Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Brauche dringend Hilfe tr/kazy.mekml.1 (https://www.trojaner-board.de/97865-brauche-dringend-hilfe-tr-kazy-mekml-1-a.html)

Hainz 22.04.2011 00:11
Brauche dringend Hilfe tr/kazy.mekml.1
 
Hallo zusammen,

Ich muss am Mittwoch eine wichtige präsentationsarbeit abgeben und wie es das Schicksal so will hab ich jetzt den oben genannten Trojaner. Das Problem ist Firefox und ander Programme hängen sich dauernd auf =>keine Rückmeldung hab jetzt geschafft malewarebytes und otl runterzuladen...
Wie soll ich weitervorgehen da ja oft dann keine Rückmeldung angezeigt wird und irgendwann der pc runter fährt...

Ich hoffe auf eure Hilfe
MfG hainz

habe es endlich geschafft ohne abstürzen malewarebytes durchzuführen den quik scan versuche jetzt gleich den kompletten scan hier der log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6415

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.04.2011 09:34:58
mbam-log-2011-04-22 (09-34-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167124
Laufzeit: 7 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 2980 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

hier der log vom kompletten scan :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6417

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.04.2011 10:33:11
mbam-log-2011-04-22 (10-33-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|)
Durchsuchte Objekte: 333753
Laufzeit: 51 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\image-line\toxic biohazard\toxic biohazard.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\karl-heinz\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\OIJ38P3U\readme[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

log vom otl scan:OTL Logfile:
Code:
OTL logfile created on: 22.04.2011 10:42:47 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Karl-Heinz\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 384,45 Gb Free Space | 55,03% Space Free | Partition Type: NTFS
 
Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.03 10:51:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.03 10:51:31 | 000,000,000 | ---D | M]
 
[2008.09.29 04:18:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Extensions
[2011.04.03 10:24:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions
[2009.09.27 17:01:06 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.25 23:48:29 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\moveplayer@movenetworks.com
[2011.04.16 17:31:30 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-1.xml
[2009.07.23 18:56:08 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-10.xml
[2009.08.10 17:16:38 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-11.xml
[2009.09.11 17:50:03 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-12.xml
[2009.10.29 19:40:58 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-13.xml
[2009.12.21 13:51:12 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-14.xml
[2010.01.10 19:00:41 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-15.xml
[2010.02.22 09:38:00 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-16.xml
[2010.04.04 19:36:11 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-17.xml
[2011.04.03 10:53:05 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-18.xml
[2008.11.16 02:44:27 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-2.xml
[2008.12.23 15:03:12 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-3.xml
[2009.02.08 19:32:10 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-4.xml
[2009.03.06 20:34:23 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-5.xml
[2009.03.29 01:24:06 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-6.xml
[2009.04.23 02:12:29 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-7.xml
[2009.04.28 22:41:52 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-8.xml
[2009.06.13 13:03:45 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-9.xml
[2008.09.29 04:19:02 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin.xml
[2011.04.03 10:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.07.14 19:52:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Explore\command - "" = MS-DOS.com
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Open\command - "" = MS-DOS.com
O33 - MountPoints2\{6eaa7920-a272-11dd-a4f1-0022150e595e}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell - "" = AutoRun
O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 00:25:36 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\AppData\Roaming\Malwarebytes
[2011.04.22 00:25:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.22 00:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.22 00:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.22 00:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.22 00:24:11 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.21 23:34:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe
[2011.04.21 23:19:07 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.16 18:09:35 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\Documents\PU
[2011.04.03 11:48:11 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\Desktop\Ger Best
[2011.04.03 11:36:50 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\Desktop\Samples Nano Studio
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 10:42:07 | 001,635,848 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.22 10:42:07 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.22 10:42:07 | 000,655,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.22 10:42:07 | 000,157,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.22 10:42:07 | 000,128,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.22 10:40:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe
[2011.04.22 10:36:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 10:36:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 10:36:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 00:25:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 00:24:13 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.21 23:21:43 | 000,000,120 | ---- | M] () -- C:\ProgramData\~43114248r
[2011.04.21 23:21:43 | 000,000,104 | ---- | M] () -- C:\ProgramData\~43114248
[2011.04.21 23:19:11 | 000,000,583 | -H-- | M] () -- C:\Users\Karl-Heinz\Desktop\Windows Recovery.lnk
[2011.04.21 23:19:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\43114248
[2011.04.21 23:18:54 | 000,487,424 | ---- | M] () -- C:\ProgramData\43114248.exe
[2011.04.21 17:47:25 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job
[2011.04.18 22:37:41 | 000,211,456 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.03 10:51:36 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.22 00:25:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 00:25:21 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.21 23:21:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~43114248r
[2011.04.21 23:21:42 | 000,000,104 | ---- | C] () -- C:\ProgramData\~43114248
[2011.04.21 23:19:11 | 000,000,583 | -H-- | C] () -- C:\Users\Karl-Heinz\Desktop\Windows Recovery.lnk
[2011.04.21 23:19:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\43114248
[2011.04.21 23:18:51 | 000,487,424 | ---- | C] () -- C:\ProgramData\43114248.exe
[2011.04.03 10:51:36 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.02.26 15:17:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.11.21 17:57:41 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008.10.25 12:33:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008.10.03 20:10:01 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2008.09.29 14:56:15 | 000,000,098 | -H-- | C] () -- C:\Users\Karl-Heinz\AppData\Local\fusioncache.dat
[2008.09.29 13:18:10 | 000,059,225 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008.09.29 12:15:20 | 001,524,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.09.29 12:13:46 | 000,189,672 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008.09.29 12:13:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2008.09.29 12:13:43 | 000,070,968 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008.09.29 06:26:50 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008.09.29 06:26:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.09.29 05:47:55 | 000,211,456 | -H-- | C] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.29 04:18:33 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008.09.29 04:18:32 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008.09.29 04:18:31 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2008.09.29 04:18:31 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2008.09.29 04:10:46 | 000,032,124 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008.09.29 04:10:30 | 000,031,749 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.09.29 04:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.29 02:39:43 | 000,000,732 | -H-- | C] () -- C:\Users\Karl-Heinz\AppData\Local\d3d9caps64.dat
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.08.21 03:36:01 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2008.11.07 16:48:55 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
[2008.10.03 20:12:17 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\concept design
[2010.09.10 19:18:03 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\ICQ
[2008.10.02 18:53:34 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Leadertech
[2009.12.22 20:33:00 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2008.12.09 16:20:52 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Red Alert 3 Demo
[2008.09.29 05:39:39 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\streamripper
[2009.04.23 14:00:56 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\The Creative Assembly
[2011.02.06 10:49:29 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\TuneUp Software
[2009.06.26 16:48:34 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Ubisoft
[2010.12.01 00:11:02 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\XMedia Recode
[2011.04.22 10:35:22 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.21 17:47:25 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF
 
< End of report >
--- --- ---


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 22.04.2011 10:42:47 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Karl-Heinz\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 384,45 Gb Free Space | 55,03% Space Free | Partition Type: NTFS
 
Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-688148533-2580855891-255624100-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4795CF89-B1B1-4173-9297-2F7426F9C0FE}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A418C75D-9024-4E11-A22A-A82D0211106C}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{B8EE4FB7-CAFE-4763-A247-994B7F5E20F9}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{DCF3D0DD-BCE2-4970-8878-5F029EC56562}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0013E-2429-4D68-BEFF-71520389FBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{038F9921-517D-4E7F-9270-1E1800D68EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{04CA754A-9611-4499-B457-053D170E70F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{05531DF7-36C8-4297-9F45-F20E48ED432B}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{0C833505-2D22-48E6-AD8A-9C49795BACEE}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{133CDE21-B4CE-46A5-B562-06AC274E9C73}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{1F376101-2553-4601-A65A-17361012CD43}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{27624122-CAAF-49ED-9296-D87B128F049B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A530776-EB40-4A19-A00F-8CFDF0B74D5E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3700E488-7A3C-4795-92F3-F42D27A41756}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{379D2A62-E84F-4A88-B1CA-F0A002CF006A}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{3CD4F43F-46BE-46CD-A7FD-CFF9DDE648BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{477C0F11-A013-4649-AF29-5B738BDAA89A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{48A2E67D-7A3F-49D9-833D-A51530AA8E24}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{4D036F3D-C6C1-47CA-8984-29875EFC016C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{54A31457-3265-4480-831E-00352B192AB4}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6413124A-0456-406E-B5EF-56192FD3060F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{656AE0FF-33AA-4D46-8BF4-8FDBFD247751}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{669C5421-3651-47DB-B8B0-61B033CB8A04}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{695C9B71-F7DC-430E-81F6-3B6771C0D673}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{6E054483-3B62-4AB0-A502-298D7E816485}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{727DA545-E96F-4385-A262-ACCD95B73D5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73B3122D-A601-4512-BA16-8E2DB78D456C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85DC83C9-0242-4CFE-9350-3B8D32FB0CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{86D38870-B961-4C92-94B7-BF214AE71346}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{8CC3B56B-2B07-4E91-AA8A-FF839213FE4F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{94B2E1E2-A059-4729-A9CB-42F8B2032F2B}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{96586A53-07C7-4F9A-A9C1-C6850DBB3DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{976BBA7F-D61A-4AB5-A0ED-755D6A049BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{9AA7A255-4839-4ECB-8933-C0432B69D230}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{A1DBE11F-92D5-4E32-96E8-A30B14ED272A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A3257C57-DFAB-4FED-94C1-16F5191BE43B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{AA0FF052-8097-4885-8BC4-482B0F313E09}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{AB0A58AD-A1B4-4E5C-AE95-1E697F26D39F}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"{AD1423C3-D89A-41D1-9985-D6C732AC766A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AD85B653-45BF-4243-B032-DD50C7A73E37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFB2AA8B-83ED-4B21-826A-EA7669A562DC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{B1B8CBB9-3721-4FCE-8B16-EAAF58D09AFD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B71296DC-3478-499B-9381-7377C9A59A99}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2D697E4-1995-4D37-837A-17F65361078A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{CD8942EF-9B37-4F9B-94CC-A33EFCE5E97C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D4A75635-713E-4197-8ED1-D9B93B6DE84A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA3F590E-DF19-4110-BA11-E091EB1272E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{E693E68B-0DB9-4327-9682-4DC264DEB520}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{E988D0F5-EB4A-4DF7-BD57-0BF6ADC76DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{EC3E2EA6-32A4-42CE-810E-5E7A49DC623A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{EF3D19C0-C7E7-4CE2-B9BF-EFAE3F2BCE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"TCP Query User{0D171672-77E1-49D4-B554-2F1460A7B9CA}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{21DA9733-115B-49A2-88C8-F4DE74E33E79}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{2A5A4DB7-2C9B-463F-901A-C1CD897E66F3}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"TCP Query User{2DCCAD41-DDE9-4C6F-A738-C0D588C4E2F9}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{2E41CA84-BD09-4B71-8EA4-6ABCDAAE4908}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"TCP Query User{426DE68E-93F4-494A-B17A-A0ED65231BD6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{565482C7-663A-4125-8581-3E564BB65E03}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{5D659CA3-6159-4252-895A-B02FC160D95B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{648E5E8E-05FC-4828-A9AC-961E3BEE50B9}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{6D7F0BBA-74B3-4A29-8223-2CD07F2771EB}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{7E1908A9-5C50-48C2-96A6-C50F73E0F43B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8C40472B-E0FB-4839-9ED0-59F354F65D38}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{94DEC41E-0DB7-453A-9E1E-46F79692FEF9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{96089E60-CFD2-4E9F-B30D-960BB85510A0}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{A6A40809-2426-4407-AB15-1C70F00F8970}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{ADFC9946-31E5-4792-937C-9749C875A51F}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{AE653E6D-D33F-4F0E-B220-734632CA385E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{C14C7134-4DE4-4085-BF34-B73802F92814}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{C61C6AE7-2255-4E71-A6BC-E8069A108470}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{D5B94E2D-1B20-40A9-A35F-624FEBFF9253}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{ED548B52-F299-4FBD-911A-B366EC8D37B1}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{F99753D3-0298-4B0B-ADC5-3FAC9D5447E1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{090B881B-6E11-4DAE-8660-C3D763FD954E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{3D55F525-0BC1-4E39-AD69-577E1898460E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{4B126A86-5593-43E5-8F9D-0F9F2BB01481}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{511A4EBC-A317-4390-8932-234FBD48BB5D}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{561A1960-4323-4EFB-977B-678AF705E054}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{58F3E71B-5E0D-4E0F-8ED0-9FFFF72589C3}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{5EC0AA9C-90CA-4DE4-B491-9B3FCA91A59D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{5F8F7802-4B87-47C9-96C2-8FE1650B259B}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{63193904-8B36-40EA-BF7D-0B824ADF62A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{642D1094-95A9-47BC-86D2-1B338CDB78AF}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"UDP Query User{7DEBAC66-3AFA-4D0D-AF1C-2D58308238C2}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"UDP Query User{7F20BF46-6D90-4246-AACC-07D89A24537A}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{8114E55D-E0D1-4316-B725-FFED3EA0BFDA}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{82787E3E-C54C-4867-8175-131A2B1BD48D}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{86A31524-02A2-407F-A8FF-2BBD55596514}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{9301C2C6-EE5B-4D7E-BEED-B3C6BB217603}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{9E615EC4-11F0-43D2-859A-43963640570A}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{A0D418DA-DCC2-43CA-80F1-82C4158A03D6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{A6DB83CE-328A-4D6A-994D-1D51156F1D28}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{B1E5B51E-4734-4881-8763-89E96251C93E}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{B8632CB1-97F6-4287-9F31-259ACF347F71}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{C227076C-F5ED-467D-B669-2174AAD87A6A}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{BAC38775-0DDE-AB4C-8260-844D54C96B91}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F38D5A27-B59F-7345-0DB1-1BC1BA68E6B1}" = ccc-utility64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{038117F4-2417-FB0E-3F12-B4604850FB9C}" = Catalyst Control Center Graphics Full Existing
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0E953BF9-C7C3-1919-CD44-874EB17338DC}" = Skins
"{19DDEE14-1A97-196F-B33B-5F069C929ACA}" = HydraVision
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}" = Command & Conquer 3 Tiberium Wars™ Demo
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{45B3A3BD-F90D-48FE-A147-D74878A51031}" = Nero 7 Essentials
"{4636E701-5410-4231-BF83-6B99DE575149}" = Sacred 2 Demo
"{46684480-0161-6798-EFEE-AE6083745D60}" = CCC Help English
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61F85D98-B2F7-F9B3-F706-CBE26666E447}" = Catalyst Control Center Graphics Full New
"{630E039E-FB55-9BCC-40FE-312AD9D7470B}" = Catalyst Control Center Core Implementation
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{712538AF-06AE-4F7F-B246-617034495FE6}" = ANNO 1404 (Demo)
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9F83E452-AD67-0474-B0AD-779254BE8174}" = Catalyst Control Center HydraVision Full
"{A29759FF-0FA3-2D4A-C122-92843A26B177}" = Catalyst Control Center Graphics Light
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA4A418C-4359-20D7-743A-9A864E2E0F0B}" = ccc-core-static
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7A03F82-CF59-6D98-C680-8897E78B8BB3}" = Catalyst Control Center Graphics Previews Common
"{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software  1.12.29.2
"{D24CD157-E4C4-4184-9465-B5C025E736AD}" = WORLD IN CONFLICT - DEMO
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{E2DF04C2-896D-BD6E-BE9B-30F738C3AEFD}" = Catalyst Control Center Graphics Previews Vista
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.51
"ASIO4ALL" = ASIO4ALL
"FL Studio 8" = FL Studio 8
"Fraps" = Fraps
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.0
"HD Tune_is1" = HD Tune 2.55
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"NanoStudio 1.12_is1" = NanoStudio 1.12
"PartyPoker" = PartyPoker
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StarCraft II" = StarCraft II
"Steam App 10620" = Empire: Total War Demo
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Streamripper" = Streamripper (Remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.8.9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


Ich hab jetzt alles was ich als Laie in dem Gebiet versuchen kann und was ich im Forum gelernt habe gemacht...
wie soll ich jetzt weiter vor gehen?
es kommt die ganze zeit immer das pop up von anti vir mit der trojaner meldung.

und bei malewarebytes sind 5 trojaner in quarantäne

danke im voraus für eure hilfe

@ dr.dsl wie füge ich den text ein bei otl?

werde jetzt das versuchen:

:OTL
O4 - Startup: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe ()
:Files
C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe
C:\Users\Karl-Heinz\AppData\Roaming\mixeruupack.exe
C:\ProgramData\hAjBfNa06504
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


der neue log nach dem neustart.....allerdings kommt die warnung von anti vir immernoch -.- was soll ich jetzt machen?

All processes killed
========== OTL ==========
File C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe not found.
========== FILES ==========
File\Folder C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe not found.
File\Folder C:\Users\Karl-Heinz\AppData\Roaming\mixeruupack.exe not found.
File\Folder C:\ProgramData\hAjBfNa06504 not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Karl-Heinz
->Flash cache emptied: 204342 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karl-Heinz
->Temp folder emptied: 9474362 bytes
->Temporary Internet Files folder emptied: 249819288 bytes
->FireFox cache emptied: 59934407 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1628618935 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1697123587 bytes

Total Files Cleaned = 3.476,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04222011_144420

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEEZZ9RP\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H16OAY18\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPC7FTFI\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKY2LD5D\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...


eben nochmal pc vom web getrennt und mit malewarefiles gescannt ergebnis:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6418

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.04.2011 15:32:59
mbam-log-2011-04-22 (15-32-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|)
Durchsuchte Objekte: 327827
Laufzeit: 35 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\karl-heinz\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\43114248.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\karl-heinz\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\karl-heinz\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\karl-heinz\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

cosinus 26.04.2011 14:51
Zitat:
@ dr.dsl wie füge ich den text ein bei otl?

werde jetzt das versuchen:
Was machst du da?!
OTL-Fix-Scripte sind indivuell für einen User in einer bestimmten Situation angepasst. Sie sind nicht übertragbar!!

Poste bitte frische OTL-Logs!

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Hainz 27.04.2011 18:05
Hey erstmal vielen Dank das du mir hilfst!

hier die logsOTL Logfile:
Code:
OTL logfile created on: 27.04.2011 19:02:20 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Karl-Heinz\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 387,81 Gb Free Space | 55,51% Space Free | Partition Type: NTFS
 
Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirScheduler) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.03 10:51:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.03 10:51:31 | 000,000,000 | ---D | M]
 
[2008.09.29 04:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Extensions
[2011.04.03 10:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions
[2009.09.27 17:01:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.25 23:48:29 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\moveplayer@movenetworks.com
[2011.04.27 18:40:10 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-1.xml
[2009.07.23 18:56:08 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-10.xml
[2009.08.10 17:16:38 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-11.xml
[2009.09.11 17:50:03 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-12.xml
[2009.10.29 19:40:58 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-13.xml
[2009.12.21 13:51:12 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-14.xml
[2010.01.10 19:00:41 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-15.xml
[2010.02.22 09:38:00 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-16.xml
[2010.04.04 19:36:11 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-17.xml
[2011.04.03 10:53:05 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-18.xml
[2008.11.16 02:44:27 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-2.xml
[2008.12.23 15:03:12 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-3.xml
[2009.02.08 19:32:10 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-4.xml
[2009.03.06 20:34:23 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-5.xml
[2009.03.29 01:24:06 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-6.xml
[2009.04.23 02:12:29 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-7.xml
[2009.04.28 22:41:52 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-8.xml
[2009.06.13 13:03:45 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-9.xml
[2008.09.29 04:19:02 | 000,000,950 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin.xml
[2011.04.03 10:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.07.14 19:52:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Explore\command - "" = MS-DOS.com
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Open\command - "" = MS-DOS.com
O33 - MountPoints2\{6eaa7920-a272-11dd-a4f1-0022150e595e}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell - "" = AutoRun
O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 14:44:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.22 00:25:36 | 000,000,000 | ---D | C] -- C:\Users\Karl-Heinz\AppData\Roaming\Malwarebytes
[2011.04.22 00:25:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.22 00:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.22 00:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.22 00:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.22 00:24:11 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.21 23:34:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe
[2011.04.16 18:09:35 | 000,000,000 | ---D | C] -- C:\Users\Karl-Heinz\Documents\PU
[2011.04.03 11:48:11 | 000,000,000 | ---D | C] -- C:\Users\Karl-Heinz\Desktop\Ger Best
[2011.04.03 11:36:50 | 000,000,000 | ---D | C] -- C:\Users\Karl-Heinz\Desktop\Samples Nano Studio
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 18:30:04 | 001,635,848 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.27 18:30:04 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.27 18:30:04 | 000,655,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.27 18:30:04 | 000,157,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.27 18:30:04 | 000,128,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.27 18:25:26 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job
[2011.04.27 18:22:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 18:22:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 18:22:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 14:35:36 | 000,504,657 | ---- | M] () -- C:\Users\Karl-Heinz\Desktop\unhide.exe
[2011.04.22 10:40:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe
[2011.04.22 00:25:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 00:24:13 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.21 23:21:43 | 000,000,120 | ---- | M] () -- C:\ProgramData\~43114248r
[2011.04.21 23:21:43 | 000,000,104 | ---- | M] () -- C:\ProgramData\~43114248
[2011.04.21 23:19:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\43114248
[2011.04.18 22:37:41 | 000,211,456 | ---- | M] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.03 10:51:36 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2011.04.22 14:35:33 | 000,504,657 | ---- | C] () -- C:\Users\Karl-Heinz\Desktop\unhide.exe
[2011.04.22 00:25:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 00:25:21 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.21 23:21:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~43114248r
[2011.04.21 23:21:42 | 000,000,104 | ---- | C] () -- C:\ProgramData\~43114248
[2011.04.21 23:19:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\43114248
[2011.04.03 10:51:36 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.02.26 15:17:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.11.21 17:57:41 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008.10.25 12:33:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008.10.03 20:10:01 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2008.09.29 14:56:15 | 000,000,098 | ---- | C] () -- C:\Users\Karl-Heinz\AppData\Local\fusioncache.dat
[2008.09.29 13:18:10 | 000,059,225 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008.09.29 12:15:20 | 001,524,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.09.29 12:13:46 | 000,189,672 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008.09.29 12:13:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2008.09.29 12:13:43 | 000,070,968 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008.09.29 06:26:50 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008.09.29 06:26:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.09.29 05:47:55 | 000,211,456 | ---- | C] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.29 04:18:33 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008.09.29 04:18:32 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008.09.29 04:18:31 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2008.09.29 04:18:31 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2008.09.29 04:10:46 | 000,032,124 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008.09.29 04:10:30 | 000,031,749 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.09.29 04:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.29 02:39:43 | 000,000,732 | ---- | C] () -- C:\Users\Karl-Heinz\AppData\Local\d3d9caps64.dat
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.08.21 03:36:01 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2008.11.07 16:48:55 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
[2008.10.03 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\concept design
[2010.09.10 19:18:03 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\ICQ
[2008.10.02 18:53:34 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Leadertech
[2009.12.22 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2008.12.09 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Red Alert 3 Demo
[2008.09.29 05:39:39 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\streamripper
[2009.04.23 14:00:56 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\The Creative Assembly
[2011.02.06 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\TuneUp Software
[2009.06.26 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Ubisoft
[2010.12.01 00:11:02 | 000,000,000 | ---D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\XMedia Recode
[2011.04.23 02:50:59 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.27 18:25:26 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 27.04.2011 19:02:20 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Karl-Heinz\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 387,81 Gb Free Space | 55,51% Space Free | Partition Type: NTFS
 
Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-688148533-2580855891-255624100-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4795CF89-B1B1-4173-9297-2F7426F9C0FE}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A418C75D-9024-4E11-A22A-A82D0211106C}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{B8EE4FB7-CAFE-4763-A247-994B7F5E20F9}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{DCF3D0DD-BCE2-4970-8878-5F029EC56562}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0013E-2429-4D68-BEFF-71520389FBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{038F9921-517D-4E7F-9270-1E1800D68EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{04CA754A-9611-4499-B457-053D170E70F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{05531DF7-36C8-4297-9F45-F20E48ED432B}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{0C833505-2D22-48E6-AD8A-9C49795BACEE}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{133CDE21-B4CE-46A5-B562-06AC274E9C73}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{1F376101-2553-4601-A65A-17361012CD43}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{27624122-CAAF-49ED-9296-D87B128F049B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A530776-EB40-4A19-A00F-8CFDF0B74D5E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3700E488-7A3C-4795-92F3-F42D27A41756}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{379D2A62-E84F-4A88-B1CA-F0A002CF006A}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{3CD4F43F-46BE-46CD-A7FD-CFF9DDE648BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{477C0F11-A013-4649-AF29-5B738BDAA89A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{48A2E67D-7A3F-49D9-833D-A51530AA8E24}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{4D036F3D-C6C1-47CA-8984-29875EFC016C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{54A31457-3265-4480-831E-00352B192AB4}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6413124A-0456-406E-B5EF-56192FD3060F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{656AE0FF-33AA-4D46-8BF4-8FDBFD247751}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{669C5421-3651-47DB-B8B0-61B033CB8A04}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{695C9B71-F7DC-430E-81F6-3B6771C0D673}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{6E054483-3B62-4AB0-A502-298D7E816485}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{727DA545-E96F-4385-A262-ACCD95B73D5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73B3122D-A601-4512-BA16-8E2DB78D456C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85DC83C9-0242-4CFE-9350-3B8D32FB0CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{86D38870-B961-4C92-94B7-BF214AE71346}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{8CC3B56B-2B07-4E91-AA8A-FF839213FE4F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{94B2E1E2-A059-4729-A9CB-42F8B2032F2B}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{96586A53-07C7-4F9A-A9C1-C6850DBB3DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{976BBA7F-D61A-4AB5-A0ED-755D6A049BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{9AA7A255-4839-4ECB-8933-C0432B69D230}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{A1DBE11F-92D5-4E32-96E8-A30B14ED272A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A3257C57-DFAB-4FED-94C1-16F5191BE43B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{AA0FF052-8097-4885-8BC4-482B0F313E09}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{AB0A58AD-A1B4-4E5C-AE95-1E697F26D39F}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"{AD1423C3-D89A-41D1-9985-D6C732AC766A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AD85B653-45BF-4243-B032-DD50C7A73E37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFB2AA8B-83ED-4B21-826A-EA7669A562DC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{B1B8CBB9-3721-4FCE-8B16-EAAF58D09AFD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B71296DC-3478-499B-9381-7377C9A59A99}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2D697E4-1995-4D37-837A-17F65361078A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{CD8942EF-9B37-4F9B-94CC-A33EFCE5E97C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D4A75635-713E-4197-8ED1-D9B93B6DE84A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA3F590E-DF19-4110-BA11-E091EB1272E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{E693E68B-0DB9-4327-9682-4DC264DEB520}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{E988D0F5-EB4A-4DF7-BD57-0BF6ADC76DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{EC3E2EA6-32A4-42CE-810E-5E7A49DC623A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{EF3D19C0-C7E7-4CE2-B9BF-EFAE3F2BCE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"TCP Query User{0D171672-77E1-49D4-B554-2F1460A7B9CA}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{21DA9733-115B-49A2-88C8-F4DE74E33E79}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{2A5A4DB7-2C9B-463F-901A-C1CD897E66F3}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"TCP Query User{2DCCAD41-DDE9-4C6F-A738-C0D588C4E2F9}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{2E41CA84-BD09-4B71-8EA4-6ABCDAAE4908}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"TCP Query User{426DE68E-93F4-494A-B17A-A0ED65231BD6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{565482C7-663A-4125-8581-3E564BB65E03}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{5D659CA3-6159-4252-895A-B02FC160D95B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{648E5E8E-05FC-4828-A9AC-961E3BEE50B9}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{6D7F0BBA-74B3-4A29-8223-2CD07F2771EB}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{7E1908A9-5C50-48C2-96A6-C50F73E0F43B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8C40472B-E0FB-4839-9ED0-59F354F65D38}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{94DEC41E-0DB7-453A-9E1E-46F79692FEF9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{96089E60-CFD2-4E9F-B30D-960BB85510A0}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{A6A40809-2426-4407-AB15-1C70F00F8970}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{ADFC9946-31E5-4792-937C-9749C875A51F}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{AE653E6D-D33F-4F0E-B220-734632CA385E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{C14C7134-4DE4-4085-BF34-B73802F92814}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{C61C6AE7-2255-4E71-A6BC-E8069A108470}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{D5B94E2D-1B20-40A9-A35F-624FEBFF9253}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{ED548B52-F299-4FBD-911A-B366EC8D37B1}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{F99753D3-0298-4B0B-ADC5-3FAC9D5447E1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{090B881B-6E11-4DAE-8660-C3D763FD954E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{3D55F525-0BC1-4E39-AD69-577E1898460E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{4B126A86-5593-43E5-8F9D-0F9F2BB01481}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{511A4EBC-A317-4390-8932-234FBD48BB5D}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{561A1960-4323-4EFB-977B-678AF705E054}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{58F3E71B-5E0D-4E0F-8ED0-9FFFF72589C3}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{5EC0AA9C-90CA-4DE4-B491-9B3FCA91A59D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{5F8F7802-4B87-47C9-96C2-8FE1650B259B}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{63193904-8B36-40EA-BF7D-0B824ADF62A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{642D1094-95A9-47BC-86D2-1B338CDB78AF}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"UDP Query User{7DEBAC66-3AFA-4D0D-AF1C-2D58308238C2}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"UDP Query User{7F20BF46-6D90-4246-AACC-07D89A24537A}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{8114E55D-E0D1-4316-B725-FFED3EA0BFDA}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{82787E3E-C54C-4867-8175-131A2B1BD48D}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{86A31524-02A2-407F-A8FF-2BBD55596514}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{9301C2C6-EE5B-4D7E-BEED-B3C6BB217603}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{9E615EC4-11F0-43D2-859A-43963640570A}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{A0D418DA-DCC2-43CA-80F1-82C4158A03D6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{A6DB83CE-328A-4D6A-994D-1D51156F1D28}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{B1E5B51E-4734-4881-8763-89E96251C93E}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{B8632CB1-97F6-4287-9F31-259ACF347F71}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{C227076C-F5ED-467D-B669-2174AAD87A6A}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{BAC38775-0DDE-AB4C-8260-844D54C96B91}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F38D5A27-B59F-7345-0DB1-1BC1BA68E6B1}" = ccc-utility64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{038117F4-2417-FB0E-3F12-B4604850FB9C}" = Catalyst Control Center Graphics Full Existing
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0E953BF9-C7C3-1919-CD44-874EB17338DC}" = Skins
"{19DDEE14-1A97-196F-B33B-5F069C929ACA}" = HydraVision
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}" = Command & Conquer 3 Tiberium Wars™ Demo
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{45B3A3BD-F90D-48FE-A147-D74878A51031}" = Nero 7 Essentials
"{4636E701-5410-4231-BF83-6B99DE575149}" = Sacred 2 Demo
"{46684480-0161-6798-EFEE-AE6083745D60}" = CCC Help English
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61F85D98-B2F7-F9B3-F706-CBE26666E447}" = Catalyst Control Center Graphics Full New
"{630E039E-FB55-9BCC-40FE-312AD9D7470B}" = Catalyst Control Center Core Implementation
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{712538AF-06AE-4F7F-B246-617034495FE6}" = ANNO 1404 (Demo)
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9F83E452-AD67-0474-B0AD-779254BE8174}" = Catalyst Control Center HydraVision Full
"{A29759FF-0FA3-2D4A-C122-92843A26B177}" = Catalyst Control Center Graphics Light
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA4A418C-4359-20D7-743A-9A864E2E0F0B}" = ccc-core-static
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7A03F82-CF59-6D98-C680-8897E78B8BB3}" = Catalyst Control Center Graphics Previews Common
"{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software  1.12.29.2
"{D24CD157-E4C4-4184-9465-B5C025E736AD}" = WORLD IN CONFLICT - DEMO
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{E2DF04C2-896D-BD6E-BE9B-30F738C3AEFD}" = Catalyst Control Center Graphics Previews Vista
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.51
"ASIO4ALL" = ASIO4ALL
"FL Studio 8" = FL Studio 8
"Fraps" = Fraps
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.0
"HD Tune_is1" = HD Tune 2.55
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"NanoStudio 1.12_is1" = NanoStudio 1.12
"PartyPoker" = PartyPoker
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StarCraft II" = StarCraft II
"Steam App 10620" = Empire: Total War Demo
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Streamripper" = Streamripper (Remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.8.9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 27.04.2011 18:57
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Explore\command - "" = MS-DOS.com
O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Open\command - "" = MS-DOS.com
O33 - MountPoints2\{6eaa7920-a272-11dd-a4f1-0022150e595e}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell - "" = AutoRun
O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.04.21 23:21:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~43114248r
[2011.04.21 23:21:42 | 000,000,104 | ---- | C] () -- C:\ProgramData\~43114248
[2011.04.21 23:19:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\43114248
@Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hainz 27.04.2011 22:20
hoffe mal es war richtig so hier der log:


All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d393322-d79e-11df-b34f-0022150e595e}\ not found.
File auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d393322-d79e-11df-b34f-0022150e595e}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d393322-d79e-11df-b34f-0022150e595e}\ not found.
File MS-DOS.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d393322-d79e-11df-b34f-0022150e595e}\ not found.
File MS-DOS.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eaa7920-a272-11dd-a4f1-0022150e595e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eaa7920-a272-11dd-a4f1-0022150e595e}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b19c8b-e471-11dd-8e2f-0022150e595e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b19c8b-e471-11dd-8e2f-0022150e595e}\ not found.
File F:\LaunchU3.exe -a not found.
C:\ProgramData\~43114248r moved successfully.
C:\ProgramData\~43114248 moved successfully.
C:\ProgramData\43114248 moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karl-Heinz
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 1455682 bytes
->FireFox cache emptied: 120934021 bytes
->Flash cache emptied: 1837 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3482 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04272011_231420

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEEZZ9RP\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H16OAY18\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPC7FTFI\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKY2LD5D\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 28.04.2011 10:33
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hainz 30.04.2011 07:49
ok habe dasa tool ausgeführt .. es hat nichts gefunden.
unhide habe ich bereits vorher schon ausgeführt gehabt wo ich selber das problem lösen wollte => alle ordner wieder da.

was ist der nächste schritt?

2011/04/30 08:45:20.0745 1516 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/30 08:45:20.0964 1516 ================================================================================
2011/04/30 08:45:20.0964 1516 SystemInfo:
2011/04/30 08:45:20.0964 1516
2011/04/30 08:45:20.0964 1516 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/30 08:45:20.0964 1516 Product type: Workstation
2011/04/30 08:45:20.0964 1516 ComputerName: KARL-HEINZ-PC
2011/04/30 08:45:20.0964 1516 UserName: Karl-Heinz
2011/04/30 08:45:20.0964 1516 Windows directory: C:\Windows
2011/04/30 08:45:20.0964 1516 System windows directory: C:\Windows
2011/04/30 08:45:20.0964 1516 Running under WOW64
2011/04/30 08:45:20.0964 1516 Processor architecture: Intel x64
2011/04/30 08:45:20.0964 1516 Number of processors: 2
2011/04/30 08:45:20.0964 1516 Page size: 0x1000
2011/04/30 08:45:20.0964 1516 Boot type: Normal boot
2011/04/30 08:45:20.0964 1516 ================================================================================
2011/04/30 08:45:21.0338 1516 Initialize success
2011/04/30 08:45:31.0541 2712 ================================================================================
2011/04/30 08:45:31.0541 2712 Scan started
2011/04/30 08:45:31.0541 2712 Mode: Manual;
2011/04/30 08:45:31.0541 2712 ================================================================================
2011/04/30 08:45:34.0021 2712 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
2011/04/30 08:45:34.0551 2712 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/04/30 08:45:34.0770 2712 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/04/30 08:45:34.0910 2712 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/04/30 08:45:34.0957 2712 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/04/30 08:45:35.0113 2712 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2011/04/30 08:45:35.0207 2712 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/04/30 08:45:35.0238 2712 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/04/30 08:45:35.0269 2712 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/04/30 08:45:35.0300 2712 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/04/30 08:45:35.0331 2712 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/04/30 08:45:35.0394 2712 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/04/30 08:45:35.0456 2712 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/04/30 08:45:35.0534 2712 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/30 08:45:35.0565 2712 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/04/30 08:45:35.0706 2712 atikmdag (6d88ada1d1ebd75e075ae167408a425c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/30 08:45:35.0955 2712 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/30 08:45:36.0002 2712 avgntflt (025a17fc8e80d3905d109e3e9900e53c) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/30 08:45:36.0049 2712 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/04/30 08:45:36.0065 2712 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/30 08:45:36.0096 2712 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/30 08:45:36.0127 2712 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/04/30 08:45:36.0143 2712 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/04/30 08:45:36.0174 2712 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/04/30 08:45:36.0205 2712 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/30 08:45:36.0252 2712 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/04/30 08:45:36.0283 2712 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/04/30 08:45:36.0314 2712 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/30 08:45:36.0361 2712 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/30 08:45:36.0455 2712 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/04/30 08:45:36.0564 2712 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
2011/04/30 08:45:36.0611 2712 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/04/30 08:45:36.0642 2712 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/04/30 08:45:36.0673 2712 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/30 08:45:36.0704 2712 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2011/04/30 08:45:36.0735 2712 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/04/30 08:45:36.0798 2712 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/30 08:45:36.0845 2712 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/30 08:45:36.0923 2712 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/04/30 08:45:36.0969 2712 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/04/30 08:45:37.0079 2712 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/04/30 08:45:37.0125 2712 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/04/30 08:45:37.0172 2712 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/04/30 08:45:37.0281 2712 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/04/30 08:45:37.0313 2712 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/30 08:45:37.0344 2712 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/04/30 08:45:37.0375 2712 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/04/30 08:45:37.0406 2712 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/30 08:45:37.0422 2712 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/04/30 08:45:37.0469 2712 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/30 08:45:37.0500 2712 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/30 08:45:37.0547 2712 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/30 08:45:37.0625 2712 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/04/30 08:45:37.0656 2712 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/30 08:45:37.0687 2712 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/04/30 08:45:37.0765 2712 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/04/30 08:45:37.0796 2712 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/30 08:45:37.0827 2712 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/04/30 08:45:37.0859 2712 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys
2011/04/30 08:45:37.0921 2712 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/04/30 08:45:37.0968 2712 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/30 08:45:37.0999 2712 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/04/30 08:45:38.0046 2712 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/04/30 08:45:38.0108 2712 IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/30 08:45:38.0155 2712 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/04/30 08:45:38.0264 2712 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/30 08:45:38.0420 2712 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/30 08:45:38.0483 2712 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/30 08:45:38.0514 2712 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/30 08:45:38.0545 2712 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/04/30 08:45:38.0576 2712 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/04/30 08:45:38.0623 2712 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/30 08:45:38.0670 2712 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/04/30 08:45:38.0717 2712 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/04/30 08:45:38.0748 2712 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/30 08:45:38.0779 2712 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/30 08:45:38.0904 2712 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/30 08:45:39.0060 2712 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/04/30 08:45:39.0107 2712 L1E (75a40635ebca9e69d6ebbdaa35e5ee1e) C:\Windows\system32\DRIVERS\L1E60x64.sys
2011/04/30 08:45:39.0169 2712 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/30 08:45:39.0200 2712 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/30 08:45:39.0247 2712 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/30 08:45:39.0278 2712 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/30 08:45:39.0325 2712 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/30 08:45:39.0356 2712 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/04/30 08:45:39.0403 2712 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/04/30 08:45:39.0450 2712 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/04/30 08:45:39.0481 2712 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/04/30 08:45:39.0512 2712 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/30 08:45:39.0559 2712 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/30 08:45:39.0590 2712 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/30 08:45:39.0621 2712 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/30 08:45:39.0653 2712 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/04/30 08:45:39.0684 2712 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/30 08:45:39.0715 2712 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/30 08:45:39.0746 2712 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/04/30 08:45:39.0793 2712 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/30 08:45:39.0840 2712 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/30 08:45:39.0887 2712 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/30 08:45:39.0980 2712 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/04/30 08:45:40.0074 2712 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/04/30 08:45:40.0183 2712 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/04/30 08:45:40.0292 2712 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/04/30 08:45:40.0401 2712 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/30 08:45:40.0604 2712 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/30 08:45:40.0698 2712 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/04/30 08:45:40.0823 2712 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/04/30 08:45:41.0103 2712 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/30 08:45:41.0275 2712 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/04/30 08:45:41.0400 2712 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/30 08:45:41.0493 2712 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/04/30 08:45:41.0649 2712 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/30 08:45:41.0883 2712 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
2011/04/30 08:45:42.0117 2712 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/30 08:45:42.0227 2712 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/30 08:45:42.0351 2712 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/30 08:45:42.0476 2712 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/04/30 08:45:42.0632 2712 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/30 08:45:42.0835 2712 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/30 08:45:43.0007 2712 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/04/30 08:45:43.0116 2712 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/04/30 08:45:43.0256 2712 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/30 08:45:43.0615 2712 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/04/30 08:45:43.0911 2712 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/04/30 08:45:44.0052 2712 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/04/30 08:45:44.0161 2712 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/04/30 08:45:44.0255 2712 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/04/30 08:45:44.0660 2712 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/30 08:45:44.0801 2712 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/04/30 08:45:44.0925 2712 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/04/30 08:45:45.0081 2712 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/04/30 08:45:45.0222 2712 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/04/30 08:45:45.0440 2712 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/04/30 08:45:45.0612 2712 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/04/30 08:45:46.0002 2712 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/30 08:45:46.0111 2712 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/04/30 08:45:46.0298 2712 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/30 08:45:46.0626 2712 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/04/30 08:45:46.0860 2712 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/04/30 08:45:46.0922 2712 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/30 08:45:46.0985 2712 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/30 08:45:47.0078 2712 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/30 08:45:47.0156 2712 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/30 08:45:47.0219 2712 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/30 08:45:47.0281 2712 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/30 08:45:47.0359 2712 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/30 08:45:47.0484 2712 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/04/30 08:45:47.0546 2712 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/30 08:45:47.0609 2712 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/04/30 08:45:47.0733 2712 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/30 08:45:47.0811 2712 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/30 08:45:47.0905 2712 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/30 08:45:47.0983 2712 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/30 08:45:48.0045 2712 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/04/30 08:45:48.0108 2712 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/04/30 08:45:48.0186 2712 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/04/30 08:45:48.0248 2712 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/30 08:45:48.0326 2712 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/30 08:45:48.0342 2712 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/04/30 08:45:48.0404 2712 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/04/30 08:45:48.0451 2712 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/04/30 08:45:48.0701 2712 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/04/30 08:45:48.0810 2712 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/04/30 08:45:48.0919 2712 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys
2011/04/30 08:45:49.0013 2712 srv2 (56e686e35fce7a1931eb05c226bbae81) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/30 08:45:49.0293 2712 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/30 08:45:49.0637 2712 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/30 08:45:49.0699 2712 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/04/30 08:45:49.0808 2712 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/04/30 08:45:49.0871 2712 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/04/30 08:45:50.0058 2712 Tcpip (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\drivers\tcpip.sys
2011/04/30 08:45:50.0370 2712 Tcpip6 (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/30 08:45:50.0432 2712 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/30 08:45:50.0479 2712 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/04/30 08:45:50.0526 2712 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/04/30 08:45:50.0573 2712 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/30 08:45:50.0619 2712 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/30 08:45:50.0697 2712 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/30 08:45:50.0744 2712 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/30 08:45:50.0791 2712 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/30 08:45:50.0822 2712 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/04/30 08:45:50.0869 2712 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/30 08:45:50.0931 2712 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/30 08:45:51.0087 2712 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/04/30 08:45:51.0181 2712 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/04/30 08:45:51.0259 2712 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/04/30 08:45:51.0306 2712 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/30 08:45:51.0493 2712 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/04/30 08:45:51.0587 2712 usbccgp (66627c6008319def7909f21fb75a8991) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/30 08:45:51.0665 2712 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/04/30 08:45:51.0727 2712 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/30 08:45:51.0789 2712 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/30 08:45:51.0899 2712 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/04/30 08:45:51.0945 2712 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/30 08:45:51.0992 2712 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/30 08:45:52.0070 2712 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/30 08:45:52.0133 2712 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/30 08:45:52.0164 2712 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/04/30 08:45:52.0195 2712 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/04/30 08:45:52.0273 2712 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/04/30 08:45:52.0335 2712 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/04/30 08:45:52.0429 2712 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/04/30 08:45:52.0538 2712 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/04/30 08:45:52.0585 2712 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/04/30 08:45:52.0616 2712 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/30 08:45:52.0819 2712 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/30 08:45:52.0881 2712 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/04/30 08:45:52.0975 2712 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/30 08:45:53.0287 2712 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/30 08:45:53.0537 2712 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/30 08:45:53.0739 2712 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/30 08:45:53.0911 2712 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/30 08:45:54.0114 2712 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
2011/04/30 08:45:54.0332 2712 ================================================================================
2011/04/30 08:45:54.0332 2712 Scan finished
2011/04/30 08:45:54.0332 2712 ================================================================================

cosinus 01.05.2011 12:09
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hainz 04.05.2011 22:13
Der Download vom CC Cleaner hat leider nicht funktioniert kann ich trotzdem cofi.exe ausführen?

bzw. kann/ darf man ihn auch von einer anderen seite laden?

cosinus 05.05.2011 09:53
Ja geht auch ohne CCleaner notfalls.

Hainz 07.05.2011 02:36
hier der log

Combofix Logfile:
Code:
ComboFix 11-05-06.03 - Karl-Heinz 07.05.2011  3:25.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.4094.2661 [GMT 2:00]
ausgeführt von:: c:\users\Karl-Heinz\Desktop\cofi.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-07 bis 2011-05-07  ))))))))))))))))))))))))))))))
.
.
2011-05-07 01:31 . 2011-05-07 01:31        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-07 01:19 . 2011-05-07 01:20        --------        d-----w-        C:\cofi
2011-05-07 01:08 . 2010-09-20 12:14        316416        ----a-w-        c:\windows\system32\msshsq.dll
2011-05-07 01:08 . 2010-09-20 09:25        231936        ----a-w-        c:\windows\SysWow64\msshsq.dll
2011-05-05 03:32 . 2011-03-03 15:06        32256        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-05-05 03:32 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\SysWow64\Apphlpdm.dll
2011-05-05 03:32 . 2011-03-03 13:25        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-05 03:32 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-05-04 22:00 . 2010-02-24 09:28        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2011-05-04 21:58 . 2010-02-20 23:44        32768        ----a-w-        c:\windows\system32\nshhttp.dll
2011-05-04 21:58 . 2010-02-20 23:39        24064        ----a-w-        c:\windows\SysWow64\nshhttp.dll
2011-05-04 21:58 . 2010-02-20 23:42        33792        ----a-w-        c:\windows\system32\httpapi.dll
2011-05-04 21:58 . 2010-02-20 23:37        31232        ----a-w-        c:\windows\SysWow64\httpapi.dll
2011-05-04 21:58 . 2010-02-20 21:40        610304        ----a-w-        c:\windows\system32\drivers\http.sys
2011-05-04 21:55 . 2010-04-14 18:33        101376        ----a-w-        c:\windows\system32\MSNP.ax
2011-05-04 21:55 . 2010-04-14 17:46        80896        ----a-w-        c:\windows\SysWow64\MSNP.ax
2011-05-04 21:55 . 2010-04-14 18:35        375808        ----a-w-        c:\windows\system32\psisdecd.dll
2011-05-04 21:55 . 2010-04-14 18:35        289792        ----a-w-        c:\windows\system32\psisrndr.ax
2011-05-04 21:55 . 2010-04-14 17:47        293376        ----a-w-        c:\windows\SysWow64\psisdecd.dll
2011-05-04 21:55 . 2010-04-14 17:47        217088        ----a-w-        c:\windows\SysWow64\psisrndr.ax
2011-05-04 21:54 . 2009-11-08 08:55        99176        ----a-w-        c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-04 21:54 . 2009-11-08 08:55        49472        ----a-w-        c:\windows\SysWow64\netfxperf.dll
2011-05-04 21:54 . 2009-11-08 08:55        48960        ----a-w-        c:\windows\system32\netfxperf.dll
2011-05-04 21:54 . 2009-11-08 08:55        444752        ----a-w-        c:\windows\system32\mscoree.dll
2011-05-04 21:54 . 2009-11-08 08:55        320352        ----a-w-        c:\windows\system32\PresentationHost.exe
2011-05-04 21:54 . 2009-11-08 08:55        297808        ----a-w-        c:\windows\SysWow64\mscoree.dll
2011-05-04 21:54 . 2009-11-08 08:55        295264        ----a-w-        c:\windows\SysWow64\PresentationHost.exe
2011-05-04 21:54 . 2009-11-08 08:55        1942856        ----a-w-        c:\windows\system32\dfshim.dll
2011-05-04 21:54 . 2009-11-08 08:55        1130824        ----a-w-        c:\windows\SysWow64\dfshim.dll
2011-05-04 21:54 . 2009-11-08 08:55        109912        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2011-05-04 21:42 . 2009-11-03 22:42        35328        ----a-w-        c:\windows\system32\drivers\de-DE\http.sys.mui
2011-05-04 21:41 . 2009-12-28 12:42        143360        ----a-w-        c:\windows\system32\msvfw32.dll
2011-05-04 21:38 . 2010-08-31 15:41        954752        ----a-w-        c:\windows\SysWow64\mfc40.dll
2011-05-04 21:38 . 2010-08-31 15:41        954288        ----a-w-        c:\windows\SysWow64\mfc40u.dll
2011-05-04 21:37 . 2009-10-07 12:57        280576        ----a-w-        c:\windows\system32\rastls.dll
2011-05-04 21:37 . 2009-10-07 12:57        295936        ----a-w-        c:\windows\system32\raschap.dll
2011-05-04 21:37 . 2009-10-07 12:41        244224        ----a-w-        c:\windows\SysWow64\rastls.dll
2011-05-04 21:37 . 2009-10-07 12:41        281600        ----a-w-        c:\windows\SysWow64\raschap.dll
2011-05-04 21:37 . 2011-03-03 15:09        975872        ----a-w-        c:\windows\system32\inetcomm.dll
2011-05-04 21:37 . 2011-03-03 15:00        738816        ----a-w-        c:\windows\SysWow64\inetcomm.dll
2011-05-04 21:36 . 2010-10-18 14:25        87552        ----a-w-        c:\windows\system32\consent.exe
2011-05-04 21:36 . 2010-12-17 17:12        2424320        ----a-w-        c:\windows\system32\mstscax.dll
2011-05-04 21:36 . 2010-12-17 16:43        2067456        ----a-w-        c:\windows\SysWow64\mstscax.dll
2011-05-04 21:36 . 2010-12-17 15:35        730624        ----a-w-        c:\windows\system32\mstsc.exe
2011-05-04 21:36 . 2010-12-17 15:06        677888        ----a-w-        c:\windows\SysWow64\mstsc.exe
2011-05-04 21:35 . 2010-10-15 14:02        4692368        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-05-04 21:35 . 2010-10-15 13:43        1560960        ----a-w-        c:\windows\system32\ntdll.dll
2011-05-04 21:35 . 2010-10-15 13:43        1167488        ----a-w-        c:\windows\SysWow64\ntdll.dll
2011-05-04 21:33 . 2011-04-18 07:15        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BDE9815-C0B2-4712-A5EB-4C6211AE8C29}\mpengine.dll
2011-05-04 21:33 . 2010-04-05 16:51        84480        ----a-w-        c:\windows\system32\asycfilt.dll
2011-05-04 21:33 . 2010-04-05 16:07        67072        ----a-w-        c:\windows\SysWow64\asycfilt.dll
2011-05-04 21:31 . 2010-12-29 17:53        416768        ----a-w-        c:\windows\system32\sbe.dll
2011-05-04 21:31 . 2010-12-29 17:53        560128        ----a-w-        c:\windows\system32\EncDec.dll
2011-05-04 21:31 . 2010-12-29 17:51        226816        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-05-04 21:31 . 2010-12-29 17:41        323072        ----a-w-        c:\windows\SysWow64\sbe.dll
2011-05-04 21:31 . 2010-12-29 17:41        153088        ----a-w-        c:\windows\SysWow64\sbeio.dll
2011-05-04 21:31 . 2010-12-29 17:41        429056        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-05-04 21:31 . 2010-12-29 17:39        177664        ----a-w-        c:\windows\SysWow64\mpg2splt.ax
2011-05-04 21:31 . 2010-12-29 17:53        210944        ----a-w-        c:\windows\system32\sbeio.dll
2011-05-04 21:30 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-05-04 21:30 . 2011-03-03 10:49        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-05-04 21:30 . 2011-03-03 13:15        2760704        ----a-w-        c:\windows\system32\win32k.sys
2011-05-04 21:28 . 2010-01-15 00:04        98304        ----a-w-        c:\windows\SysWow64\cabview.dll
2011-05-04 21:28 . 2010-01-13 18:34        104960        ----a-w-        c:\windows\system32\cabview.dll
2011-05-04 21:28 . 2011-02-18 13:51        461312        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-05-04 21:28 . 2011-02-18 13:51        176128        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-05-04 21:28 . 2011-02-18 13:51        144896        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-05-04 21:27 . 2010-01-21 16:34        72192        ----a-w-        c:\windows\system32\l3codeca.acm
2011-05-04 21:27 . 2010-01-21 15:59        62464        ----a-w-        c:\windows\SysWow64\l3codeca.acm
2011-05-04 21:27 . 2010-10-28 13:17        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-05-04 21:27 . 2010-10-28 12:56        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-04-27 17:11 . 2010-04-16 16:40        1570816        ----a-w-        c:\windows\system32\quartz.dll
2011-04-27 17:11 . 2010-04-16 16:10        1314816        ----a-w-        c:\windows\SysWow64\quartz.dll
2011-04-27 17:11 . 2010-04-16 16:41        622080        ----a-w-        c:\windows\system32\usp10.dll
2011-04-27 17:11 . 2010-04-16 16:10        501760        ----a-w-        c:\windows\SysWow64\usp10.dll
2011-04-27 17:10 . 2010-08-10 15:36        343040        ----a-w-        c:\windows\system32\schannel.dll
2011-04-27 17:10 . 2010-08-10 15:02        274432        ----a-w-        c:\windows\SysWow64\schannel.dll
2011-04-27 17:10 . 2010-08-20 15:56        1090048        ----a-w-        c:\windows\system32\wmpmde.dll
2011-04-27 17:10 . 2010-08-20 15:21        866816        ----a-w-        c:\windows\SysWow64\wmpmde.dll
2011-04-22 19:20 . 2010-04-05 16:53        295424        ----a-w-        c:\windows\system32\MP4SDECD.DLL
2011-04-22 19:20 . 2010-04-05 16:08        317952        ----a-w-        c:\windows\SysWow64\MP4SDECD.DLL
2011-04-22 19:20 . 2010-10-12 16:16        35328        ----a-w-        c:\program files\Windows Mail\wabfind.dll
2011-04-22 19:20 . 2010-10-12 15:48        33280        ----a-w-        c:\program files (x86)\Windows Mail\wabfind.dll
2011-04-22 19:20 . 2010-10-12 14:15        68096        ----a-w-        c:\program files\Windows Mail\wabmig.exe
2011-04-22 19:20 . 2010-10-12 14:15        516096        ----a-w-        c:\program files\Windows Mail\wab.exe
2011-04-22 19:20 . 2010-10-12 13:52        66048        ----a-w-        c:\program files (x86)\Windows Mail\wabmig.exe
2011-04-22 19:20 . 2010-10-12 13:52        515584        ----a-w-        c:\program files (x86)\Windows Mail\wab.exe
2011-04-22 19:20 . 2010-06-17 17:55        16361984        ----a-w-        c:\program files\Movie Maker\MOVIEMK.dll
2011-04-22 19:19 . 2010-06-17 16:29        150528        ----a-w-        c:\program files\Movie Maker\MOVIEMK.exe
2011-04-22 19:19 . 2009-10-14 15:24        27136        ----a-w-        c:\program files\Movie Maker\WMM2EXT.dll
2011-04-22 19:15 . 2011-03-10 16:30        1360384        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-22 19:15 . 2011-03-10 16:30        1398784        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-22 19:15 . 2011-03-10 16:12        1136640        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-04-22 19:15 . 2011-03-10 16:12        1161728        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-04-22 19:15 . 2011-02-16 15:36        48128        ----a-w-        c:\windows\system32\atmlib.dll
2011-04-22 19:15 . 2011-02-16 15:29        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-04-22 19:15 . 2011-02-16 13:44        367616        ----a-w-        c:\windows\system32\atmfd.dll
2011-04-22 19:15 . 2011-02-16 13:24        292864        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-04-22 19:15 . 2010-06-16 15:52        96256        ----a-w-        c:\windows\system32\fontsub.dll
2011-04-22 19:15 . 2010-06-16 15:12        72704        ----a-w-        c:\windows\SysWow64\fontsub.dll
2011-04-22 19:14 . 2009-04-02 12:37        604672        ----a-w-        c:\windows\SysWow64\WMSPDMOD.DLL
2011-04-22 19:14 . 2009-04-02 12:39        818688        ----a-w-        c:\windows\system32\WMSPDMOD.DLL
2011-04-22 19:14 . 2009-04-23 12:42        636928        ----a-w-        c:\windows\SysWow64\localspl.dll
2011-04-22 19:14 . 2009-04-23 13:17        791552        ----a-w-        c:\windows\system32\localspl.dll
2011-04-22 19:14 . 2009-09-10 15:21        1418752        ----a-w-        c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-04-22 19:14 . 2009-09-10 15:21        310784        ----a-w-        c:\windows\SysWow64\unregmp2.exe
2011-04-22 19:13 . 2009-09-10 15:48        1486848        ----a-w-        c:\program files\Windows Media Player\setup_wm.exe
2011-04-22 19:13 . 2009-09-10 15:48        372736        ----a-w-        c:\windows\system32\unregmp2.exe
2011-04-22 19:11 . 2011-02-18 13:50        135168        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-04-22 19:11 . 2011-02-18 13:50        273920        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-04-22 19:11 . 2011-02-18 13:50        105472        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-04-22 19:11 . 2011-02-18 13:50        90624        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-04-22 19:11 . 2010-06-11 16:08        1875456        ----a-w-        c:\windows\system32\msxml3.dll
2011-04-22 19:11 . 2010-06-11 15:30        1257472        ----a-w-        c:\windows\SysWow64\msxml3.dll
2011-04-22 19:10 . 2010-11-06 11:10        357376        ----a-w-        c:\windows\SysWow64\taskschd.dll
2011-04-22 19:10 . 2010-11-06 04:35        499712        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2011-04-22 19:10 . 2010-11-06 04:35        655872        ----a-w-        c:\windows\system32\taskschd.dll
2011-04-22 19:10 . 2010-11-06 04:35        410112        ----a-w-        c:\windows\system32\taskcomp.dll
2011-04-22 19:10 . 2010-11-06 04:35        854528        ----a-w-        c:\windows\system32\schedsvc.dll
2011-04-22 19:10 . 2010-11-05 00:53        171520        ----a-w-        c:\windows\SysWow64\taskeng.exe
2011-04-22 19:10 . 2010-11-04 21:16        267776        ----a-w-        c:\windows\system32\taskeng.exe
2011-04-22 19:10 . 2010-11-06 11:10        270336        ----a-w-        c:\windows\SysWow64\taskcomp.dll
2011-04-22 18:44 . 2010-05-27 19:16        81920        ----a-w-        c:\windows\SysWow64\iccvid.dll
2011-04-22 18:44 . 2011-03-02 15:10        117760        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-04-22 18:44 . 2009-05-04 10:38        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:06 . 2011-05-05 03:32        100352        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06 . 2011-05-05 03:32        331776        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06 . 2011-05-05 03:32        281600        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 14:56 . 2011-05-05 03:32        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-05-05 03:32        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-05-05 03:32        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-05-05 03:32        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-02-18 15:36 . 2011-02-18 15:36        51712        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ICQ"="c:\progra~2\ICQ6.5\ICQ.exe" [2010-11-16 172856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-01 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 11:30        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-07 c:\windows\Tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-688148533-2580855891-255624100-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3c,57,2c,e7,50,2f,77,22,52,5a,30,75,fe,08,90,9d,49,25,fa,62,87,68,25,
  72,21,32,b9,28,d5,b6,78,34,a4,f9,00,c3,b3,eb,2e,7b,2d,de,bd,3c,71,3b,75,00,\
"??"=hex:b4,7e,b4,c6,21,49,5a,fc,45,d2,23,b3,28,4d,83,60
.
[HKEY_USERS\S-1-5-21-688148533-2580855891-255624100-1000\Software\SecuROM\License information*]
"datasecu"=hex:49,69,8d,f0,c0,3b,36,cd,15,9a,7c,4f,39,6c,b8,54,64,c7,6c,ae,ca,
  f6,d4,8e,03,7a,c2,72,c8,ee,9d,b9,e8,fb,c8,79,8f,b5,a2,eb,cb,b3,b9,da,77,32,\
"rkeysecu"=hex:f0,73,67,41,03,7c,c6,f7,aa,6e,7c,74,95,c9,56,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2011-05-07  03:34:13
ComboFix-quarantined-files.txt  2011-05-07 01:34
.
Vor Suchlauf: 20 Verzeichnis(se), 413.428.371.456 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 412.237.262.848 Bytes frei
.
- - End Of File - - A0311B380BFEBE76FCE833EF65872CB2
--- --- ---

cosinus 07.05.2011 14:32
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Hainz 07.05.2011 16:37
hier der log .... stören sich die ganzen tools nicht auch untereinander?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: P5Q-PRO
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 136):
0x02060000 \SystemRoot\system32\ntoskrnl.exe
0x0201A000 \SystemRoot\system32\hal.dll
0x00602000 \SystemRoot\system32\kdcom.dll
0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00639000 \SystemRoot\system32\PSHED.dll
0x0064D000 \SystemRoot\system32\CLFS.SYS
0x006AA000 \SystemRoot\system32\CI.dll
0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F7000 \SystemRoot\system32\drivers\acpi.sys
0x0094D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00956000 \SystemRoot\system32\drivers\msisadrv.sys
0x00960000 \SystemRoot\system32\drivers\pci.sys
0x00990000 \SystemRoot\System32\drivers\partmgr.sys
0x009A5000 \SystemRoot\system32\drivers\volmgr.sys
0x0075C000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B9000 \SystemRoot\system32\drivers\pciide.sys
0x009C0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys
0x009E3000 \SystemRoot\system32\drivers\atapi.sys
0x007C2000 \SystemRoot\system32\drivers\ataport.SYS
0x00A0E000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A54000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A68000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C07000 \SystemRoot\system32\drivers\ndis.sys
0x00AEF000 \SystemRoot\system32\drivers\msrpc.sys
0x00B3F000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E00000 \SystemRoot\System32\drivers\tcpip.sys
0x00F74000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01004000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01188000 \SystemRoot\system32\drivers\volsnap.sys
0x011CC000 \SystemRoot\System32\Drivers\spldr.sys
0x011D4000 \SystemRoot\System32\Drivers\mup.sys
0x00FA0000 \SystemRoot\System32\drivers\ecache.sys
0x011E6000 \SystemRoot\system32\drivers\disk.sys
0x00FCC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DCA000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DEE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00B97000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00BA0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02409000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02A74000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02B53000 \SystemRoot\System32\drivers\watchdog.sys
0x02B62000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02B75000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02B81000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02BC7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02BD8000 \SystemRoot\system32\DRIVERS\L1E60x64.sys
0x02BEB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x00BB3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x00BC3000 \SystemRoot\system32\DRIVERS\fdc.sys
0x02400000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x00BD0000 \SystemRoot\system32\DRIVERS\serial.sys
0x00BED000 \SystemRoot\system32\DRIVERS\serenum.sys
0x007E6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02204000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02220000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0222D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02265000 \SystemRoot\system32\DRIVERS\storport.sys
0x022C2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x022CF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x022F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x022FE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0232F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0233F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0235D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02375000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02387000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02393000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02395000 \SystemRoot\system32\DRIVERS\ks.sys
0x023C9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x023D4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02E05000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02E4C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x02E57000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02E6B000 \SystemRoot\system32\drivers\HdAudio.sys
0x02EB4000 \SystemRoot\system32\drivers\portcls.sys
0x02EEF000 \SystemRoot\system32\drivers\drmk.sys
0x02F12000 \SystemRoot\system32\drivers\ksthunk.sys
0x03E01000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x03F5A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03F64000 \SystemRoot\System32\Drivers\Null.SYS
0x03F6D000 \SystemRoot\System32\drivers\vga.sys
0x03F7B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03FA0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03FA9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03FB2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03FBD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03FCE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x03FD7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02F18000 \SystemRoot\system32\DRIVERS\smb.sys
0x02F33000 \SystemRoot\system32\drivers\afd.sys
0x02FA0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04003000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04021000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04030000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0404B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04099000 \SystemRoot\system32\drivers\nsiproxy.sys
0x040A5000 \SystemRoot\System32\Drivers\dfsc.sys
0x040C2000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x040C9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x040D7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x040E3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x040EB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x040F4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04106000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0410E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04110000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x0411B000 \SystemRoot\System32\drivers\Dxapi.sys
0x04127000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x0413A000 \SystemRoot\system32\drivers\luafv.sys
0x0415C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x05601000 \SystemRoot\system32\drivers\spsys.sys
0x0569B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x056AF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x056C7000 \SystemRoot\system32\drivers\HTTP.sys
0x05766000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0578F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x057AD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x057C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04173000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x041BC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05C0A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05C3C000 \SystemRoot\System32\DRIVERS\srv.sys
0x05CD3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x05CDE000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x05D2D000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x05D3A000 \SystemRoot\system32\drivers\peauth.sys
0x05DF0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x057F0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x041DB000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x772F0000 \Windows\System32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
416 C:\Windows\System32\smss.exe
548 csrss.exe
600 C:\Windows\System32\wininit.exe
620 csrss.exe
656 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
292 C:\Windows\System32\Ati2evxx.exe
312 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\svchost.exe
528 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\audiodg.exe
804 C:\Windows\System32\SLsvc.exe
1048 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\spoolsv.exe
1464 C:\Windows\System32\Ati2evxx.exe
1472 C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
1496 C:\Windows\System32\svchost.exe
1884 C:\Windows\System32\taskeng.exe
1904 C:\Windows\System32\dwm.exe
1936 C:\Windows\explorer.exe
1980 C:\Windows\System32\taskeng.exe
1152 C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe
1488 C:\Windows\RAVCpl64.exe
1232 C:\Program Files\Windows Sidebar\sidebar.exe
2120 C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
2156 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2184 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2216 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2232 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2372 C:\Windows\SysWOW64\PnkBstrA.exe
2432 C:\Windows\SysWOW64\PnkBstrB.exe
2444 C:\Windows\System32\svchost.exe
2468 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\svchost.exe
2556 C:\Windows\System32\SearchIndexer.exe
2996 C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
2060 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
504 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1760 C:\Program Files\Windows Media Player\wmpnscfg.exe
1108 C:\Program Files\Windows Media Player\wmpnetwk.exe
3152 C:\Program Files\iPod\bin\iPodService.exe
3444 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3576 C:\Windows\System32\taskeng.exe
3896 C:\Windows\System32\SearchProtocolHost.exe
3952 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3936 WmiPrvSE.exe
244 C:\Windows\servicing\TrustedInstaller.exe
1728 C:\Windows\System32\wuauclt.exe
3748 C:\Windows\System32\wbem\WMIADAP.exe
944 WmiPrvSE.exe
3844 C:\Users\Karl-Heinz\Desktop\MBRCheck.exe
3836 C:\Windows\SysWOW64\conime.exe
3336 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3750330AS, Rev: MX15

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 07.05.2011 16:46
Wenn sich die Tools stören würden, hätte ich sie dir ja wohl kaum aufgegeben ;)
Was ist mit GMER?

Hainz 07.05.2011 19:04
das mit gmer hat nicht funktioniert hast ja gemeint das man es nicht zwingend braucht dachte das ist dann ok...


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:27 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131