 
 18.02.2011 17:45    C:\Windows\system32\ieframe.dll --------- 6078464 
 18.02.2011 17:45    C:\Windows\system32\ieencode.dll --------- 78336 
 18.02.2011 17:45    C:\Windows\system32\iedkcs32.dll --------- 389120 
 18.02.2011 17:45    C:\Windows\system32\ieapfltr.dll --------- 380928 
 18.02.2011 17:45    C:\Windows\system32\ieaksie.dll --------- 230400 
 18.02.2011 16:09    C:\Windows\system32\html.iec --------- 389632 
 18.02.2011 15:48    C:\Windows\system32\mshtml.tlb --------- 1383424 
 16.02.2011 17:35    C:\Windows\system32\vbscript.dll --------- 430080 
 16.02.2011 17:32    C:\Windows\system32\jscript.dll --------- 512000 
 16.02.2011 17:29    C:\Windows\system32\atmlib.dll --------- 34304 
 16.02.2011 15:24    C:\Windows\system32\atmfd.dll --------- 292864 
 02.02.2011 18:11    C:\Windows\system32\MpSigStub.exe --------- 222080 
 21.01.2011 17:46    C:\Windows\system32\shlwapi.dll --------- 351744 
 21.01.2011 17:46    C:\Windows\system32\shell32.dll --------- 11582464 
 29.12.2010 19:41    C:\Windows\system32\sbeio.dll --------- 153088 
 29.12.2010 19:41    C:\Windows\system32\sbe.dll --------- 323072 
 29.12.2010 19:41    C:\Windows\system32\EncDec.dll --------- 429056 
 29.12.2010 19:39    C:\Windows\system32\mpg2splt.ax --------- 177664 
 28.12.2010 16:57    C:\Windows\system32\odbc32.dll --------- 409600 
 17.12.2010 18:43    C:\Windows\system32\mstscax.dll --------- 2067456 
 17.12.2010 17:06    C:\Windows\system32\mstsc.exe --------- 677888 
 16.12.2010 04:04    C:\Windows\system32\de-DE --------- 188416 
 14.12.2010 17:49    C:\Windows\system32\sdclt.exe --------- 1169408 
 06.11.2010 13:10    C:\Windows\system32\wmicmiplugin.dll --------- 345088 
 06.11.2010 13:10    C:\Windows\system32\taskschd.dll --------- 357376 
 06.11.2010 13:10    C:\Windows\system32\taskcomp.dll --------- 270336 
 06.11.2010 13:09    C:\Windows\system32\schedsvc.dll --------- 603648 
 05.11.2010 02:53    C:\Windows\system32\taskeng.exe --------- 171520 
 28.10.2010 14:56    C:\Windows\system32\tzres.dll --------- 2048 
 18.10.2010 16:01    C:\Windows\system32\consent.exe --------- 81920 
 17.10.2010 02:01    C:\Windows\system32\Tasks --------- 4096 
 15.10.2010 16:08    C:\Windows\system32\ntoskrnl.exe --------- 3548048 
 15.10.2010 16:08    C:\Windows\system32\ntkrnlpa.exe --------- 3600272 
 15.10.2010 15:48    C:\Windows\system32\ntdll.dll --------- 1205080 
 15.10.2010 05:38    C:\Windows\system32\autopart.opt --------- 151 
 14.10.2010 23:53    C:\Windows\system32\en-US --------- 4096 
 24.09.2010 18:15    C:\Windows\system32\TVUAx --------- 4096 
 10.09.2010 20:18    C:\Windows\system32\wmp.dll --------- 10626560 
 10.09.2010 18:37    C:\Windows\system32\wmploc.DLL --------- 8147456 
 06.09.2010 18:24    C:\Windows\system32\srvsvc.dll --------- 125952 
 06.09.2010 18:23    C:\Windows\system32\netevent.dll --------- 17920 
 31.08.2010 17:41    C:\Windows\system32\mfc40u.dll --------- 954288 
 31.08.2010 17:41    C:\Windows\system32\mfc40.dll --------- 954752 
 31.08.2010 17:40    C:\Windows\system32\comctl32.dll --------- 531968 
 26.08.2010 18:07    C:\Windows\system32\t2embed.dll --------- 157184 
 20.08.2010 17:21    C:\Windows\system32\wmpmde.dll --------- 866816 
 18.08.2010 20:28    C:\Windows\system32\GroupPolicy --------- 0 
 17.08.2010 15:32    C:\Windows\system32\spoolsv.exe --------- 126464 
 15.08.2010 19:23    C:\Windows\system32\jupdate-1.6.0_21-b07.log --------- 6339 
 10.08.2010 17:02    C:\Windows\system32\schannel.dll --------- 274432 
 17.07.2010 05:00    C:\Windows\system32\javaws.exe --------- 153376 
 17.07.2010 05:00    C:\Windows\system32\javaw.exe --------- 145184 
 17.07.2010 05:00    C:\Windows\system32\java.exe --------- 145184 
 17.07.2010 05:00    C:\Windows\system32\deployJava1.dll --------- 423656 
 28.06.2010 18:15    C:\Windows\system32\ole32.dll --------- 1315840 
 18.06.2010 18:43    C:\Windows\system32\rtutils.dll --------- 36352 
 16.06.2010 17:12    C:\Windows\system32\fontsub.dll --------- 72704 
 13.06.2010 08:38    C:\Windows\system32\wbem --------- 61440 
 11.06.2010 17:30    C:\Windows\system32\msxml3.dll --------- 1257472 
 06.06.2010 19:04    C:\Windows\system32\Adobe --------- 0 
 27.05.2010 21:16    C:\Windows\system32\iccvid.dll --------- 81920 
 04.05.2010 20:39    C:\Windows\system32\msshsq.dll --------- 248832 
 04.05.2010 18:53    C:\Windows\system32\ieUnatt.exe --------- 26624 
 16.04.2010 23:12    C:\Windows\system32\sirenacm.dll --------- 48464 
 16.04.2010 18:10    C:\Windows\system32\usp10.dll --------- 501760 
 16.04.2010 18:10    C:\Windows\system32\quartz.dll --------- 1314816 
 05.04.2010 18:08    C:\Windows\system32\MP4SDECD.DLL --------- 317952 
 05.04.2010 18:07    C:\Windows\system32\asycfilt.dll --------- 67072 
 18.03.2010 16:47    C:\Windows\system32\aspnet_counters.dll --------- 17760 
 18.03.2010 13:16    C:\Windows\system32\msvcr100_clr0400.dll --------- 771424 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 21.04.2011 17:04    C:\Windows\Tasks\SA.DAT --------- 6 
 21.04.2011 17:03    C:\Windows\Tasks\SCHEDLGU.TXT --------- 32606 
 21.04.2011 15:29    C:\Windows\Tasks\User_Feed_Synchronization-{8D3263E7-530E-4AF9-89AC-C8AF1A32D293}.job --------- 418 
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\Basti\AppData\Local\Temp

 21.04.2011 17:09    C:\Users\Basti\AppData\Local\Temp\jusched.log --------- 302 
 21.04.2011 17:07    C:\Users\Basti\AppData\Local\Temp\plugtmp-1 --------- 4096 
 21.04.2011 17:06    C:\Users\Basti\AppData\Local\Temp\fla7BB0.tmp --------- 25473715 
 21.04.2011 17:04    C:\Users\Basti\AppData\Local\Temp\WPDNSE --------- 0 
 21.04.2011 17:04    C:\Users\Basti\AppData\Local\Temp\~DF72B.tmp --------- 212992 
 21.04.2011 17:04    C:\Users\Basti\AppData\Local\Temp\Basti.bmp --------- 31832 
 21.04.2011 17:04    C:\Users\Basti\AppData\Local\Temp\~DF1B9E.tmp --------- 49152 
 21.04.2011 17:04    C:\Users\Basti\AppData\Local\Temp\ArmUI.ini --------- 148526 
 21.04.2011 17:02    C:\Users\Basti\AppData\Local\Temp\plugtmp --------- 0 
 21.04.2011 15:13    C:\Users\Basti\AppData\Local\Temp\~DF1D27.tmp --------- 81920 
 21.04.2011 15:10    C:\Users\Basti\AppData\Local\Temp\tosBtExt --------- 0 
 21.04.2011 15:10    C:\Users\Basti\AppData\Local\Temp\AdobeARM.log --------- 1526 
 21.04.2011 15:09    C:\Users\Basti\AppData\Local\Temp\MessengerCache --------- 0 
 21.04.2011 15:09    C:\Users\Basti\AppData\Local\Temp\~DFB3DA.tmp --------- 212992 
 21.04.2011 15:09    C:\Users\Basti\AppData\Local\Temp\~DFCCB0.tmp --------- 49152 
----------------------------------------

 
C:\Program Files

 21.04.2011 03:22    C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 14.04.2011 03:34    C:\Program Files\Internet Explorer --------- 4096 
 27.03.2011 19:06    C:\Program Files\Canon --------- 0 
 27.03.2011 18:55    C:\Program Files\CanonBJ --------- 0 
 24.03.2011 17:05    C:\Program Files\Mozilla Firefox --------- 40960 
 11.03.2011 00:42    C:\Program Files\DVDVideoSoft --------- 0 
 11.03.2011 00:42    C:\Program Files\Common Files --------- 4096 
 08.03.2011 12:01    C:\Program Files\Adobe --------- 0 
 02.01.2011 03:22    C:\Program Files\WBFS --------- 0 
 16.12.2010 05:45    C:\Program Files\Windows Mail --------- 4096 
 15.10.2010 03:24    C:\Program Files\Windows Media Player --------- 4096 
 14.10.2010 23:53    C:\Program Files\Microsoft.NET --------- 0 
 03.10.2010 19:43    C:\Program Files\InstallShield Installation Information --------- 4096 
 17.09.2010 15:30    C:\Program Files\AC3Filter --------- 4096 
 17.09.2010 15:30    C:\Program Files\Haali --------- 0 
 25.08.2010 10:43    C:\Program Files\ffdshow --------- 8192 
 25.08.2010 10:37    C:\Program Files\TVersity Codec Pack --------- 4096 
 15.08.2010 19:23    C:\Program Files\Java --------- 0 
 14.08.2010 19:00    C:\Program Files\Movie Maker --------- 4096 
 14.08.2010 14:44    C:\Program Files\Skype --------- 0 
 03.04.2010 20:03    C:\Program Files\TVUPlayer --------- 4096 
 03.04.2010 19:59    C:\Program Files\TVAnts --------- 4096 
 09.03.2010 23:06    C:\Program Files\SopCast --------- 4096 
 09.03.2010 16:02    C:\Program Files\HP --------- 4096 
 09.03.2010 16:00    C:\Program Files\Hewlett-Packard --------- 0 
 15.02.2010 17:20    C:\Program Files\QuickTime --------- 4096 
 15.02.2010 17:17    C:\Program Files\Apple Software Update --------- 4096 
 18.12.2009 16:52    C:\Program Files\The Magic Fireplace Screensaver 1.4 --------- 4096 
 16.12.2009 15:34    C:\Program Files\Microsoft Works --------- 16384 
 28.11.2009 13:39    C:\Program Files\Microsoft --------- 0 
 24.10.2009 11:58    C:\Program Files\Weight Watchers --------- 0 
 17.06.2009 12:03    C:\Program Files\OpenOffice.org 3 --------- 4096 
 17.06.2009 12:02    C:\Program Files\OpenOffice --------- 0 
 01.06.2009 18:19    C:\Program Files\Syncrosoft --------- 4096 
 12.05.2009 10:11    C:\Program Files\AVEO --------- 0 
 19.04.2009 12:09    C:\Program Files\Windows Live SkyDrive --------- 0 
 19.04.2009 12:08    C:\Program Files\Windows Live --------- 0 
 11.04.2009 16:05    C:\Program Files\PPStream --------- 4096 
 09.03.2009 15:36    C:\Program Files\AGEIA Technologies --------- 8192 
 09.03.2009 15:25    C:\Program Files\SystemRequirementsLab --------- 0 
 09.03.2009 10:30    C:\Program Files\Design Science --------- 0 
 06.03.2009 11:54    C:\Program Files\VideoLAN --------- 0 
 02.03.2009 19:54    C:\Program Files\DivX --------- 4096 
 02.03.2009 19:41    C:\Program Files\Realtek --------- 0 
 18.02.2009 22:19    C:\Program Files\FRITZDSL --------- 8192 
 18.02.2009 22:18    C:\Program Files\FRITZBox --------- 4096 
 18.02.2009 22:18    C:\Program Files\FRITZBoxPrint --------- 4096 
 28.11.2008 02:45    C:\Program Files\desktop.ini --------- 174 
 28.11.2008 02:38    C:\Program Files\Windows Calendar --------- 0 
 28.11.2008 02:38    C:\Program Files\Windows Sidebar --------- 4096 
 28.11.2008 02:38    C:\Program Files\Windows Collaboration --------- 4096 
 28.11.2008 02:38    C:\Program Files\Windows Journal --------- 4096 
 28.11.2008 02:38    C:\Program Files\Windows Photo Gallery --------- 4096 
 28.11.2008 02:37    C:\Program Files\Windows Defender --------- 4096 
 29.09.2008 16:56    C:\Program Files\Winamp --------- 4096 
 24.09.2008 19:38    C:\Program Files\AskSBar --------- 0 
 19.09.2008 19:14    C:\Program Files\Microsoft Xbox 360 Accessories --------- 4096 
 19.09.2008 16:24    C:\Program Files\Avira --------- 0 
 30.08.2008 14:12    C:\Program Files\DAEMON Tools --------- 4096 
 04.07.2008 17:23    C:\Program Files\Windows NT --------- 4096 
 04.07.2008 17:23    C:\Program Files\Gemeinsame Dateien --------- 0 
 02.09.2007 08:50    C:\Program Files\Microsoft Office --------- 4096 
 02.09.2007 08:28    C:\Program Files\CyberLink --------- 4096 
 02.09.2007 08:07    C:\Program Files\Toshiba --------- 0 
 02.09.2007 08:06    C:\Program Files\WinRAR 3.61 Multi --------- 4096 
 02.09.2007 07:37    C:\Program Files\System Control Manager --------- 4096 
 02.09.2007 07:02    C:\Program Files\Intel --------- 0 
 02.09.2007 06:51    C:\Program Files\MSXML 4.0 --------- 0 
 02.11.2006 15:01    C:\Program Files\Uninstall Information --------- 0 
 02.11.2006 14:37    C:\Program Files\Microsoft Games --------- 4096 
 02.11.2006 14:37    C:\Program Files\Reference Assemblies --------- 0 
 02.11.2006 14:37    C:\Program Files\MSBuild --------- 0 
----------------------------------------

 
C:\ProgramData\..

Basti   
Mcx1   
Public   
desktop.ini   
Default   
All Users   
Default User   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1      localhost
::1            localhost

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            28 K
System                          4 Services                  0        4.336 K
smss.exe                      564 Services                  0          648 K
csrss.exe                      724 Services                  0        4.676 K
wininit.exe                    776 Services                  0        3.356 K
csrss.exe                      788 Console                    1        8.668 K
services.exe                  820 Services                  0        6.044 K
lsass.exe                      832 Services                  0        2.108 K
lsm.exe                        840 Services                  0        4.368 K
svchost.exe                    992 Services                  0        5.192 K
nvvsvc.exe                    1036 Services                  0        3.012 K
svchost.exe                  1064 Services                  0        4.952 K
winlogon.exe                  1100 Console                    1        4.680 K
svchost.exe                  1136 Services                  0        46.008 K
svchost.exe                  1188 Services                  0        10.596 K
svchost.exe                  1216 Services                  0        58.696 K
svchost.exe                  1228 Services                  0        24.396 K
audiodg.exe                  1328 Services                  0        10.440 K
SLsvc.exe                    1360 Services                  0        4.264 K
svchost.exe                  1404 Services                  0        11.056 K
svchost.exe                  1508 Services                  0        11.700 K
rundll32.exe                  1796 Console                    1        5.040 K
spoolsv.exe                  1852 Services                  0        8.588 K
sched.exe                    1908 Services                  0        1.328 K
svchost.exe                  1928 Services                  0        13.168 K
agrsmsvc.exe                  1624 Services                  0        2.072 K
svchost.exe                  1608 Services                  0        7.756 K
avguard.exe                  1316 Services                  0        24.208 K
svchost.exe                  1916 Services                  0        5.844 K
IGDCTRL.EXE                    792 Services                  0        5.052 K
PIFSvc.exe                    2092 Services                  0          932 K
svchost.exe                  2332 Services                  0        2.524 K
edd.exe                      2352 Services                  0        1.452 K
svchost.exe                  2388 Services                  0        2.372 K
svchost.exe                  2408 Services                  0        4.080 K
RichVideo.exe                2436 Services                  0        3.460 K
svchost.exe                  2476 Services                  0        5.808 K
TosBtSrv.exe                  2508 Services                  0        3.136 K
svchost.exe                  2624 Services                  0        1.868 K
SearchIndexer.exe            2668 Services                  0        16.668 K
reinstall_svc.exe            2740 Services                  0        3.576 K
taskeng.exe                  2900 Services                  0        5.132 K
dwm.exe                      3272 Console                    1        36.288 K
explorer.exe                  3296 Console                    1        28.328 K
MSASCui.exe                  3464 Console                    1        5.348 K
MGSysCtrl.exe                3480 Console                    1        7.680 K
PIFSvc.exe                    3500 Console                    1          852 K
avgnt.exe                    3528 Console                    1        2.348 K
XBoxStat.exe                  3572 Console                    1        3.864 K
rundll32.exe                  3604 Console                    1        4.400 K
jusched.exe                  3652 Console                    1        5.244 K
cledx.exe                    3668 Console                    1        4.648 K
hpwuSchd2.exe                3748 Console                    1        2.628 K
reader_sl.exe                3780 Console                    1        3.064 K
taskeng.exe                  3788 Console                    1        9.020 K
AdobeARM.exe                  3888 Console                    1        7.032 K
sidebar.exe                  4012 Console                    1        16.376 K
daemon.exe                    4036 Console                    1        3.936 K
msnmsgr.exe                  4056 Console                    1        2.748 K
ehtray.exe                    1480 Console                    1        1.120 K
wmpnscfg.exe                  2500 Console                    1        4.144 K
AveoSTI.exe                  2616 Console                    1        4.064 K
TosBtMng.exe                  2648 Console                    1        6.588 K
StCenter.exe                  2940 Console                    1        6.524 K
ehmsas.exe                    3292 Console                    1        4.460 K
TosA2dp.exe                  1708 Console                    1        4.340 K
wmpnetwk.exe                  2528 Services                  0        13.356 K
TosBtHid.exe                  2696 Console                    1        2.276 K
TosBtHSP.exe                  3616 Console                    1        4.716 K
TosAVRC.exe                  4164 Console                    1        4.236 K
TosOBEX.exe                  4452 Console                    1        6.508 K
TosBtProc.exe                5004 Console                    1        4.600 K
firefox.exe                  5408 Console                    1      217.484 K
plugin-container.exe          6044 Console                    1      194.496 K
wuauclt.exe                  5180 Console                    1        5.424 K
SearchProtocolHost.exe        5872 Services                  0        9.540 K
SearchFilterHost.exe          5820 Services                  0        5.632 K
WinRAR.exe                    3916 Console                    1        11.700 K
cmd.exe                      3816 Console                    1        2.912 K
conime.exe                    4160 Console                    1        3.208 K
tasklist.exe                  5624 Console                    1        4.728 K
WmiPrvSE.exe                  4300 Services                  0        5.932 K

 
***** Ende des Scans 21.04.2011 um 17:09:47,88 ***

...und CCleaner:
Code:

AC3Filter (remove only)                16.09.2010        4,04MB       
Achtung, die Kurve!                30.06.2010               
Acronis*Disk*Director*Home        Acronis        14.10.2010        216MB        11.0.216
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        09.03.2011                10.2.152.32
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        19.04.2011                10.2.159.1
Adobe Reader 9.4.2 - Deutsch        Adobe Systems Incorporated        07.03.2011        174,8MB        9.4.2
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        05.06.2010        8,37MB        11.5.7.609
Agere Systems HDA Modem        Agere Systems        01.09.2007               
Akamai NetSession Interface                20.10.2010        13,4MB       
Apple Application Support        Apple Inc.        14.02.2010        32,4MB        1.1.0
Apple Software Update        Apple Inc.        14.02.2010        2,16MB        2.1.1.116
Ask Toolbar        Ask.com        23.09.2008        0,42MB       
AveoCap        AVEO        11.05.2009        0,20MB        1.00.0011
Avira AntiVir Personal - Free Antivirus        Avira GmbH        18.09.2008        81,6MB       
AVM FRITZ!Box Dokumentation        AVM Berlin        17.02.2009        5,02MB       
AVM FRITZ!Box Druckeranschluss        AVM Berlin        17.02.2009               
AVM FRITZ!DSL        AVM Berlin        17.02.2009        14,1MB        2.04.02
Bluetooth Stack for Windows by Toshiba                01.09.2007        54,5MB        v5.10.06
Canon MX850 series                26.03.2011               
Canon MX850 series Benutzerregistrierung                26.03.2011        0,52MB       
CCleaner        Piriform        20.04.2011        3,60MB        3.05
DivX Codec        DivX, Inc.        01.03.2009        1,40MB        6.8.5
DivX Converter        DivX, Inc.        01.03.2009        35,9MB        7.0.0
DivX Player        DivX, Inc.        01.03.2009        8,09MB        7.0.0
DivX Plus DirectShow Filters        DivX, Inc.        01.03.2009        1,21MB       
DVD Suite        CyberLink Corporation        03.07.2008        11,3MB        5.0.1729
EA Download Manager        Electronic Arts, Inc.        24.11.2009        7,99MB        5.1.0.4
Explorer Suite III                06.01.2009        6,85MB       
ffdshow [rev 3154] [2009-12-09]                24.08.2010        17,0MB        1.0
FlexPoints 2.01        Weight Watchers        23.10.2009        131,8MB        2.01.0000
Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        09.03.2011        3,02MB       
Free YouTube to MP3 Converter version 3.9.34.305        DVDVideoSoft Limited.        09.03.2011        3,47MB       
FUSSBALL MANAGER 10        Electronic Arts        03.12.2009        6.968MB        2.0.0.4
Haali Media Splitter                16.09.2010        2,45MB       
HP OCR Software 8.0        HP        08.03.2010        1,53MB        8.0
HP Photosmart Essential        HP        08.03.2010        10,2MB        1.12.0.46
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B        HP        08.03.2010        75,8MB        8.0
HP Solution Center 8.0        HP        08.03.2010        1,53MB        8.0
HP Update        Hewlett-Packard        08.03.2010        3,57MB        4.000.005.006
Java(TM) 6 Update 21        Sun Microsystems, Inc.        29.10.2008        94,4MB        6.0.210
LiveUpdate Notice (Symantec Corporation)        Symantec Corporation        03.09.2008        7,59MB        1.4.5
Malwarebytes' Anti-Malware        Malwarebytes Corporation        20.04.2011        4,80MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        18.08.2009        27,8MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        13.10.2010        182,9MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        13.10.2010        46,0MB        4.0.30319
Microsoft Office Home and Student 2007        Microsoft Corporation        15.12.2009        298MB        12.0.6425.1000
Microsoft Office Word 2007        Microsoft Corporation        15.12.2009        308MB        12.0.6425.1000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        30.07.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        17.02.2009        0,41MB        8.0.56336
Microsoft Visual C++ 2005 Redistributable - KB2467175        Microsoft Corporation        13.04.2011        0,29MB        8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        18.03.2011        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        13.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        17.03.2011        0,58MB        9.0.30729
Microsoft Works        Microsoft Corporation        10.12.2009        285MB        08.05.0822
Microsoft Xbox 360 Accessories 1.1        Microsoft        18.09.2008        6,51MB        1.10.123.0
Mozilla Firefox (3.6.16)        Mozilla        23.03.2011        30,7MB        3.6.16 (de)
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        01.09.2007        1,28MB        4.20.9848.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        13.11.2008        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,34MB        4.20.9876.0
Next Generation Graphic Patch Update                08.03.2009               
NVIDIA Drivers        NVIDIA Corporation        08.03.2009                1.3
NVIDIA PhysX        NVIDIA Corporation        08.03.2009        120,0MB        9.09.0010
OpenOffice.org 3.0        OpenOffice.org        16.06.2009        332MB        3.0.9379
PokerStars        PokerStars        11.10.2008        57,9MB       
Power2Go 5.0                03.07.2008        3,76MB       
PowerDirector Express                03.07.2008        129,4MB       
PowerProducer                03.07.2008        137,9MB       
PPStream        PPStream, Inc.        10.04.2009        20,4MB        2.6.86.8250
QuickTime        Apple Inc.        14.02.2010        77,3MB        7.65.17.80
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista        Realtek        01.09.2007        0,68MB        1.00.0000
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01                03.07.2008        1,93MB        3.51.01
Skype™ 4.2        Skype Technologies S.A.        22.08.2010        31,1MB        4.2.169
SopCast 3.2.4        SopCast.com        08.03.2010        9,18MB        3.2.4
Steinberg Cubase SX v3.1.1.944                31.05.2009        179,7MB       
SyncroSoft Emu (Remove only)                31.05.2009        10,3MB       
Syncrosofts Lizenz Kontrolle        Syncrosoft Hard- Und Software GmbH        31.05.2009        10,3MB       
System Control Manager                01.09.2007        5,03MB        1.0207.0907.G100.30
System Requirements Lab                08.03.2009        0,73MB       
The Magic Fireplace Screensaver 1.4        bid77 Media Service        17.12.2009        1,63MB        1.4
TVAnts 1.0                02.04.2010        5,41MB       
TVersity Codec Pack 1.4        TVersity Inc.        24.08.2010        1,63MB        1.4
TVersity Media Server 1.9.2        TVersity        24.08.2010        93,2MB        1.9.2
TVUPlayer 2.5.2.2        TVU networks        02.04.2010        14,6MB        2.5.2.2
Uninstall 1.0.0.1                09.03.2011        32,1MB       
Veetle TV 0.9.18        Veetle, Inc        28.11.2010        10,1MB        0.9.18
VLC media player 1.0.1        VideoLAN Team        28.07.2009        72,4MB        1.0.1
Vuze        Vuze, Inc.        23.09.2008        114,9MB       
Wave Editor 3.1.0.0        AbyssMedia.com        09.03.2011        1,93MB        3.1.0.0
WBFS Manager 4.0        WBFS        01.01.2011        3,57MB        4.0
Winamp        Nullsoft, Inc        28.09.2008        13,8MB        5.541
Windows Live Anmelde-Assistent        Microsoft Corporation        05.03.2009        1,93MB        5.000.818.6
Windows Live Essentials        Microsoft Corporation        10.02.2011        44,0MB        14.0.8117.0416
Windows Live-Uploadtool        Microsoft Corporation        18.04.2009        0,22MB        14.0.8014.1029
Windows Media Player Firefox Plugin        Microsoft Corp        16.09.2009        0,29MB        1.0.0.8
WinRAR archiver                03.07.2008               
World Series of Poker 2008: Battle for the Bracelets        Activision Value        13.11.2009        2.932MB        1.1
You Don't Know Jack 4 1.00        Take 2 Interactive        16.09.2009        229MB        1.00
YOU DON'T KNOW JACK Volume 2                30.06.2010        229MB       
Zatacka 0.1.7        Mage        30.06.2010        2,95MB


kira 21.04.2011 16:30

1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`
Code:

Ask Toolbar - Adware -Toolbar
Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren

2.
Code:

Vuze
Zitat:

Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!

Selbst wenn du ein „sicheres“ P2P Programm verwendest, ist es nur das Programm, das sicher ist.Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...;)
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!http://www.world-of-smilies.com/wos_teufel/teu96.gif

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► Hast du jetzt noch irgendwelche Probleme?

s0ny 21.04.2011 16:42

Alles klar, werde das alles in Angriff nehmen! Vielen, vielen Dank!

s0ny 22.04.2011 09:37

SUPERAntiSpyware-Scan:

Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/22/2011 at 03:19 AM

Application Version : 4.51.1000

Core Rules Database Version : 6887
Trace Rules Database Version: 4699

Scan type      : Complete Scan
Total Scan Time : 00:55:28

Memory items scanned      : 760
Memory threats detected  : 0
Registry items scanned    : 8609
Registry threats detected : 1
File items scanned        : 40053
File threats detected    : 156

Adware.Tracking Cookie
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@apmebf[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@bs.serving-sys[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@atdmt.combing[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@usenext[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@serving-sys[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@doubleclick[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@questionmarket[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@advertising[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adfarm1.adition[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@komtrack[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adbrite[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@weborama[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@zanox[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tradedoubler[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@yadro[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@content.yieldmanager[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@content.yieldmanager[3].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@traffictrack[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@mediaplex[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.etracker[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tracking.3gnet[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ad.yieldmanager[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adtech[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@zanox-affiliate[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@a3.adserver01[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adultfriendfinder[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@atdmt[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tto2.traffictrack[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@bluestreak[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@zedo[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.usenext[3].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tracking.quisma[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.usenext[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@fastclick[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.active-tracking[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@msnportal.112.2o7[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@imrworldwide[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adply.plymedia[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@doubleclick[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@hitbox[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.yieldmanager[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@media6degrees[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@youporn[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.adnet[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@youporn[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@media.adsvelocity[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.quisma[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.ad-srv[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.crakmedia[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@studivz.adfarm1.adition[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@atdmt[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@interclick[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adtech[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adviva[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.mindshare[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.adserver01[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@msnportal.112.2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@a7.adserver01[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@statcounter[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.heias[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@trafficmp[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@media.brandreachsys[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@nike.112.2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adcentriconline[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@imrworldwide[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@himedia.individuad[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@zanox-affiliate[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@server.lon.liveperson[3].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@xiti[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adrevolver[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@server.lon.liveperson[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@stat.dealtime[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@content.yieldmanager[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.hannoversche[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adserver.itsfogo[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www.etracker[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www.discount24[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@zedo[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@eaeacom.112.2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@smartadserver[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tenyardtracker[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ehg-adidas.hitbox[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@media.adrevolver[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@hertz.122.2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@invitemedia[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@myroitracking[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@microsoftsto.112.2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.webtrekk[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.slutload[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www9.discount24[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@specificclick[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@clicksor[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@fastclick[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.webtrekk[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@fl01.ct2.comclick[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@statse.webtrendslive[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@revsci[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@zanox[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@youporn.videobox[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adfarm1.adition[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.zanox[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@partypoker[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad4.adfarm1.adition[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad3.adfarm1.adition[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad2.adfarm1.adition[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad1.adfarm1.adition[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@unitymedia[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.undertone[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@shop.zanox[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@in.getclicky[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@thomascookag.122.2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.onmarketing[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@mediaplex[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@discount24[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tradedoubler[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@casalemedia[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adsrv.admediate[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ero-advertising[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.effiliation[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.youporn.videobox[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@webmasterplan[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@bs.serving-sys[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.effiliation[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@porntubemate[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@traffictrack[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.quartermedia[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@traveladvertising[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adultfriendfinder[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www.usenext[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@apmebf[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@serving-sys[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adserver.anschlusstor[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.mlsat02[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.watchmygf[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tele2de.112.2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@porntube[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www.googleadservices[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tribalfusion[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.youporn[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.adform[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@rotator.adjuggler[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.adcloud[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@im.banner.t-online[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@questionmarket[2].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@sonyeurope.112.2o7[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adultadworld[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@advertising[1].txt
        C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@eas.apm.emediate[2].txt
        secure-uk.imrworldwide.com [ C:\Users\Basti\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\73SPAL36 ]

Adware.Vundo Variant/Rel
        HKU\S-1-5-21-9527809-2398962358-3293105967-1000\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Users\Basti\AppData\Local\Temp\iifebCVm.dll,#1 ]

...und ESET-Online Scan:
Code:

C:\aol\aolsilentsetup.ex_        möglicherweise Variante von Win32/StartPage.LWOOMNQ Trojaner        gelöscht - in Quarantäne kopiert
C:\Users\Public\Desktop\aolsilentsetup.exe        möglicherweise Variante von Win32/StartPage.LWOOMNQ Trojaner        gelöscht - in Quarantäne kopiert
D:\Downloads\Programme\Browser\Firefox_Setup.exe        möglicherweise Variante von Win32/TrojanDownloader.Banload.HSGFPBY Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert
D:\Images\rld-fif9.iso        möglicherweise Variante von Win32/Obfuscated.JJEZGMV Trojaner        gelöscht - in Quarantäne kopiert

Die restlichen Punkte habe ich auch erledigt. Ich erhalte auch keine Warnmeldungen mehr, dass meine Festplatte defekt sei und auch keine Warnungen von Antivir, aber auf meine eigenen Dateien kann ich weiterhin nicht zugreifen. Unter C:\Users\ findet sich nur ein Unterordner "Mcx1", auf den ich kein Zugriff habe. Ist der Trojaner jetzt wirklich weg oder nur quasi eingedämmt?

kira 22.04.2011 22:30

schaue mal hier:-> http://www.mce-community.de/portal/i...ell-bearbeiten

s0ny 23.04.2011 15:02

Ah, okay. Dankeschön. Habe jetzt auch schlauerweise bemerkt, dass alles wieder so ist wie es sein soll. Die Ordner der Benutzerkonten waren lediglich versteckt!

Also vielen, vielen Dank! Ohne Hilfe hätte ich das nie hinbekommen!

kira 23.04.2011 22:19

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

2.
wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes:
Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung

3.
Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus
- Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern (► am besten von einem anderen, nicht-infizierten Rechner aus! )
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color][/b] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen;)
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute:)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19