Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x (https://www.trojaner-board.de/98934-google-spinnt-mir-tojaner-maleware-weiss-x_x.html)

Timcanpy 11.05.2011 02:29
Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x
 
Hallo zusammen. Wie bereits erwähnt, spinnt Google bei mir.

Mein Problem ist, dass die Links, die mir Google bei einer Suche gibt, immer auf Seiten wie pcabusers.com oder andere Seiten springt.

Ich habe schon Avira, Spybot Search & Destroy und Trojaner Remover laufen lassen, aber das bringt immer noch nichts. Hab auch Anleitungen zum Entfernen von Trojanern versucht, bin aber zu doof dafür glaub ich.

Bin am verzweifeln und ich bin nicht wirklich der hellste am PC.

(Sry wenn das jetzt im falschen Bereich ist.)

Ach und was mir gerade noch auffält... es kommt immer eine Nachricht, dass ein Skriptfehler aufgetaucht ist. Auf Seiten, die ich weder mit Firefox, noch mit dem IE geöffnet habe. Benutze nur Firefox, das Fenster sagt aber etwas von einem IE Skriptfehler... Auch spielt mein PC Audiodateien (hört sich so an, als ob das Webung wär) ab, die ich nirgendswo geöffnet haben kann... ich verzweifel gerade echt...

kira 11.05.2011 07:12
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

► Falls es Meldung/Bericht von deinem Antivirenprogramm oder andere Schutzprogramme gibt, bitte posten! Was gefunden und vor allem wo...
► Beschreibe, welche Versuche unternommen hast, um das Problem zu lösen (die schon vorhandenen Ergebnisse auch posten):
Code:
Avira
Spybot
Trojan Remover
1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow

Timcanpy 11.05.2011 15:17
Malwarebytes Anti-Malware Ergebnisse (die anderen Schritte folgen noch)
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6554

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.05.2011 16:15:50
mbam-log-2011-05-11 (16-15-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|E:\|)
Durchsuchte Objekte: 266552
Laufzeit: 1 Stunde(n), 48 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\moonxxxxxx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\portwexexe (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.
c:\portwexexe.exe (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.
c:\syscheckrt (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\moonxxxxxx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\portwexexe\config.bin (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.
c:\portwexexe.exe\config.bin (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.
c:\syscheckrt\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Timcanpy 11.05.2011 17:41
OTL (1. Logfile)
Code:
OTL logfile created on: 11.05.2011 18:25:28 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,04 Gb Total Space | 128,38 Gb Free Space | 57,56% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_3f211bc.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Beep) -- C:\Windows\System32\beep.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} -  File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 05:29:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 05:29:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 22:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 22:21:17 | 000,000,000 | ---D | M]
 
[2010.01.31 20:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011.05.06 21:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions
[2011.03.30 16:23:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 01:11:51 | 000,000,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\icqplugin.xml
[2011.01.19 14:24:17 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\youtube-videosuche.xml
[2011.02.22 01:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 01:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 01:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.02.05 04:02:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.05.06 22:21:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.06 22:21:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 22:21:16 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.05.06 22:21:16 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.06 22:21:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.06 22:21:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.06 22:21:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [JavaInstallRetry]  File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell - "" = AutoRun
O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.11 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011.05.11 13:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.11 13:43:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.11 13:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.11 13:43:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.11 02:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.05.11 02:35:08 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software
[2011.05.11 02:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.05.11 02:34:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.05.07 16:09:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys
[2011.04.27 05:41:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 05:41:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.27 05:41:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.22 19:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011.04.22 19:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo
[2011.04.13 06:13:15 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 06:13:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 06:13:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 06:13:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 06:13:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 06:12:55 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 06:12:55 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 06:12:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 06:12:55 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 06:12:54 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.13 06:12:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.13 06:12:50 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 06:12:48 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.13 06:12:48 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.11 18:23:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.11 18:23:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.11 18:07:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000UA.job
[2011.05.11 16:28:27 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.11 16:28:27 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.11 16:28:27 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.11 16:28:27 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.11 16:23:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.11 15:02:16 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.05.11 13:43:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.11 10:07:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000Core.job
[2011.05.11 02:34:58 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.05.10 20:32:11 | 000,228,864 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.08 20:11:42 | 000,002,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk
[2011.05.08 20:11:32 | 000,000,858 | ---- | M] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk
[2011.05.08 11:11:38 | 000,002,037 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2011.05.03 22:00:33 | 000,019,014 | ---- | M] () -- C:\Users\User\Desktop\English Abi.rtf
[2011.04.22 19:46:28 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.04.14 03:32:48 | 003,624,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.05.11 13:43:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.11 02:34:58 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.05.11 02:34:55 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.05.11 02:34:55 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.05.11 02:34:55 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.05.11 02:34:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.05.08 20:11:42 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk
[2011.05.08 20:11:32 | 000,000,858 | ---- | C] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk
[2011.05.06 22:21:18 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.03 21:46:06 | 000,019,014 | ---- | C] () -- C:\Users\User\Desktop\English Abi.rtf
[2011.04.22 19:46:15 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.03.05 23:42:40 | 000,151,301 | ---- | C] () -- C:\Windows\Proteinbiosynthese Uninstaller.exe
[2010.10.13 16:59:57 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.13 16:59:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.07.21 16:52:33 | 000,000,552 | ---- | C] () -- C:\Users\User\AppData\Local\d3d8caps.dat
[2010.07.07 21:07:25 | 000,228,864 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.07 00:34:57 | 000,000,760 | ---- | C] () -- C:\Users\User\AppData\Roaming\setup_ldm.iss
[2010.05.01 11:58:13 | 000,000,683 | ---- | C] () -- C:\Windows\wininit.ini
[2010.03.13 19:00:28 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.18 19:56:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.02 10:15:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.02 10:15:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.02 02:12:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.01 17:52:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\106B5E8615.sys
[2010.02.01 17:52:58 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.02.13 23:35:20 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008.02.13 14:44:41 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008.01.21 10:21:25 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 003,624,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
 
========== Files - Unicode (All) ==========
[2010.11.05 11:08:08 | 000,000,000 | ---D | M](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그
[2010.11.05 11:08:08 | 000,000,000 | ---D | C](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
(2. Logfile)
Code:
OTL Extras logfile created on: 11.05.2011 18:25:28 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,04 Gb Total Space | 128,38 Gb Free Space | 57,56% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29CD9AD3-6B3D-4FB8-A01A-9949C9380A67}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{580246D6-51C8-47D5-BEA9-00C3A4B26B42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{763A29CB-B868-4856-B660-753B473979C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A0EB756A-24B5-407F-B1A4-DD7C3149439E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB48D45-42C9-40DC-AF50-F750168A224A}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{1B530998-F061-4296-9A30-614D3D6573CD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{2937ACF5-4FCF-4776-AF2F-2EB181A199D6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{308DD4AB-4434-4625-B074-99A27F1AA90E}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{36A0121F-18EB-42B7-AEE5-F4861B3D01D5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4856A642-1D7F-4519-9731-DB8123AE513D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4A87644B-1AB1-472C-9B29-C79DC70F46E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{4E18EF97-B8FF-4219-9F78-715700C5DB44}" = protocol=6 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{51908FC7-AEB3-4415-98FD-A431C6CC5046}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5373CE04-8EDA-4D0F-A6F6-0AD68F2C177B}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5AE2864A-F7B8-4D91-A40A-DF821D0941CB}" = protocol=17 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{6930FB1D-2D26-40E5-90E0-B5244D275B00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B683A82-FDBE-4A78-88B8-B2D20D49B20F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7A9D848F-2D18-426C-A3C4-C16D9D0C1444}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88026AD3-26FF-4C91-8B5C-C47E6AF5F64C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{894D3D0A-2915-4377-A5FB-B93A4FCFB66C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8AA18992-976C-41CE-B9E9-3F1CCC650A43}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8E2B0961-7FC7-41FF-A787-F1EC3A656F2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A38469D5-023B-487D-BC49-B84C9D18DC97}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{AB55AD93-9210-433D-B81A-77D29DAEA076}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B48A0EB1-57BD-4848-BA89-50F1A4633F73}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{BECCF2BF-3782-4D1D-B7D0-79489DAC5B99}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C46CF48F-3350-4886-8A92-6C32F731C34E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C5939EA9-4B02-494D-A471-6909BEB73884}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D163CA54-3AB1-4F56-84B0-6D6A7D780CB2}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{D3D39046-9040-4AD7-B873-346C6E2FC8BE}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{DFC6D880-47D0-402A-A20A-72CC5BB5150A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA6F1683-2A5C-47CA-9F9A-BB017407231F}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{FAD2CBFA-30C7-4EFB-8B31-31F7B1F3C6AC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{1A745B49-1DDF-49F9-9A36-1ABD779DBF91}C:\users\user\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\maestia-downloader.exe |
"TCP Query User{513A14B1-1BFE-4A07-AD5C-E37FAC95CE5D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{52E5C4FD-789F-4CEB-9667-CA8FF55831A4}C:\program files\alaplaya\loco\system\loco.exe" = protocol=6 | dir=in | app=c:\program files\alaplaya\loco\system\loco.exe |
"TCP Query User{55743758-C1D7-4426-99F3-C8921135D8DE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{596D771D-DAB4-44E5-9ED8-F97F281362D6}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
"TCP Query User{647C7D15-E698-4BFF-ACEB-7CD2FAED5A75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C0157D1E-27FA-4732-95B7-8CC8CC6221C1}C:\users\user\desktop\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\rohan\rohanclient.exe |
"TCP Query User{D156C566-CE7F-440F-BD25-BE3A67C64030}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{D1EF8C53-A594-4006-B785-DB92EBC3D728}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{0018A949-BC9C-493D-80A1-0D2F22126728}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0AC144C7-3BD6-4EB8-B2A4-978F983AE72D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{168D25D1-B6BF-4DE0-94EE-D3D5FBCA6731}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{66D02D8B-99CD-489D-9D1C-1FBD76ABEB23}C:\users\user\desktop\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\rohan\rohanclient.exe |
"UDP Query User{966CE106-159F-4420-BEB6-ED5F1D5AB1AE}C:\program files\alaplaya\loco\system\loco.exe" = protocol=17 | dir=in | app=c:\program files\alaplaya\loco\system\loco.exe |
"UDP Query User{A1D503CD-F828-41D6-BC1D-194D793B5553}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{AAA4E197-570C-4303-BC10-145E138A5543}C:\users\user\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\maestia-downloader.exe |
"UDP Query User{ED44FC36-3A43-495E-90EA-707C263FEB39}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FE3BDE88-9D2C-48AC-B8AF-535763D0FC57}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C0A2E-3837-4BAC-9AEC-4E7D84808035}" = Loong
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software  1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FrostWire" = FrostWire 4.21.3
"HaaliMkx" = Haali Media Splitter
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Proteinbiosynthese" = Proteinbiosynthese
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2011 20:28:09 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8502
 
Error - 01.05.2011 20:28:10 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.05.2011 20:28:10 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9594
 
Error - 01.05.2011 20:28:10 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9594
 
Error - 01.05.2011 20:47:08 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.05.2011 19:50:41 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.05.2011 06:34:14 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.05.2011 08:31:36 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.05.2011 14:57:04 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.05.2011 15:00:31 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.4127, Zeitstempel
 0x4daf62c6, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048822,  Prozess-ID 0x88c, Anwendungsstartzeit
 01cc0b3cb41e1bf7.
 
[ System Events ]
Error - 10.05.2011 06:47:27 | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 10.05.2011 20:37:56 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 10.05.2011 21:02:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 11.05.2011 00:20:05 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
 
Error - 11.05.2011 00:20:06 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
 
Error - 11.05.2011 00:20:24 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
 
Error - 11.05.2011 00:20:24 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
 
Error - 11.05.2011 00:22:29 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =
 
Error - 11.05.2011 00:24:07 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 11.05.2011 10:24:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

Timcanpy 11.05.2011 17:46
hjtscanlist

Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.0.6002]
 
 
C:

      C:\pagefile.sys ---------   
  11.05.2011 14:19    C:\ProgramData --------- 8192 
  11.05.2011 13:43    C:\Program Files --------- 24576 
  11.05.2011 07:43    C:\System Volume Information --------- 20480 
  10.05.2011 17:50    C:\Windows --------- 20480 
  12.02.2011 17:58    C:\DVDVideoSoft --------- 0 
  08.01.2011 21:04    C:\Perfect World Entertainment --------- 4096 
  14.12.2010 20:50    C:\Download --------- 4096 
  14.12.2010 02:14    C:\gamigo --------- 0 
  29.11.2010 06:33    C:\Nexon --------- 0 
  23.11.2010 02:23    C:\RocWorks --------- 0 
  07.02.2010 14:09    C:\Boot --------- 4096 
  31.01.2010 23:57    C:\ISO --------- 0 
  31.01.2010 15:17    C:\$Recycle.Bin --------- 0 
  31.01.2010 15:16    C:\Users --------- 4096 
  31.01.2010 15:13    C:\Programme --------- 0 
  31.01.2010 15:13    C:\Dokumente und Einstellungen --------- 0 
  11.04.2009 08:36    C:\bootmgr --------- 333257 
  27.02.2008 17:00    C:\MSDOS.SYS --------- 0 
  27.02.2008 17:00    C:\IO.SYS --------- 0 
  15.02.2008 09:47    C:\MBDOC --------- 0 
  13.02.2008 23:36    C:\BOOTSECT.BAK --------- 8192 
  13.02.2008 14:46    C:\sources --------- 45056 
  13.02.2008 14:43    C:\RHDSetup.log --------- 420 
  08.02.2008 14:35    C:\BundleSW --------- 0 
  21.01.2008 04:43    C:\PerfLogs --------- 0 
  14.02.2007 22:24    C:\unattend.xml --------- 1656 
  18.09.2006 23:43    C:\config.sys --------- 10 
  18.09.2006 23:43    C:\autoexec.bat --------- 24 
  24.03.2006 15:16    C:\Recycled --------- 0 
----------------------------------------

 
C:\Windows

  11.05.2011 16:27    C:\Windows\WindowsUpdate.log --------- 1204866 
  11.05.2011 16:23    C:\Windows\bootstat.dat --------- 67584 
  11.05.2011 15:02    C:\Windows\NeroDigital.ini --------- 49 
  11.05.2011 06:23    C:\Windows\PFRO.log --------- 125318 
  22.04.2011 19:46    C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini --------- 262 
  05.03.2011 23:42    C:\Windows\Proteinbiosynthese Uninstaller.exe --------- 151301 
  04.11.2010 23:10    C:\Windows\NEXON_EU_DownloaderUpdater.exe --------- 446464 
  03.08.2010 00:48    C:\Windows\system.ini --------- 219 
  07.07.2010 01:10    C:\Windows\msxmlcab.log --------- 101 
  01.05.2010 11:58    C:\Windows\_detmp.1 --------- 3913 
  01.05.2010 11:58    C:\Windows\wininit.ini --------- 683 
  01.05.2010 11:58    C:\Windows\tmpcpyis.bat --------- 140 
  01.05.2010 11:58    C:\Windows\tmpdelis.bat --------- 122 
  01.05.2010 11:58    C:\Windows\winstart.bat --------- 26 
  07.02.2010 13:33    C:\Windows\ie8_main.log --------- 2067 
  07.02.2010 05:27    C:\Windows\DPINST.LOG --------- 8688 
  03.02.2010 16:17    C:\Windows\msxml4-KB954430-enu.LOG --------- 274314 
  03.02.2010 16:17    C:\Windows\msxml4-KB973688-enu.LOG --------- 285198 
  31.01.2010 15:02    C:\Windows\TSSysprep.log --------- 3652 
  31.01.2010 15:01    C:\Windows\DtcInstall.log --------- 4257 
  11.04.2009 08:27    C:\Windows\explorer.exe --------- 2926592 
  14.02.2008 13:50    C:\Windows\DirectX.log --------- 26885 
  13.02.2008 14:42    C:\Windows\DIFxAPI.dll --------- 319456 
  13.02.2008 14:42    C:\Windows\HideWin.exe --------- 315392 
  08.02.2008 14:36    C:\Windows\csup.txt --------- 10 
  21.01.2008 04:57    C:\Windows\WindowsShell.Manifest --------- 749 
  21.01.2008 04:34    C:\Windows\regedit.exe --------- 134656 
  21.01.2008 04:34    C:\Windows\bfsvc.exe --------- 58880 
  21.01.2008 04:34    C:\Windows\fveupdate.exe --------- 13312 
  21.01.2008 04:33    C:\Windows\HelpPane.exe --------- 498176 
  21.01.2008 04:33    C:\Windows\notepad.exe --------- 151040 
  26.06.2007 15:12    C:\Windows\UNNeroVision.exe --------- 972072 
  23.04.2007 17:42    C:\Windows\UNRecode.exe --------- 972336 
  10.04.2007 17:01    C:\Windows\RtHDVCpl.exe --------- 4431872 
  04.04.2007 18:22    C:\Windows\SkyTel.exe --------- 1822720 
  16.01.2007 11:39    C:\Windows\RtlUpd.exe --------- 1191936 
  12.01.2007 17:54    C:\Windows\RtlExUpd.dll --------- 520192 
  02.11.2006 15:01    C:\Windows\win.ini --------- 144 
  02.11.2006 14:34    C:\Windows\WMSysPr9.prx --------- 316640 
  02.11.2006 14:33    C:\Windows\twunk_16.exe --------- 49680 
  02.11.2006 14:33    C:\Windows\twunk_32.exe --------- 31232 
  02.11.2006 14:33    C:\Windows\twain_32.dll --------- 50688 
  02.11.2006 14:33    C:\Windows\twain.dll --------- 94784 
  02.11.2006 11:45    C:\Windows\winhlp32.exe --------- 9216 
  02.11.2006 11:45    C:\Windows\hh.exe --------- 14848 
  02.11.2006 09:46    C:\Windows\mib.bin --------- 43131 
  19.09.2006 13:41    C:\Windows\HomeBasic.xml --------- 8286 
  18.09.2006 23:43    C:\Windows\_default.pif --------- 707 
  18.09.2006 23:43    C:\Windows\winhelp.exe --------- 256192 
  18.09.2006 23:30    C:\Windows\msdfmap.ini --------- 1405 
  30.08.2005 22:37    C:\Windows\UNNeroVision.cfg --------- 50 
  30.08.2005 22:36    C:\Windows\UNRecode.cfg --------- 50 
  15.05.1998 13:27    C:\Windows\_detmp.2 --------- 36352 
  17.12.1997 18:33    C:\Windows\IsUninst.exe --------- 304128 
  08.04.1997 20:08    C:\Windows\uninst.exe --------- 299520 
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:33      C:\Windows\System\mciseq.drv --------- 25264
 02.11.2006 14:33      C:\Windows\System\mciwave.drv --------- 28160
 02.11.2006 14:33      C:\Windows\System\avifile.dll --------- 109456
 02.11.2006 14:33      C:\Windows\System\mciavi.drv --------- 73376
 02.11.2006 14:33      C:\Windows\System\avicap.dll --------- 69584
 02.11.2006 14:33      C:\Windows\System\msvideo.dll --------- 126912
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------

 
C:\Windows\System32

 11.05.2011 18:23    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3216 
 11.05.2011 18:23    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3216 
 11.05.2011 16:28    C:\Windows\system32\perfh009.dat --------- 595798 
 11.05.2011 16:28    C:\Windows\system32\perfh007.dat --------- 628504 
 11.05.2011 16:28    C:\Windows\system32\perfc009.dat --------- 103872 
 11.05.2011 16:28    C:\Windows\system32\perfc007.dat --------- 126248 
 11.05.2011 16:28    C:\Windows\system32\PerfStringBackup.INI --------- 1445310 
 11.05.2011 16:23    C:\Windows\system32\drivers --------- 57344 
 11.05.2011 12:36    C:\Windows\system32\catroot --------- 12288 
 08.05.2011 19:06    C:\Windows\system32\spool --------- 4096 
 03.05.2011 04:11    C:\Windows\system32\catroot2 --------- 4096 
 18.04.2011 15:46    C:\Windows\system32\mrt.exe --------- 42181064 
 14.04.2011 03:32    C:\Windows\system32\FNTCACHE.DAT --------- 3624312 
 12.03.2011 23:55    C:\Windows\system32\XpsPrint.dll --------- 876032 
 10.03.2011 19:03    C:\Windows\system32\mfc42u.dll --------- 1162240 
 10.03.2011 19:03    C:\Windows\system32\mfc42.dll --------- 1136640 
 03.03.2011 17:42    C:\Windows\system32\inetcomm.dll --------- 739328 
 03.03.2011 17:40    C:\Windows\system32\Apphlpdm.dll --------- 28672 
 03.03.2011 15:35    C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 
 03.03.2011 15:25    C:\Windows\system32\win32k.sys --------- 2041856 
 02.03.2011 17:44    C:\Windows\system32\dnsrslvr.dll --------- 86528 
 02.03.2011 17:44    C:\Windows\system32\dnsapi.dll --------- 168448 
 24.02.2011 04:04    C:\Windows\system32\de-DE --------- 327680 
 24.02.2011 04:03    C:\Windows\system32\WindowsPowerShell --------- 0 
 22.02.2011 16:13    C:\Windows\system32\XpsGdiConverter.dll --------- 288768 
 22.02.2011 15:33    C:\Windows\system32\DWrite.dll --------- 1068544 
 22.02.2011 15:33    C:\Windows\system32\FntCache.dll --------- 797696 
 22.02.2011 01:51    C:\Windows\system32\jupdate-1.6.0_24-b07.log --------- 3305 
 18.02.2011 18:38    C:\Windows\system32\wininet.dll --------- 834048 
 18.02.2011 18:38    C:\Windows\system32\urlmon.dll --------- 1176064 
 18.02.2011 18:36    C:\Windows\system32\mstime.dll --------- 671232 
 18.02.2011 18:36    C:\Windows\system32\mshtmled.dll --------- 477696 
 18.02.2011 18:36    C:\Windows\system32\mshtml.dll --------- 3608576 
 18.02.2011 18:36    C:\Windows\system32\msfeeds.dll --------- 471040 
 18.02.2011 18:35    C:\Windows\system32\iepeers.dll --------- 193024 
 18.02.2011 18:35    C:\Windows\system32\ieframe.dll --------- 6089216 
 18.02.2011 18:35    C:\Windows\system32\ieapfltr.dll --------- 380928 
 18.02.2011 17:45    C:\Windows\system32\ieencode.dll --------- 78336 
 18.02.2011 16:49    C:\Windows\system32\html.iec --------- 389632 
 16.02.2011 18:21    C:\Windows\system32\vbscript.dll --------- 430080 
 16.02.2011 18:18    C:\Windows\system32\jscript.dll --------- 512000 
 16.02.2011 18:16    C:\Windows\system32\atmlib.dll --------- 34304 
 16.02.2011 16:02    C:\Windows\system32\atmfd.dll --------- 292864 
 07.02.2011 16:04    C:\Windows\system32\WDI --------- 4096 
 06.02.2011 00:29    C:\Windows\system32\Tasks --------- 4096 
 02.02.2011 22:40    C:\Windows\system32\javaws.exe --------- 157472 
 02.02.2011 22:40    C:\Windows\system32\javaw.exe --------- 145184 
 02.02.2011 22:40    C:\Windows\system32\java.exe --------- 145184 
 02.02.2011 22:40    C:\Windows\system32\deployJava1.dll --------- 472808 
 02.02.2011 18:11    C:\Windows\system32\MpSigStub.exe --------- 222080 
 21.01.2011 18:35    C:\Windows\system32\shlwapi.dll --------- 353280 
 21.01.2011 18:35    C:\Windows\system32\shell32.dll --------- 11586048 
 20.01.2011 18:08    C:\Windows\system32\dxgi.dll --------- 478720 
 20.01.2011 18:08    C:\Windows\system32\d3d10core.dll --------- 189952 
 20.01.2011 18:08    C:\Windows\system32\d3d10_1core.dll --------- 219648 
 20.01.2011 18:08    C:\Windows\system32\d3d10_1.dll --------- 160768 
 20.01.2011 18:08    C:\Windows\system32\d3d10.dll --------- 1029120 
 20.01.2011 18:07    C:\Windows\system32\cdd.dll --------- 37376 
 20.01.2011 18:07    C:\Windows\system32\winspool.drv --------- 258048 
 20.01.2011 18:07    C:\Windows\system32\stobject.dll --------- 586240 
 20.01.2011 18:07    C:\Windows\system32\shdocvw.dll --------- 1075712 
 20.01.2011 18:06    C:\Windows\system32\mf.dll --------- 2873344 
 20.01.2011 18:06    C:\Windows\system32\printfilterpipelineprxy.dll --------- 26112 
 20.01.2011 18:04    C:\Windows\system32\mfps.dll --------- 98816 
 20.01.2011 18:04    C:\Windows\system32\mfplat.dll --------- 209920 
 20.01.2011 16:28    C:\Windows\system32\xpsservices.dll --------- 1554432 
 20.01.2011 16:26    C:\Windows\system32\printfilterpipelinesvc.exe --------- 667648 
 20.01.2011 16:25    C:\Windows\system32\OpcServices.dll --------- 847360 
 20.01.2011 16:24    C:\Windows\system32\XpsRasterService.dll --------- 135680 
 20.01.2011 16:15    C:\Windows\system32\MFH264Dec.dll --------- 979456 
 20.01.2011 16:14    C:\Windows\system32\MFHEAACdec.dll --------- 357376 
 20.01.2011 16:14    C:\Windows\system32\mfmp4src.dll --------- 302592 
 20.01.2011 16:14    C:\Windows\system32\mfreadwrite.dll --------- 261632 
 20.01.2011 16:12    C:\Windows\system32\d3d10warp.dll --------- 1172480 
 20.01.2011 16:11    C:\Windows\system32\d3d10level9.dll --------- 486400 
 20.01.2011 15:47    C:\Windows\system32\d2d1.dll --------- 683008 
 13.01.2011 18:44    C:\Windows\system32\jupdate-1.6.0_23-b05.log --------- 3734 
 29.12.2010 20:28    C:\Windows\system32\sbeio.dll --------- 153088 
 29.12.2010 20:28    C:\Windows\system32\sbe.dll --------- 322560 
 29.12.2010 20:28    C:\Windows\system32\EncDec.dll --------- 429056 
 29.12.2010 20:26    C:\Windows\system32\mpg2splt.ax --------- 177664 
 28.12.2010 17:55    C:\Windows\system32\odbc32.dll --------- 413696 
 17.12.2010 17:45    C:\Windows\system32\mstscax.dll --------- 2067968 
 17.12.2010 15:54    C:\Windows\system32\mstsc.exe --------- 677888 
 14.12.2010 16:49    C:\Windows\system32\sdclt.exe --------- 1169408 
 29.11.2010 18:38    C:\Windows\system32\QuickTime.qts --------- 69632 
 29.11.2010 18:38    C:\Windows\system32\QuickTimeVR.qtx --------- 94208 
 09.11.2010 00:57    C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592 
 04.11.2010 23:10    C:\Windows\system32\nxEuUninstall.bat --------- 235 
 04.11.2010 20:56    C:\Windows\system32\wmicmiplugin.dll --------- 345600 
 04.11.2010 20:55    C:\Windows\system32\taskschd.dll --------- 352768 
 04.11.2010 20:55    C:\Windows\system32\taskcomp.dll --------- 270336 
 04.11.2010 20:55    C:\Windows\system32\schedsvc.dll --------- 601600 
 04.11.2010 18:34    C:\Windows\system32\taskeng.exe --------- 171520 
 28.10.2010 15:20    C:\Windows\system32\tzres.dll --------- 2048 
 18.10.2010 15:37    C:\Windows\system32\consent.exe --------- 81920 
 15.10.2010 16:08    C:\Windows\system32\ntkrnlpa.exe --------- 3602320 
 15.10.2010 16:08    C:\Windows\system32\ntoskrnl.exe --------- 3550096 
 15.10.2010 15:48    C:\Windows\system32\ntdll.dll --------- 1205080 
 14.10.2010 17:53    C:\Windows\system32\jupdate-1.6.0_22-b04.log --------- 4034 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 11.05.2011 18:07    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000UA.job --------- 1116 
 11.05.2011 16:24    C:\Windows\Tasks\SA.DAT --------- 6 
 11.05.2011 16:22    C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632 
 11.05.2011 10:07    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000Core.job --------- 1064 
 24.03.2010 15:53    C:\Windows\Tasks\Install_NSS.job --------- 362 
----------------------------------------

 
C:\Windows\Temp

 11.05.2011 02:29    C:\Windows\Temp\MpCmdRun.log --------- 4992 
 11.05.2011 01:33    C:\Windows\Temp\fwtsqmfile07.sqm --------- 120 
 11.05.2011 01:33    C:\Windows\Temp\fwtsqmfile06.sqm --------- 120 
 11.05.2011 01:33    C:\Windows\Temp\fwtsqmfile05.sqm --------- 120 
 11.05.2011 01:33    C:\Windows\Temp\fwtsqmfile04.sqm --------- 120 
 11.05.2011 01:33    C:\Windows\Temp\fwtsqmfile03.sqm --------- 120 
 11.05.2011 01:32    C:\Windows\Temp\fwtsqmfile02.sqm --------- 120 
 11.05.2011 01:32    C:\Windows\Temp\fwtsqmfile01.sqm --------- 120 
 11.05.2011 01:32    C:\Windows\Temp\fwtsqmfile00.sqm --------- 120 
 11.05.2011 01:32    C:\Windows\Temp\fwtsqmfile19.sqm --------- 120 
 11.05.2011 01:32    C:\Windows\Temp\fwtsqmfile18.sqm --------- 120 
 11.05.2011 01:31    C:\Windows\Temp\fwtsqmfile17.sqm --------- 120 
 11.05.2011 01:31    C:\Windows\Temp\fwtsqmfile16.sqm --------- 120 
 11.05.2011 01:31    C:\Windows\Temp\fwtsqmfile15.sqm --------- 120 
 11.05.2011 01:31    C:\Windows\Temp\fwtsqmfile14.sqm --------- 120 
 11.05.2011 01:30    C:\Windows\Temp\fwtsqmfile13.sqm --------- 120 
 11.05.2011 01:30    C:\Windows\Temp\fwtsqmfile12.sqm --------- 120 
 11.05.2011 01:30    C:\Windows\Temp\fwtsqmfile11.sqm --------- 120 
 11.05.2011 01:30    C:\Windows\Temp\fwtsqmfile10.sqm --------- 120 
 11.05.2011 01:30    C:\Windows\Temp\fwtsqmfile09.sqm --------- 120 
 11.05.2011 01:29    C:\Windows\Temp\fwtsqmfile08.sqm --------- 120 
 10.05.2011 15:15    C:\Windows\Temp\MpSigStub.log --------- 3268 
 07.02.2010 14:50    C:\Windows\Temp\History --------- 0 
 07.02.2010 14:50    C:\Windows\Temp\Cookies --------- 0 
 07.02.2010 14:50    C:\Windows\Temp\Temporary Internet Files --------- 0 
----------------------------------------

 
C:\Users\User\AppData\Local\Temp

 11.05.2011 18:30    C:\Users\User\AppData\Local\Temp\plugtmp-1 --------- 0 
 11.05.2011 18:29    C:\Users\User\AppData\Local\Temp\fla2CFF.tmp --------- 7395094 
 11.05.2011 16:29    C:\Users\User\AppData\Local\Temp\jusched.log --------- 489 
 11.05.2011 16:24    C:\Users\User\AppData\Local\Temp\divEE63.tmp --------- 0 
 11.05.2011 16:24    C:\Users\User\AppData\Local\Temp\User.bmp --------- 31832 
 11.05.2011 16:24    C:\Users\User\AppData\Local\Temp\WPDNSE --------- 0 
 11.05.2011 15:10    C:\Users\User\AppData\Local\Temp\plugtmp --------- 0 
 11.05.2011 13:52    C:\Users\User\AppData\Local\Temp\~DF5446.tmp --------- 81920 
 11.05.2011 06:26    C:\Users\User\AppData\Local\Temp\trhiv --------- 0 
 11.05.2011 06:24    C:\Users\User\AppData\Local\Temp\divEA2F.tmp --------- 0 
 11.05.2011 06:22    C:\Users\User\AppData\Local\Temp\hsperfdata_User --------- 0 
----------------------------------------

 
C:\Program Files

 11.05.2011 13:43    C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 11.05.2011 02:37    C:\Program Files\Trojan Remover --------- 4096 
 06.05.2011 22:21    C:\Program Files\Mozilla Firefox --------- 40960 
 22.04.2011 19:46    C:\Program Files\Ventrilo --------- 4096 
 14.04.2011 03:04    C:\Program Files\Windows Mail --------- 4096 
 05.03.2011 23:42    C:\Program Files\Schroedel --------- 0 
 28.02.2011 06:42    C:\Program Files\Haali --------- 0 
 26.02.2011 23:52    C:\Program Files\CamStudio --------- 0 
 22.02.2011 17:00    C:\Program Files\TeamSpeak 3 Client --------- 4096 
 22.02.2011 01:52    C:\Program Files\Common Files --------- 4096 
 22.02.2011 01:51    C:\Program Files\Java --------- 0 
 15.02.2011 22:19    C:\Program Files\iTunes --------- 8192 
 15.02.2011 22:18    C:\Program Files\iPod --------- 0 
 11.02.2011 06:56    C:\Program Files\FrostWire --------- 0 
 09.02.2011 14:51    C:\Program Files\Adobe --------- 4096 
 07.02.2011 05:29    C:\Program Files\DivX --------- 4096 
 06.02.2011 00:22    C:\Program Files\Adobe Media Player --------- 4096 
 04.02.2011 13:30    C:\Program Files\MAESTIA --------- 0 
 29.01.2011 22:11    C:\Program Files\Incomplete --------- 0 
 26.01.2011 20:55    C:\Program Files\OpenOffice.org 3 --------- 4096 
 23.01.2011 00:56    C:\Program Files\JDownloader --------- 8192 
 07.01.2011 20:27    C:\Program Files\ICQ7.0 --------- 20480 
 24.12.2010 13:51    C:\Program Files\QuickTime --------- 4096 
 22.12.2010 21:04    C:\Program Files\DVDVideoSoft --------- 4096 
 09.12.2010 01:04    C:\Program Files\Bonjour --------- 4096 
 29.11.2010 06:33    C:\Program Files\Neffy --------- 0 
 29.11.2010 06:27    C:\Program Files\PriceGong --------- 0 
 19.11.2010 21:34    C:\Program Files\Microsoft Office --------- 0 
 19.11.2010 21:33    C:\Program Files\MSECache --------- 0 
 16.10.2010 11:57    C:\Program Files\Skype --------- 0 
 13.10.2010 17:06    C:\Program Files\InstallShield Installation Information --------- 4096 
 13.10.2010 04:29    C:\Program Files\Windows Media Player --------- 4096 
 12.08.2010 18:51    C:\Program Files\OpenSource Flash Video Splitter --------- 0 
 12.08.2010 18:51    C:\Program Files\Bass Audio Decoder --------- 0 
 12.08.2010 18:51    C:\Program Files\DirectVobSub --------- 0 
 12.08.2010 18:49    C:\Program Files\Logitech --------- 0 
 12.08.2010 18:48    C:\Program Files\RealMedia --------- 0 
 12.08.2010 03:20    C:\Program Files\Movie Maker --------- 4096 
 08.07.2010 03:00    C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0 
 25.06.2010 19:35    C:\Program Files\Microsoft.NET --------- 0 
 01.05.2010 11:46    C:\Program Files\Uninstall Information --------- 0 
 01.05.2010 10:41    C:\Program Files\Elaborate Bytes --------- 0 
 21.03.2010 13:55    C:\Program Files\PhotoFiltre --------- 4096 
 13.03.2010 19:02    C:\Program Files\VideoLAN --------- 0 
 14.02.2010 16:24    C:\Program Files\Spybot - Search & Destroy --------- 4096 
 09.02.2010 20:20    C:\Program Files\Windows Portable Devices --------- 0 
 07.02.2010 14:05    C:\Program Files\Windows Calendar --------- 0 
 07.02.2010 14:05    C:\Program Files\Windows Sidebar --------- 4096 
 07.02.2010 14:05    C:\Program Files\Internet Explorer --------- 4096 
 07.02.2010 14:05    C:\Program Files\Windows Collaboration --------- 4096 
 07.02.2010 14:05    C:\Program Files\Windows Photo Gallery --------- 4096 
 07.02.2010 14:05    C:\Program Files\Windows Defender --------- 4096 
 07.02.2010 05:23    C:\Program Files\HP_Vista_SF_Ph1 --------- 0 
 05.02.2010 01:55    C:\Program Files\Apple Software Update --------- 4096 
 03.02.2010 16:16    C:\Program Files\MSXML 4.0 --------- 0 
 02.02.2010 00:28    C:\Program Files\ICQ6Toolbar --------- 0 
 01.02.2010 17:51    C:\Program Files\WinRAR --------- 4096 
 31.01.2010 20:56    C:\Program Files\Windows Live --------- 4096 
 31.01.2010 20:56    C:\Program Files\Microsoft --------- 0 
 31.01.2010 20:56    C:\Program Files\Windows Live SkyDrive --------- 0 
 31.01.2010 20:35    C:\Program Files\Avira --------- 0 
 31.01.2010 15:35    C:\Program Files\T-Online --------- 0 
 31.01.2010 15:13    C:\Program Files\Gemeinsame Dateien --------- 0 
 31.01.2010 15:13    C:\Program Files\Windows NT --------- 4096 
 14.02.2008 13:51    C:\Program Files\Nero --------- 0 
 13.02.2008 14:42    C:\Program Files\Realtek --------- 0 
 21.01.2008 04:57    C:\Program Files\desktop.ini --------- 174 
 02.11.2006 14:35    C:\Program Files\Microsoft Games --------- 4096 
 02.11.2006 14:35    C:\Program Files\Reference Assemblies --------- 0 
 02.11.2006 14:35    C:\Program Files\MSBuild --------- 0 
----------------------------------------

 
C:\ProgramData\..

User   
Default User   
All Users   
Default   
desktop.ini   
Public   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1      localhost
::1            localhost

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0        22.816 K
smss.exe                      444 Services                  0          600 K
csrss.exe                      512 Services                  0        5.572 K
wininit.exe                    564 Services                  0        3.592 K
csrss.exe                      572 Console                    1        10.956 K
services.exe                  608 Services                  0        7.932 K
lsass.exe                      620 Services                  0        1.804 K
lsm.exe                        628 Services                  0        3.172 K
winlogon.exe                  780 Console                    1        4.460 K
svchost.exe                    848 Services                  0        5.592 K
svchost.exe                    932 Services                  0        5.304 K
svchost.exe                  1000 Services                  0        24.636 K
svchost.exe                  1080 Services                  0        11.424 K
svchost.exe                  1144 Services                  0        65.812 K
svchost.exe                  1164 Services                  0        27.100 K
audiodg.exe                  1252 Services                  0        13.144 K
SLsvc.exe                    1284 Services                  0        3.932 K
svchost.exe                  1352 Services                  0        10.800 K
svchost.exe                  1516 Services                  0        12.224 K
spoolsv.exe                  1768 Services                  0        7.268 K
taskeng.exe                  1792 Console                    1        9.176 K
sched.exe                    1824 Services                  0          956 K
dwm.exe                      1832 Console                    1        40.656 K
svchost.exe                  1868 Services                  0        16.300 K
explorer.exe                  1896 Console                    1        62.088 K
svchost.exe                    560 Services                  0        10.240 K
avguard.exe                  1016 Services                  0        13.104 K
AppleMobileDeviceService.    1160 Services                  0        4.276 K
mDNSResponder.exe            1344 Services                  0        4.780 K
LSSrvc.exe                    1552 Services                  0        2.856 K
avshadow.exe                  1632 Services                  0        3.408 K
svchost.exe                  1624 Services                  0        4.872 K
svchost.exe                  1700 Services                  0        5.068 K
svchost.exe                  2084 Services                  0        1.800 K
SearchIndexer.exe            2120 Services                  0        16.276 K
SDWinSec.exe                  2268 Services                  0        7.388 K
taskeng.exe                  2600 Services                  0        5.068 K
MSASCui.exe                  2956 Console                    1        5.284 K
RtHDVCpl.exe                  2964 Console                    1        5.196 K
rundll32.exe                  3100 Console                    1        3.688 K
avgnt.exe                    3108 Console                    1        2.128 K
DDMService.exe                3140 Console                    1        3.936 K
rundll32.exe                  3192 Console                    1        4.876 K
DivXUpdate.exe                3228 Console                    1        8.148 K
iTunesHelper.exe              3236 Console                    1        6.256 K
jusched.exe                  3244 Console                    1        3.044 K
WmiPrvSE.exe                  3380 Services                  0        5.264 K
sidebar.exe                  3464 Console                    1        6.444 K
LightScribeControlPanel.e    3476 Console                    1        3.940 K
TeaTimer.exe                  3548 Console                    1        55.112 K
wmpnscfg.exe                  3640 Console                    1        4.164 K
kernel.exe                    3748 Console                    1        23.448 K
wmpnetwk.exe                  3872 Services                  0        6.380 K
sc_watch.exe                  3916 Console                    1        3.036 K
PROFIL~1.EXE                  1236 Console                    1        6.496 K
iPodService.exe              2908 Services                  0        4.356 K
unsecapp.exe                  1036 Console                    1        4.224 K
Notifier.exe                  3720 Console                    1        6.348 K
svchost.exe                  3524 Services                  0        4.652 K
wuauclt.exe                  3588 Console                    1        5.508 K
firefox.exe                  2988 Console                    1      116.820 K
plugin-container.exe          3572 Console                    1        56.092 K
cmd.exe                      3692 Console                    1        2.936 K
conime.exe                    2624 Console                    1        3.380 K
SearchProtocolHost.exe        3940 Services                  0        7.820 K
SearchFilterHost.exe          1480 Services                  0        5.192 K
tasklist.exe                  3700 Console                    1        4.668 K
WmiPrvSE.exe                  3584 Services                  0        5.640 K
dllhost.exe                  1068 Console                    1        4.240 K

 
***** Ende des Scans 11.05.2011 um 18:45:27,03 ***
Und Hier die Programme

Code:
Adobe AIR        Adobe Systems Inc.        05.02.2011        30,7MB        1.5.3.9120
Adobe Community Help        Adobe Systems Incorporated        05.02.2011        2,52MB        3.0.0.400
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        30.01.2010                10.0.42.34
Adobe Flash Player 9 ActiveX        Adobe Systems Incorporated        30.01.2010                9
Adobe Media Player        Adobe Systems Incorporated        05.02.2011        2,70MB        1.8
Adobe Photoshop CS5        Adobe Systems Incorporated        05.02.2011        1.559MB        12.0
Adobe Reader 8 - Deutsch        Adobe Systems Incorporated        12.02.2008        90,9MB        8.0.0
Akamai NetSession Interface                04.02.2011        13,8MB       
Apple Application Support        Apple Inc.        08.12.2010        52,7MB        1.4.1
Apple Mobile Device Support        Apple Inc.        14.02.2011        21,7MB        3.3.1.3
Apple Software Update        Apple Inc.        04.02.2010        2,16MB        2.1.1.116
Avira AntiVir Personal - Free Antivirus        Avira GmbH        27.04.2011        89,9MB        10.0.0.648
Bonjour        Apple Inc.        08.12.2010        1,10MB        2.0.4.0
CamStudio                25.02.2011        8,22MB       
CCleaner        Piriform        10.05.2011        3,63MB        3.06
DHTML Editing Component        Microsoft Corporation        30.01.2010        0,45MB        6.02.0001
DivX-Setup        DivX, LLC        06.02.2011        3,14MB        2.3.0.20
Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        29.03.2011        3,02MB       
Free YouTube to MP3 Converter version 3.9.35.324        DVDVideoSoft Limited.        29.03.2011        3,35MB       
FrostWire 4.21.3        FrostWire Team        10.02.2011        38,7MB        4.21.3.0
Google Chrome        Google Inc.        25.02.2010        252MB        11.0.696.65
Haali Media Splitter                27.02.2011        2,34MB       
ICQ7        ICQ        31.01.2010        39,1MB        7.0
iTunes        Apple Inc.        14.02.2011        144,7MB        10.1.2.17
Java(TM) 6 Update 24        Sun Microsystems, Inc.        19.06.2010        94,5MB        6.0.240
JDownloader        AppWork UG (haftungsbeschränkt)        15.01.2011        55,0MB       
LightScribe System Software  1.12.29.2        hxxp://www.lightscribe.com        13.02.2008        20,6MB        1.12.29.2
Loong        Your Company Name        14.12.2010        2.772MB        1.3.3.4
Malwarebytes' Anti-Malware        Malwarebytes Corporation        10.05.2011        4,80MB       
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        04.02.2010        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        02.02.2010        37,0MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        24.06.2010        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        24.06.2010        24,5MB        4.0.30319
Microsoft PowerPoint Viewer        Microsoft Corporation        13.04.2011        157,4MB        14.0.4763.1000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        13.10.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        12.10.2010        0,41MB        8.0.56336
Microsoft Visual C++ 2005 Redistributable - KB2467175        Microsoft Corporation        13.04.2011        0,29MB        8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        01.02.2010        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        13.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        30.01.2010        0,58MB        9.0.30729
Mozilla Firefox 4.0.1 (x86 de)        Mozilla        05.05.2011        32,1MB        4.0.1
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        02.02.2010        34,00KB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        02.02.2010        1,34MB        4.20.9876.0
Nero 7 Essentials        Nero AG        13.02.2008        1.573MB        7.02.9755
NVIDIA Drivers                30.01.2010               
NVIDIA PhysX        NVIDIA Corporation        12.10.2010        119,9MB        9.09.0203
OpenOffice.org 3.2        OpenOffice.org        25.01.2011        363MB        3.2.9502
PhotoFiltre                20.03.2010        3,76MB       
Proteinbiosynthese        Schroedel        04.03.2011        10,4MB        1.0
QuickTime        Apple Inc.        23.12.2010        73,7MB        7.69.80.9
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        12.02.2008        14,2MB        6.0.1.5397
Skype™ 4.2        Skype Technologies S.A.        30.09.2010        31,1MB        4.2.187
Spybot - Search & Destroy        Safer Networking Limited        13.02.2010        52,5MB        1.6.2
SweetIM Toolbar for Internet Explorer 4.0        SweetIM Technologies Ltd.        13.11.2010        4,16MB        4.0.0004
T-Online 6.0                30.01.2010        105,0MB       
T-Online WLAN-Access Finder                30.01.2010        0,95MB       
TeamSpeak 3 Client        TeamSpeak Systems GmbH        06.10.2010        26,4MB       
Trojan Remover 6.8.2        Simply Super Software        10.05.2011        9,03MB        6.8.2
Uninstall 1.0.0.1                29.03.2011        32,9MB       
Ventrilo Client        Flagship Industries, Inc.        21.04.2011        5,58MB        3.0.8
VLC media player 1.0.5        VideoLAN Team        12.03.2010        76,1MB        1.0.5
Windows Live Anmelde-Assistent        Microsoft Corporation        30.01.2010        1,93MB        5.000.818.5
Windows Live Essentials        Microsoft Corporation        06.12.2010        82,8MB        14.0.8117.0416
Windows Live-Uploadtool        Microsoft Corporation        30.01.2010        0,22MB        14.0.8014.1029
Windows Media Player Firefox Plugin        Microsoft Corp        30.01.2010        0,29MB        1.0.0.8
WinRAR                31.01.2010        3,78MB

kira 12.05.2011 10:07
1.
Anwendungen, die im Hintergrund laufen während der Reinigung, können die Leistung deines Computers und auch unsere Arbeit negativ beeinflussen, deswegen bitte die hier aufgelisteten Programme zuerst mal abschalten/deaktivieren:
Zitat:
TrojanScanner
aus dem Autostart (Häckhen rausnehmen): "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK" Häckhen raus

Dienste beenden:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
den Tea Timer von Spybot abstellen - Modus-> Erweiterte Modus-> Ja-> Werkzeuge-> Resident-> das Häkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen) -> exit.) - bitte abstellen, versucht positive änderungen auch zu blockieren)

3.
Code:
FrostWire
Zitat:
Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!
Selbst wenn du ein „sicheres“ P2P Programm verwendest, ist es nur das Programm, das sicher ist.Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...;)
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!http://www.world-of-smilies.com/wos_teufel/teu96.gif

4.
nicht empfohlen, ich würde deinstallieren (Magnet für Malware) :
unter→ Systemsteuerung → Programme und Funktionen → deinstallieren...
Code:
SweetIM Toolbar for Internet Explorer
5.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Programme und Funktionen → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

6.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

7.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Timcanpy 12.05.2011 17:51
1. Logfile

Code:
OTL logfile created on: 12.05.2011 18:45:39 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,04 Gb Total Space | 133,36 Gb Free Space | 59,79% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_3f211bc.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Beep) -- C:\Windows\System32\beep.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} -  File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 22:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 22:21:17 | 000,000,000 | ---D | M]
 
[2010.01.31 20:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011.05.06 21:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions
[2011.03.30 16:23:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 01:11:51 | 000,000,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\icqplugin.xml
[2011.01.19 14:24:17 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\youtube-videosuche.xml
[2011.05.12 18:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.02.05 04:02:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.05.06 22:21:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.06 22:21:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 22:21:16 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.05.06 22:21:16 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.06 22:21:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.06 22:21:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.06 22:21:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell - "" = AutoRun
O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.11 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.05.11 18:47:49 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.05.11 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011.05.11 13:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.11 13:43:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.11 13:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.11 13:43:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.11 02:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.05.11 02:35:08 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software
[2011.05.11 02:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.05.11 02:34:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.05.07 16:09:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys
[2011.04.27 05:41:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 05:41:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.27 05:41:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.22 19:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011.04.22 19:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo
[2011.04.13 06:13:15 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 06:13:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 06:13:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 06:13:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 06:13:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 06:12:55 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 06:12:55 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 06:12:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 06:12:55 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 06:12:54 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.13 06:12:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.13 06:12:50 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 06:12:48 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.13 06:12:48 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.12 18:47:42 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.12 18:47:42 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.12 18:47:42 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.12 18:47:42 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.12 18:41:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.12 18:41:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.12 18:41:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.12 18:31:01 | 000,000,230 | ---- | M] () -- C:\Users\User\Desktop\Run.lnk
[2011.05.12 18:14:32 | 000,002,110 | ---- | M] () -- C:\Users\User\Desktop\T-Online 6.0.lnk
[2011.05.12 18:13:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000UA.job
[2011.05.12 14:24:10 | 000,228,864 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.12 10:07:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000Core.job
[2011.05.12 04:25:30 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.05.11 18:47:51 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.11 13:43:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.11 02:34:58 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.05.08 20:11:42 | 000,002,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk
[2011.05.08 20:11:32 | 000,000,858 | ---- | M] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk
[2011.05.08 11:11:38 | 000,002,037 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2011.05.03 22:00:33 | 000,019,014 | ---- | M] () -- C:\Users\User\Desktop\English Abi.rtf
[2011.04.22 19:46:28 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.04.14 03:32:48 | 003,624,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.05.12 18:31:01 | 000,000,230 | ---- | C] () -- C:\Users\User\Desktop\Run.lnk
[2011.05.12 18:14:32 | 000,002,110 | ---- | C] () -- C:\Users\User\Desktop\T-Online 6.0.lnk
[2011.05.11 18:47:51 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.11 13:43:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.11 02:34:58 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.05.11 02:34:55 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.05.11 02:34:55 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.05.11 02:34:55 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.05.11 02:34:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.05.08 20:11:42 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk
[2011.05.08 20:11:32 | 000,000,858 | ---- | C] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk
[2011.05.06 22:21:18 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.03 21:46:06 | 000,019,014 | ---- | C] () -- C:\Users\User\Desktop\English Abi.rtf
[2011.04.22 19:46:15 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.03.05 23:42:40 | 000,151,301 | ---- | C] () -- C:\Windows\Proteinbiosynthese Uninstaller.exe
[2010.10.13 16:59:57 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.13 16:59:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.07.21 16:52:33 | 000,000,552 | ---- | C] () -- C:\Users\User\AppData\Local\d3d8caps.dat
[2010.07.07 21:07:25 | 000,228,864 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.07 00:34:57 | 000,000,760 | ---- | C] () -- C:\Users\User\AppData\Roaming\setup_ldm.iss
[2010.05.01 11:58:13 | 000,000,683 | ---- | C] () -- C:\Windows\wininit.ini
[2010.03.13 19:00:28 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.18 19:56:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.02 10:15:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.02 10:15:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.02 02:12:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.01 17:52:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\106B5E8615.sys
[2010.02.01 17:52:58 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.02.13 23:35:20 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008.02.13 14:44:41 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008.01.21 10:21:25 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 003,624,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
 
========== Files - Unicode (All) ==========
[2010.11.05 11:08:08 | 000,000,000 | ---D | M](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그
[2010.11.05 11:08:08 | 000,000,000 | ---D | C](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
2. Logfile

Code:
OTL Extras logfile created on: 12.05.2011 18:45:39 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,04 Gb Total Space | 133,36 Gb Free Space | 59,79% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{580246D6-51C8-47D5-BEA9-00C3A4B26B42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{763A29CB-B868-4856-B660-753B473979C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{767DE962-AB8C-4C5E-8F78-36FFAC439D4C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B606DA60-8331-46D8-A31A-DE1EAB603284}" = lport=49181 | protocol=6 | dir=in | name=akamai netsession interface |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB48D45-42C9-40DC-AF50-F750168A224A}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{1B530998-F061-4296-9A30-614D3D6573CD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{2937ACF5-4FCF-4776-AF2F-2EB181A199D6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{308DD4AB-4434-4625-B074-99A27F1AA90E}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{36A0121F-18EB-42B7-AEE5-F4861B3D01D5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4856A642-1D7F-4519-9731-DB8123AE513D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4A87644B-1AB1-472C-9B29-C79DC70F46E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{4E18EF97-B8FF-4219-9F78-715700C5DB44}" = protocol=6 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{51908FC7-AEB3-4415-98FD-A431C6CC5046}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5373CE04-8EDA-4D0F-A6F6-0AD68F2C177B}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5AE2864A-F7B8-4D91-A40A-DF821D0941CB}" = protocol=17 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{6930FB1D-2D26-40E5-90E0-B5244D275B00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B683A82-FDBE-4A78-88B8-B2D20D49B20F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7A9D848F-2D18-426C-A3C4-C16D9D0C1444}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88026AD3-26FF-4C91-8B5C-C47E6AF5F64C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{894D3D0A-2915-4377-A5FB-B93A4FCFB66C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8AA18992-976C-41CE-B9E9-3F1CCC650A43}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8E2B0961-7FC7-41FF-A787-F1EC3A656F2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A38469D5-023B-487D-BC49-B84C9D18DC97}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{AB55AD93-9210-433D-B81A-77D29DAEA076}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B48A0EB1-57BD-4848-BA89-50F1A4633F73}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{BECCF2BF-3782-4D1D-B7D0-79489DAC5B99}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C46CF48F-3350-4886-8A92-6C32F731C34E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C5939EA9-4B02-494D-A471-6909BEB73884}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D163CA54-3AB1-4F56-84B0-6D6A7D780CB2}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{D3D39046-9040-4AD7-B873-346C6E2FC8BE}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{DFC6D880-47D0-402A-A20A-72CC5BB5150A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA6F1683-2A5C-47CA-9F9A-BB017407231F}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{FAD2CBFA-30C7-4EFB-8B31-31F7B1F3C6AC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{1A745B49-1DDF-49F9-9A36-1ABD779DBF91}C:\users\user\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\maestia-downloader.exe |
"TCP Query User{513A14B1-1BFE-4A07-AD5C-E37FAC95CE5D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{52E5C4FD-789F-4CEB-9667-CA8FF55831A4}C:\program files\alaplaya\loco\system\loco.exe" = protocol=6 | dir=in | app=c:\program files\alaplaya\loco\system\loco.exe |
"TCP Query User{55743758-C1D7-4426-99F3-C8921135D8DE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{596D771D-DAB4-44E5-9ED8-F97F281362D6}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
"TCP Query User{647C7D15-E698-4BFF-ACEB-7CD2FAED5A75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C0157D1E-27FA-4732-95B7-8CC8CC6221C1}C:\users\user\desktop\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\rohan\rohanclient.exe |
"TCP Query User{D156C566-CE7F-440F-BD25-BE3A67C64030}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{D1EF8C53-A594-4006-B785-DB92EBC3D728}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{0018A949-BC9C-493D-80A1-0D2F22126728}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0AC144C7-3BD6-4EB8-B2A4-978F983AE72D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{168D25D1-B6BF-4DE0-94EE-D3D5FBCA6731}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{66D02D8B-99CD-489D-9D1C-1FBD76ABEB23}C:\users\user\desktop\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\rohan\rohanclient.exe |
"UDP Query User{966CE106-159F-4420-BEB6-ED5F1D5AB1AE}C:\program files\alaplaya\loco\system\loco.exe" = protocol=17 | dir=in | app=c:\program files\alaplaya\loco\system\loco.exe |
"UDP Query User{A1D503CD-F828-41D6-BC1D-194D793B5553}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{AAA4E197-570C-4303-BC10-145E138A5543}C:\users\user\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\maestia-downloader.exe |
"UDP Query User{ED44FC36-3A43-495E-90EA-707C263FEB39}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FE3BDE88-9D2C-48AC-B8AF-535763D0FC57}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C0A2E-3837-4BAC-9AEC-4E7D84808035}" = Loong
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software  1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HaaliMkx" = Haali Media Splitter
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Proteinbiosynthese" = Proteinbiosynthese
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.05.2011 10:09:12 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LogonUI.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918daf, fehlerhaftes Modul dll.dll, Version 0.0.0.0, Zeitstempel 0x4d776bbf,
 Ausnahmecode 0xc000001d, Fehleroffset 0x00002085,  Prozess-ID 0x14b8, Anwendungsstartzeit
 01cc0cc055929a99.
 
Error - 07.05.2011 10:09:22 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wermgr.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918ca1, fehlerhaftes Modul dll.dll, Version 0.0.0.0, Zeitstempel 0x4d776bbf,
 Ausnahmecode 0xc000001d, Fehleroffset 0x00002085,  Prozess-ID 0x898, Anwendungsstartzeit
 01cc0cc0575c5e19.
 
Error - 07.05.2011 10:12:38 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
 
Error - 07.05.2011 10:12:50 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
 
Error - 07.05.2011 10:12:50 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
 
Error - 07.05.2011 10:13:00 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
 
Error - 07.05.2011 10:13:00 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Taskmgr.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918e94, fehlerhaftes Modul dll.dll, Version 0.0.0.0, Zeitstempel 0x4d776bbf,
 Ausnahmecode 0xc000001d, Fehleroffset 0x00002085,  Prozess-ID 0xfec, Anwendungsstartzeit
 01cc0cc05be345c9.
 
Error - 07.05.2011 10:41:23 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
 
Error - 07.05.2011 10:41:33 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
 
Error - 07.05.2011 10:41:33 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
 
[ System Events ]
Error - 11.05.2011 00:20:05 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
 
Error - 11.05.2011 00:20:06 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
 
Error - 11.05.2011 00:20:24 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
 
Error - 11.05.2011 00:20:24 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
 
Error - 11.05.2011 00:22:29 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =
 
Error - 11.05.2011 00:24:07 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 11.05.2011 10:24:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12.05.2011 09:13:57 | Computer Name = User-PC | Source = RasMan | ID = 20062
Description = Interner Fehler: Das Trennen an PPPoE2-0 endete zwar vollständig,
aber mit einem Fehler. PPPoE2-0
 
Error - 12.05.2011 12:18:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12.05.2011 12:41:53 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

Also das Problem mit Google taucht im Moment gar nicht mehr auf, nachdem ich deine Schritte durchgeführt habe.


Was immer noch da ist:

http://i53.tinypic.com/2qm2ky0.jpg

Das Fenster oben öffnet sich ständig. Doch ich hab kein IE geöffnet (wie man im Task-Manager sehen kann) und kenne diese Seite auch gar nicht. X_X Ich klick immer auf nein, jedoch taucht es wirklich 4-5mal in einer Std auf. Kannst du mir damit auch helfen pls?

Timcanpy 12.05.2011 19:08
Das kommt auch bei mir voll oft:

http://i56.tinypic.com/25q4o78.jpg

Nachdem ich ok/ [x] klick kommt das:

http://i56.tinypic.com/2u88mjq.jpg

Klicke immer auf OK...

ist das ein Virus?

kira 13.05.2011 08:16
1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} -  File not found
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB48D45-42C9-40DC-AF50-F750168A224A}" =-
"{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B}" =-
"{EA6F1683-2A5C-47CA-9F9A-BB017407231F}" =-

:Commands
[purity]
[emptytemp]

2.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

3.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Öffne CCleaner
  • "Cleaner"-->"Analysieren"-->Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"--> "Fehler beheben"-->"Alle beheben"
  • Starte dein System neu auf

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Timcanpy 19.05.2011 02:30
1.
Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:CB0AACC9 .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CB48D45-42C9-40DC-AF50-F750168A224A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB48D45-42C9-40DC-AF50-F750168A224A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA6F1683-2A5C-47CA-9F9A-BB017407231F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6F1683-2A5C-47CA-9F9A-BB017407231F}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: User
->Temp folder emptied: 403969 bytes
->Temporary Internet Files folder emptied: 635379 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94131023 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2802 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54116 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 91,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05192011_021237

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
2.
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-19 03:19:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500AAJS-00VTA0 rev.01.01B01
Running: x4u6ns7u.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                section is writeable [0x8BC00340, 0x39DB57, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                  section is writeable [0x9AED2300, 0x3B638, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                  section is writeable [0x9AF15300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamW          767410B0 5 Bytes  JMP 7168BFE7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamW  76742EF5 5 Bytes  JMP 717CBBB2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamA          76758152 5 Bytes  JMP 717CBB77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamA  7675847D 5 Bytes  JMP 717CBBED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectA      7676D4D9 5 Bytes  JMP 717CBB33 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectW      7676D5D3 5 Bytes  JMP 717CBAEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExA            7676D639 5 Bytes  JMP 717CBAB5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExW            7676D65D 5 Bytes  JMP 717CBA7B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] ole32.dll!OleLoadFromStream        76A41E80 5 Bytes  JMP 717CBDAF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] WININET.dll!HttpAddRequestHeadersA  76BD1A68 5 Bytes  JMP 00B164C0
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] WININET.dll!HttpAddRequestHeadersW  76C3B901 5 Bytes  JMP 00B166C0
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!closesocket              7714330C 5 Bytes  JMP 00C5000A
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!recv                    7714343A 5 Bytes  JMP 00C3000A
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!connect                  771440D9 5 Bytes  JMP 00C4000A
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!getaddrinfo              7714418A 5 Bytes  JMP 00C8000A
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!send                    7714659B 5 Bytes  JMP 00C6000A
.text          C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!gethostbyname            771562D4 5 Bytes  JMP 00C7000A

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:252]                                                                          85A7FE7A
Thread          System [4:256]                                                                          85A82008

---- EOF - GMER 1.0.15 ----
Code:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD2500AAJS-00VTA0 rev.01.01B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85A7B1ED]<<
1 ntkrnlpa!IofCallDriver[0x8204D912] -> \Device\Harddisk0\DR0[0x84DA9AC8]
3 CLASSPNP[0x87FA68B3] -> ntkrnlpa!IofCallDriver[0x8204D912] -> [0x84284930]
5 acpi[0x806146BC] -> ntkrnlpa!IofCallDriver[0x8204D912] -> \Device\Ide\IdeDeviceP2T0L0-3[0x84280030]
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x85a7b1ed
user & kernel MBR OK
Warning: possible MBR rootkit infection !
5.
Logfile 1
Code:
OTL logfile created on: 19.05.2011 03:37:08 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,04 Gb Total Space | 124,63 Gb Free Space | 55,88% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Beep) -- C:\Windows\System32\beep.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 22:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 22:21:17 | 000,000,000 | ---D | M]
 
[2010.01.31 20:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011.05.17 21:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions
[2011.03.30 16:23:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 01:11:51 | 000,000,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\icqplugin.xml
[2011.01.19 14:24:17 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\youtube-videosuche.xml
[2011.05.12 18:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATTUQQ3.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2010.02.05 04:02:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.05.06 22:21:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.06 22:21:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 22:21:16 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.05.06 22:21:16 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.06 22:21:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.06 22:21:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.06 22:21:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell - "" = AutoRun
O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.15 18:28:31 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\NDS
[2011.05.13 19:45:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.12 18:44:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011.05.11 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.05.11 18:47:49 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.05.11 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011.05.11 13:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.11 13:43:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.11 13:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.11 13:43:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.11 02:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.05.11 02:35:08 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software
[2011.05.11 02:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.05.11 02:34:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.05.07 16:09:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys
[2011.04.27 05:41:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 05:41:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.27 05:41:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.22 19:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011.04.22 19:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.19 03:34:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 03:34:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 03:34:14 | 003,624,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.19 03:33:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.19 03:32:10 | 000,114,036 | ---- | M] () -- C:\Users\User\Documents\cc_20110519_033204.reg
[2011.05.19 03:22:21 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.05.19 03:22:21 | 000,089,088 | ---- | M] () -- C:\Users\User\Desktop\mbr.exe
[2011.05.19 03:07:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000UA.job
[2011.05.19 02:20:48 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.19 02:20:48 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.19 02:20:48 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.19 02:20:48 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.19 02:19:18 | 000,302,080 | ---- | M] () -- C:\Users\User\Desktop\x4u6ns7u.exe
[2011.05.19 01:15:14 | 000,232,960 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.19 00:22:23 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.05.18 10:07:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000Core.job
[2011.05.15 19:42:14 | 002,970,957 | ---- | M] () -- C:\Users\User\Desktop\A.SNA
[2011.05.15 18:32:10 | 000,000,503 | ---- | M] () -- C:\Users\User\Desktop\NO$GBA - Verknüpfung.lnk
[2011.05.15 14:09:19 | 000,002,037 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2011.05.12 18:44:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011.05.12 18:31:01 | 000,000,230 | ---- | M] () -- C:\Users\User\Desktop\Run.lnk
[2011.05.12 18:14:32 | 000,002,110 | ---- | M] () -- C:\Users\User\Desktop\T-Online 6.0.lnk
[2011.05.11 18:47:51 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.11 13:43:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.11 02:34:58 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.05.08 20:11:42 | 000,002,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk
[2011.05.08 20:11:32 | 000,000,858 | ---- | M] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk
[2011.05.03 22:00:33 | 000,019,014 | ---- | M] () -- C:\Users\User\Desktop\English Abi.rtf
[2011.04.22 19:46:28 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
 
========== Files Created - No Company Name ==========
 
[2011.05.19 03:32:07 | 000,114,036 | ---- | C] () -- C:\Users\User\Documents\cc_20110519_033204.reg
[2011.05.19 03:27:21 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.05.19 03:22:19 | 000,089,088 | ---- | C] () -- C:\Users\User\Desktop\mbr.exe
[2011.05.19 02:19:14 | 000,302,080 | ---- | C] () -- C:\Users\User\Desktop\x4u6ns7u.exe
[2011.05.15 19:42:14 | 002,970,957 | ---- | C] () -- C:\Users\User\Desktop\A.SNA
[2011.05.15 18:32:10 | 000,000,503 | ---- | C] () -- C:\Users\User\Desktop\NO$GBA - Verknüpfung.lnk
[2011.05.15 17:48:19 | 268,435,456 | ---- | C] () -- C:\Users\User\Desktop\sss.nds
[2011.05.15 17:48:06 | 268,435,456 | ---- | C] () -- C:\Users\User\Desktop\Pokemon Black.nds
[2011.05.12 18:31:01 | 000,000,230 | ---- | C] () -- C:\Users\User\Desktop\Run.lnk
[2011.05.12 18:14:32 | 000,002,110 | ---- | C] () -- C:\Users\User\Desktop\T-Online 6.0.lnk
[2011.05.11 18:47:51 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.11 13:43:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.11 02:34:58 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.05.11 02:34:55 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.05.11 02:34:55 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.05.11 02:34:55 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.05.11 02:34:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.05.08 20:11:42 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk
[2011.05.08 20:11:32 | 000,000,858 | ---- | C] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk
[2011.05.06 22:21:18 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.03 21:46:06 | 000,019,014 | ---- | C] () -- C:\Users\User\Desktop\English Abi.rtf
[2011.04.22 19:46:15 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.03.05 23:42:40 | 000,151,301 | ---- | C] () -- C:\Windows\Proteinbiosynthese Uninstaller.exe
[2010.10.13 16:59:57 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.13 16:59:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.07.21 16:52:33 | 000,000,552 | ---- | C] () -- C:\Users\User\AppData\Local\d3d8caps.dat
[2010.07.07 21:07:25 | 000,232,960 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.07 00:34:57 | 000,000,760 | ---- | C] () -- C:\Users\User\AppData\Roaming\setup_ldm.iss
[2010.05.01 11:58:13 | 000,000,683 | ---- | C] () -- C:\Windows\wininit.ini
[2010.03.13 19:00:28 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.18 19:56:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.02 10:15:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.02 10:15:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.02 02:12:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.01 17:52:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\106B5E8615.sys
[2010.02.01 17:52:58 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.02.13 23:35:20 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008.02.13 14:44:41 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008.01.21 10:21:25 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 003,624,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
 
========== Files - Unicode (All) ==========
[2010.11.05 11:08:08 | 000,000,000 | ---D | M](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그
[2010.11.05 11:08:08 | 000,000,000 | ---D | C](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그

< End of report >
Code:
OTL Extras logfile created on: 19.05.2011 03:37:08 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,04 Gb Total Space | 124,63 Gb Free Space | 55,88% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{580246D6-51C8-47D5-BEA9-00C3A4B26B42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A171A92-C1F9-4C66-86AD-0A2BE8C8190D}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{763A29CB-B868-4856-B660-753B473979C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BD8253D-80D8-4D15-B67F-2C7DA7358A1E}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{C7245120-CD4D-43BD-8C08-5A8E7693437F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DE585BCD-F020-4AE4-8FAF-8CC98F955420}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B530998-F061-4296-9A30-614D3D6573CD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{36A0121F-18EB-42B7-AEE5-F4861B3D01D5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4A87644B-1AB1-472C-9B29-C79DC70F46E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{4E18EF97-B8FF-4219-9F78-715700C5DB44}" = protocol=6 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{5373CE04-8EDA-4D0F-A6F6-0AD68F2C177B}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5AE2864A-F7B8-4D91-A40A-DF821D0941CB}" = protocol=17 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{6930FB1D-2D26-40E5-90E0-B5244D275B00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B683A82-FDBE-4A78-88B8-B2D20D49B20F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7A9D848F-2D18-426C-A3C4-C16D9D0C1444}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88026AD3-26FF-4C91-8B5C-C47E6AF5F64C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{894D3D0A-2915-4377-A5FB-B93A4FCFB66C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8E2B0961-7FC7-41FF-A787-F1EC3A656F2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A38469D5-023B-487D-BC49-B84C9D18DC97}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{B48A0EB1-57BD-4848-BA89-50F1A4633F73}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{BECCF2BF-3782-4D1D-B7D0-79489DAC5B99}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C46CF48F-3350-4886-8A92-6C32F731C34E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C5939EA9-4B02-494D-A471-6909BEB73884}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{DFC6D880-47D0-402A-A20A-72CC5BB5150A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FAD2CBFA-30C7-4EFB-8B31-31F7B1F3C6AC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{647C7D15-E698-4BFF-ACEB-7CD2FAED5A75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C0391192-51B8-4E5C-B1DB-B6B83A007076}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{168D25D1-B6BF-4DE0-94EE-D3D5FBCA6731}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{34D309CF-3B87-470F-984C-24B1B6C46689}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C0A2E-3837-4BAC-9AEC-4E7D84808035}" = Loong
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software  1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HaaliMkx" = Haali Media Splitter
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Proteinbiosynthese" = Proteinbiosynthese
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2011 19:18:44 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.05.2011 19:18:44 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6193
 
Error - 10.05.2011 19:18:44 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6193
 
Error - 10.05.2011 19:18:45 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.05.2011 19:18:45 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7191
 
Error - 10.05.2011 19:18:45 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7191
 
Error - 10.05.2011 19:18:46 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.05.2011 19:18:46 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8236
 
Error - 10.05.2011 19:18:46 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8236
 
Error - 10.05.2011 20:37:50 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 12.05.2011 09:13:57 | Computer Name = User-PC | Source = RasMan | ID = 20062
Description = Interner Fehler: Das Trennen an PPPoE2-0 endete zwar vollständig,
aber mit einem Fehler. PPPoE2-0
 
Error - 12.05.2011 12:18:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12.05.2011 12:41:53 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 13.05.2011 13:48:38 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.05.2011 00:26:32 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.05.2011 um 06:21:16 unerwartet heruntergefahren.
 
Error - 14.05.2011 00:26:54 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.05.2011 12:38:20 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.05.2011 um 18:36:32 unerwartet heruntergefahren.
 
Error - 14.05.2011 12:38:41 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 18.05.2011 20:15:32 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 18.05.2011 21:34:19 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

kira 21.05.2011 06:42
TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.

Timcanpy 22.05.2011 16:14
Irgendwie funktioniert das Programm nicht. Ich hab's auf den Desktop entpackt und versuche es zu Starten. Das klappt aber nicht.

kira 23.05.2011 00:13
- Hast Du mit Rechtsklick drauf als Administrator ausgeführt? wenn nicht, versuche so bitte nochmal!

wenn geht trotzdem nicht dann:

MBR mit aswMBR von Avast wiederherstellen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! angezeigt und eine MBR-Infektion gemeldet wird, klicke Fix (bei TLD) oder FixMBR (bei Whistler), um den MBR wiederherzustellen.

Timcanpy 25.05.2011 21:38
hab die MBR wiederhergestellt, nur klappt TDSkiller immer noch nicht

kira 25.05.2011 22:15
Zitat:
Zitat von Timcanpy (Beitrag 663680)
hab die MBR wiederhergestellt
wie denn?

mittles Wiederherstellungskonsole, dann den Befehl "bootrec.exe /FixMbr"?


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:58 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19