Netzwerktraffic von svchost.exe mit wechselnden Ports

#1 Seit 3 Tagen lastet svchost.exe meine Internetverbindung komplett aus, auch wenn kein Programm auf das Internet zugreift. Der Port der svchost.exe ändert sich nach jedem Neustart. Wenn ich über tcpview die Verbindung schliesse, kommt sie gleich wieder, nach dem 5. Mal schliessen ist sie dann für einen Weile weg, kommt dann aber nach spätestens 10 Minuten wieder.
Ich habe das System schon mit Bitdefender, AntiVir, Kaspersky und ESET NOD32 gescannt aber alle Scanner finden nichts. Ebenso wurde mit gmer, Radix Anti-Rootkit, Rootkit Hook Analyser, Sophos anti-Rootkit und Treatfire gescannt, mit dem gleichen Ergebinis.
Kann mir da jemand weiterhelfen?

#2 Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.


Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
• nichts am Rechner getan werden,
• nach jedem Scan der Rechner neu gestartet werden.
• Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
• Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

#3

Zitat

OTL logfile created on: 09.02.2010 12:40:30 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = K:\
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 83,00% Memory free
11,00 Gb Paging File | 10,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 12285 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 201,82 Gb Free Space | 43,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,39 Gb Total Space | 330,80 Gb Free Space | 35,52% Space Free | Partition Type: NTFS
Drive F: | 698,63 Gb Total Space | 209,34 Gb Free Space | 29,96% Space Free | Partition Type: NTFS
Drive G: | 4,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1,87 Gb Total Space | 1,83 Gb Free Space | 98,00% Space Free | Partition Type: NTFS

Computer Name: MEIKE
Current User Name: BuGz4eVeR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - K:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - E:\Downloads\Programme\7 x64\mousometer.exe ()


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - K:\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (WPEServ) -- C:\Program Files (x86)\Common Files\wpe\wpeserv.exe (soft Xpansion)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\FE3B.tmp (Sophos Plc)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (VF0270Dev) -- C:\Windows\SysNative\drivers\V0270Dev.sys (Creative Technology Ltd.)
DRV:64bit: - (VF0270Vfx) -- C:\Windows\SysNative\drivers\V0270Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (truecrypt) -- C:\Windows\SysWOW64\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (CSC) -- C:\Windows\CSC [2009.08.23 12:03:53 | 000,000,000 | ---D | M]
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (arc) -- C:\Program Files (x86)\Universal Extractor\bin\arc.exe (Arc <arc.sourceforge.net>
DRV - (PortTalk) -- C:\Windows\SysWOW64\drivers\PortTalk.sys (Beyond Logic http://www.beyondlogic.org)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 C6 98 A9 D1 8F CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.02.01 15:28:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010.01.20 13:57:35 | 000,000,998 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\BuGz4eVeR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe ()
O4 - Startup: C:\Users\BuGz4eVeR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousometer.exe - Shortcut.lnk = E:\Downloads\Programme\7 x64\mousometer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: secunia.com ([psi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.15 03:20:36 | 000,000,045 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{915b8c3b-8fd4-11de-8b95-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{915b8c3b-8fd4-11de-8b95-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- [2009.10.19 18:54:45 | 000,518,888 | R--- | M] (bitComposer Games )
O33 - MountPoints2\{915b8c3c-8fd4-11de-8b95-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{915b8c3c-8fd4-11de-8b95-806e6f6e6963}\Shell\AutoRun\command - "" = H:\tools\shelexec.exe html\index.htm -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.02.09 12:06:15 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\AppData\Local\NeoSmart_Technologies
[2010.02.09 12:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2010.02.08 21:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.02.08 21:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2010.02.08 20:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VALUE-S
[2010.02.08 16:50:32 | 000,000,000 | ---D | C] -- C:\Intel
[2010.02.08 10:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.02.08 10:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.02.08 10:55:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.02.08 10:55:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.02.08 10:55:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.02.08 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2010.02.08 10:44:49 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\AppData\Roaming\vlc
[2010.02.06 14:16:48 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\AppData\Roaming\NAVI
[2010.02.06 13:11:28 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\AppData\Roaming\TrueCrypt
[2010.02.06 13:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010.02.06 13:08:41 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.02.06 13:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt
[2010.02.05 19:37:28 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2010.02.03 18:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.02.03 18:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.02.03 18:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.02.01 15:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010.02.01 15:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.02.01 10:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010.01.31 17:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation
[2010.01.31 17:08:53 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\AppData\Roaming\Flickr
[2010.01.31 17:08:53 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\AppData\Local\Flickr
[2010.01.31 16:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flickr Uploadr
[2010.01.29 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\Documents\BFBC2Beta
[2010.01.28 20:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010.01.27 06:22:02 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.01.27 06:22:02 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.01.27 06:22:02 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.01.23 23:26:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.01.22 18:18:35 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\Documents\Command and Conquer Generals Data
[2010.01.22 18:06:09 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\Documents\Command and Conquer Generals Zero Hour Data
[2010.01.22 17:35:07 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\AppData\Roaming\InstallShield Installation Information
[2010.01.22 00:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.01.21 22:01:45 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.01.21 22:01:45 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.01.21 22:01:45 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.01.21 22:01:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.01.21 22:01:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.01.21 22:01:45 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.01.19 23:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover
[2010.01.19 23:08:29 | 000,000,000 | ---D | C] -- C:\Users\BuGz4eVeR\AppData\Local\AOL
[2010.01.19 23:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.0
[2010.01.15 00:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2010.01.13 10:56:24 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.01.13 10:56:24 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.01.13 10:56:24 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.01.13 10:56:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.01.11 20:27:03 | 000,000,000 | ---D | C] -- C:\Windows\SQLTools9_KB970892_ENU
[2010.01.11 20:26:05 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2010.01.11 18:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2010.01.11 18:00:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\js
[2010.01.11 18:00:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\images
[2010.01.11 18:00:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\html
[2010.01.11 18:00:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\css
[2010.01.11 18:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2010.01.11 17:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010.01.11 17:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator
[2010.01.11 17:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Device Emulator
[2010.01.11 17:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2010.01.11 17:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2010.01.11 17:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Designer Tools
[2009.08.23 12:32:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\BuGz4eVeR\AppData\Roaming\pcouffin.sys
[2009.06.03 23:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.02.09 12:41:43 | 000,731,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.02.09 12:41:43 | 000,619,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.02.09 12:41:43 | 000,108,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.02.09 12:39:03 | 005,767,168 | -HS- | M] () -- C:\Users\BuGz4eVeR\ntuser.dat
[2010.02.09 12:38:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.09 12:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.09 12:38:08 | 1542,316,031 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.09 12:38:07 | 000,232,200 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2010.02.09 12:08:40 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-00000005-00211102}.rfx
[2010.02.09 12:08:40 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-00000005-00211102}.rfx
[2010.02.09 12:08:40 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-00000005-00211102}.rfx
[2010.02.09 12:06:45 | 009,255,065 | -H-- | M] () -- C:\Users\BuGz4eVeR\AppData\Local\IconCache.db
[2010.02.09 11:56:55 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.09 11:56:55 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.08 20:16:28 | 000,000,017 | ---- | M] () -- C:\Users\BuGz4eVeR\AppData\Local\resmon.resmoncfg
[2010.02.08 11:19:00 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.02.08 11:18:55 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.02.08 11:18:55 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.02.08 10:55:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.02.08 10:55:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.02.08 10:55:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.02.08 10:54:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010.02.08 10:25:47 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.02.06 14:28:59 | 000,000,157 | -H-- | M] () -- C:\Users\BuGz4eVeR\Documents\eSReg.ini
[2010.02.06 13:08:41 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.02.03 18:14:53 | 000,001,656 | ---- | M] () -- C:\Users\BuGz4eVeR\Documents\584109eb_BuGz4eVeR.sav
[2010.02.01 20:13:26 | 003,131,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.02.01 00:31:48 | 001,462,272 | ---- | M] () -- C:\Users\BuGz4eVeR\AppData\Local\filesync.metadata
[2010.01.31 16:13:19 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.01.31 14:43:53 | 000,340,934 | ---- | M] () -- C:\Users\BuGz4eVeR\AppData\Roaming\mdbu.bin
[2010.01.29 11:06:24 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.01.24 11:31:36 | 000,000,029 | ---- | M] () -- C:\Windows\sfbm.INI
[2010.01.23 18:10:47 | 000,021,504 | ---- | M] () -- C:\Windows\jestertb.dll
[2010.01.22 19:25:45 | 000,000,000 | -H-- | M] () -- C:\Users\BuGz4eVeR\Documents\Default.rdp
[2010.01.20 13:57:35 | 000,000,998 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.01.16 11:22:42 | 000,159,048 | ---- | M] () -- C:\Users\BuGz4eVeR\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.01.11 20:26:33 | 000,745,124 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.11 08:44:17 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.01.11 08:12:38 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.02.09 12:41:13 | 000,293,376 | ---- | C] () -- C:\Users\BuGz4eVeR\Desktop\gmer.exe
[2010.02.08 20:16:28 | 000,000,017 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Local\resmon.resmoncfg
[2010.01.31 17:37:21 | 000,001,656 | ---- | C] () -- C:\Users\BuGz4eVeR\Documents\584109eb_BuGz4eVeR.sav
[2010.01.29 11:06:24 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.01.24 11:31:36 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.01.23 18:10:47 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.01.22 19:25:45 | 000,000,000 | -H-- | C] () -- C:\Users\BuGz4eVeR\Documents\Default.rdp
[2009.12.24 15:02:59 | 000,000,135 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Roaming\default.pls
[2009.11.23 18:19:07 | 000,012,964 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.30 15:24:41 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI
[2009.10.25 14:38:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.10.23 14:12:08 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2009.10.12 16:46:09 | 000,000,760 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Roaming\setup_ldm.iss
[2009.10.10 23:03:04 | 000,028,105 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2009.10.10 11:02:01 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.09.28 22:52:36 | 000,000,046 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2009.09.25 10:41:05 | 000,004,608 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 10:10:48 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.08.30 16:23:38 | 000,340,934 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Roaming\mdbu.bin
[2009.08.26 07:52:20 | 000,000,097 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Local\fusioncache.dat
[2009.08.25 12:26:43 | 001,462,272 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Local\filesync.metadata
[2009.08.25 09:51:12 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini
[2009.08.23 17:54:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.08.23 17:54:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.08.23 14:15:03 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2009.08.23 13:05:49 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.08.23 12:56:28 | 000,745,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.08.23 12:32:51 | 000,000,034 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Roaming\pcouffin.log
[2009.08.23 12:32:37 | 000,099,384 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Roaming\inst.exe
[2009.08.23 12:32:37 | 000,007,859 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Roaming\pcouffin.cat
[2009.08.23 12:32:37 | 000,001,167 | ---- | C] () -- C:\Users\BuGz4eVeR\AppData\Roaming\pcouffin.inf
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.04 00:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.06.04 00:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.06.03 23:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2009.05.27 08:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
< End of report >

Das ist das Ergebnis des OTL-Scans.

Ich verwende Windows 7 Professional in der 64bit Edition.
Wenn ich Gmer starte kommt folgende Fehlermeldung: " C:\Windows\system32\config\system: The process cannot access the file because it is used by another process"
Wenn ich dann die Fehlermeldung mit "OK" bestätige und dann auf Scan klicke kommt sie erneut. Nach dem wiederholten bestätigen mit "OK" fängt dann der Scan an. Ist das normal? Der Scan dauert noch an, ich poste dann die Ergebnisse wenn er fertig ist

#4 Der Scan ist negativ, allerdings sind bei mir, wohl auf Ghrund des Fehlers fast alle Boxen ausgegraut.

#5 Einfach den Svchost.exe Analyser mal starten (ist kostenlos). Der zeigt dir alle *.dll Dateien an die svchost.exe starten und hostet. (Der Conficker Wurm lief damals auch unter der orginalen MS svchost.exe... Also der svchost.exe Prozess kann durchaus gefährlich werden.)

#6 @BuGz4eVeR
bitte den anweisungen von swiss folgen.
gmer läuft bei dir nicht, du hast ein 64 bit system.
bitte also auf weitere anweisungen warten, den pc nicht unnötig lange im netz lassen und keine geschäfte online machen, bis alles geklärt ist.

#7 Der PC hängt garnicht mehr am Netz, arbeite über das Laptop und eien USB-Stick. Man muss es ja nicht auf das äußerste ausreizen.

#8 Schritt 1

Mehrere Anti-Virus-Programme

Code

ESET
Avira

Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast und deinstalliere die anderen.


Schritt 2

Sagt Dir folgendes etwas. Hast du die Host so eingerichtet zum Blocken von Spam?

Zitat

O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de

Schritt 3


Was ist oder war hier angeschlossen:
G:\setup.exe
H:\tools\shelexec.exe html\index.htm


Schritt 4
Bei OTL müssten zwei Logs erscheinen auch eine extra.txt bitte diese noch posten.



Schritt 5

Start > Ausfuehren --> reinschreiben --> cmd
und ok. kopiere rein

Zitat

dir /s /a "c:\svchost*.*" > c:\find.txt & start notepad c:\find.txt

siehe unter Zubehör auf Eingabeaufforderung, tippe dies:

Zitat

tasklist /svc

dann Entertaste drücken

Es wird dir angezeigt was sich hinter svchost.exe verbirgt.


klicke oben links auf das Symbol, dann auf bearbeiten -> "alles markieren -> klicke wieder oben links - > bearbeiten -> kopieren
dann mit der rechten Maustaste - im Thread: einfuegen, dann erscheint das Log

#9 Schritt 1:
Die zwei Antivirenprogramme sind erst danach installiert worden. ESET wird nachher auch wieder deinstalliert.
Schritt 2:
Wie meinst du das?
Schritt 3:
Das sind meine DVD-Laufwerke. Da liegen 2 DVDs dirn.
Schritt 4:

Zitat

OTL Extras logfile created on: 09.02.2010 12:40:30 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = K:\
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 83,00% Memory free
11,00 Gb Paging File | 10,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 12285 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 201,82 Gb Free Space | 43,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,39 Gb Total Space | 330,80 Gb Free Space | 35,52% Space Free | Partition Type: NTFS
Drive F: | 698,63 Gb Total Space | 209,34 Gb Free Space | 29,96% Space Free | Partition Type: NTFS
Drive G: | 4,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1,87 Gb Total Space | 1,83 Gb Free Space | 98,00% Space Free | Partition Type: NTFS

Computer Name: MEIKE
Current User Name: BuGz4eVeR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A116A8-E559-488C-879C-B212F3EA963A}" = Far Cry (Patch 1.32 AMD64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2304A2EE-010B-43EE-90F8-2218FB93244E}" = Far Cry (AMD64 Exclusive Content Update)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{32508A23-C9EA-4D29-83CA-97A42A13701E}" = Microsoft Sync Framework Services v1.0 (x64)
"{53480360-C6AA-4E73-A4E3-1C4C915E049F}" = O&O Defrag Professional Edition
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{5783F2D7-8004-0407-0102-0060B0CE6BBA}" = AutoCAD Architecture 2010 - Deutsch
"{5783F2D7-8004-0407-1102-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - Deutsch
"{63FFECDF-FCF1-4957-B0D1-CC8A52937331}" = Adobe Photoshop Lightroom 3 Beta 64-bit
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B25BFFC9-FF51-44F2-9E46-4D93849C836F}" = SyncToy 2.0 (x64)
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CE4F361A-8C13-441C-A21A-DDC0FBA6FEED}" = ESET NOD32 Antivirus
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"AutoCAD Architecture 2010 - Deutsch" = AutoCAD Architecture 2010 - Deutsch
"Autopano Pro" = Autopano Pro
"Creative VF0270" = Creative Live! Cam Optia Driver (1.03.01.0000)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.0 Build #1205 Banner Remover 0.7
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{166FCF01-AC98-4288-A01C-90BEB808C059}" = Sony RAW Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BB047B7-E613-4686-BE0C-E63BB26BE121}" = Sacred 2 - Elite
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81B109ED-6ECA-49FF-9238-8E31FA5DB1A9}_is1" = RescuePRO 3.4.0.19
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD(R) Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B53F6866-AA77-47AC-9698-122AA6D0A0CD}" = Perfect Print
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook-Sicherung für Persönliche Ordner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7336944-A48C-42EE-B6FC-12C443482EA9}" = SAMSUNG HDD Serial Number Tracking for Germany Buyer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Access" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Advanced Video FX Engine" = Advanced Video FX Engine
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Console Launcher" = Creative Console Launcher
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis WARHEAD(R) Patch" = Crysis WARHEAD(R) Patch
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dcmsvc_is1" = dcmsvc 1.0
"Diablo II" = Diablo II
"Download Manager" = Download Manager 2.3.10
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"EADM" = EA Download Manager
"EasyBCD" = EasyBCD 1.7.2
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FAKEFACTORY CM10V10.0" = FAKEFACTORY Cinematic Mod V10
"Fraps" = Fraps
"FujiDirekt_is1" = FujiDirekt 2.7
"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"HD Tune_is1" = HD Tune 2.55
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3 (Remove only)
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"OpenAL" = OpenAL
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"Philips PhotoFrame Manager 3_is1" = Philips Photo Manager 3.00
"Portrait Professional 6_is1" = Portrait Professional 6.6
"PRJPRO" = Microsoft Office Project Professional 2007
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"SeriousSam2" = Serious Sam 2
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Steam App 15680" = Warhammer 40,000: Dawn of War II - Single-player Demo
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"ThumbsPlus6" = ThumbsPlus 6.0
"TreeSize Free_is1" = TreeSize Free V2.3.3
"TrueCrypt" = TrueCrypt
"TweakNow RegCleaner Standard_is1" = TweakNow RegCleaner Standard
"ULTIMATER" = Microsoft Office Ultimate 2007
"Universal Extractor_is1" = Universal Extractor 1.6
"Update Service" = Update Service
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 07.02.2010 09:57:29 | Computer Name = Meike | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 07.02.2010 09:58:59 | Computer Name = Meike | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 08.02.2010 04:49:38 | Computer Name = Meike | Source = vmauthd | ID = 100
Description =

Error - 08.02.2010 04:49:39 | Computer Name = Meike | Source = vmauthd | ID = 100
Description =

Error - 08.02.2010 05:45:12 | Computer Name = Meike | Source = MsiInstaller | ID = 1013
Description =

Error - 08.02.2010 12:36:52 | Computer Name = Meike | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4a5be077 Exception code: 0xc0000005 Fault offset: 0x000007fef245bab8
Faulting
process id: 0x654 Faulting application start time: 0x01caa89b97a07684 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: tapisrv.dll Report Id:
28b18024-14d0-11df-9e27-001a4d573780

Error - 08.02.2010 14:56:35 | Computer Name = Meike | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6514.5000, time
stamp: 0x4a89dc70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x60000004 Faulting process id: 0xb44 Faulting application
start time: 0x01caa8ed1e0cfcb2 Faulting application path: C:\Program Files (x86)\Microsoft
Office\Office12\OUTLOOK.EXE Faulting module path: unknown Report Id: ad98a859-14e3-11df-a8ba-001a4d573780

Error - 08.02.2010 15:22:04 | Computer Name = Meike | Source = COM+ | ID = 135763
Description =

Error - 08.02.2010 19:02:38 | Computer Name = Meike | Source = Application Error | ID = 1000
Description = Faulting application name: mbr.exe, version: 0.0.0.0, time stamp:
0x4add81e3 Faulting module name: mbr.exe, version: 0.0.0.0, time stamp: 0x4add81e3
Exception
code: 0xc0000005 Fault offset: 0x00017c6a Faulting process id: 0x16b4 Faulting application
start time: 0x01caa912cbd18796 Faulting application path: K:\mbr.exe Faulting module
path: K:\mbr.exe Report Id: 0cf5f3bc-1506-11df-a8ba-001a4d573780

Error - 08.02.2010 19:02:49 | Computer Name = Meike | Source = Application Error | ID = 1000
Description = Faulting application name: mbr.exe, version: 0.0.0.0, time stamp:
0x4add81e3 Faulting module name: mbr.exe, version: 0.0.0.0, time stamp: 0x4add81e3
Exception
code: 0xc0000005 Fault offset: 0x00017c6a Faulting process id: 0x1124 Faulting application
start time: 0x01caa912d5fb47a1 Faulting application path: C:\Users\BuGz4eVeR\Desktop\mbr.exe
Faulting
module path: C:\Users\BuGz4eVeR\Desktop\mbr.exe Report Id: 13badd84-1506-11df-a8ba-001a4d573780

[ OSession Events ]
Error - 02.12.2009 15:49:26 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02.12.2009 15:49:41 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.12.2009 08:44:12 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 278
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13.12.2009 07:57:17 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61
seconds with 60 seconds of active time. This session ended with a crash.

Error - 16.12.2009 11:27:53 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
seconds with 60 seconds of active time. This session ended with a crash.

Error - 21.12.2009 04:07:20 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07.01.2010 17:08:41 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07.01.2010 17:47:47 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12.01.2010 21:09:12 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 574
seconds with 360 seconds of active time. This session ended with a crash.

Error - 19.01.2010 05:46:27 | Computer Name = Meike | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 320
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08.02.2010 15:25:59 | Computer Name = Meike | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort5.

Error - 08.02.2010 15:25:59 | Computer Name = Meike | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk4\DR4, is not ready for access yet.

Error - 08.02.2010 18:57:36 | Computer Name = Meike | Source = Service Control Manager | ID = 7031
Description = The Avira AntiVir Guard service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 08.02.2010 19:02:37 | Computer Name = Meike | Source = Application Popup | ID = 1060
Description = \??\C:\Users\BUGZ4E~1\AppData\Local\Temp\mbr.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 08.02.2010 19:02:49 | Computer Name = Meike | Source = Application Popup | ID = 1060
Description = \??\C:\Users\BUGZ4E~1\AppData\Local\Temp\mbr.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 08.02.2010 19:02:49 | Computer Name = Meike | Source = Application Popup | ID = 1060
Description = \??\C:\Users\BUGZ4E~1\AppData\Local\Temp\mbr.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 09.02.2010 05:00:05 | Computer Name = Meike | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 09.02.2010 06:49:52 | Computer Name = Meike | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 09.02.2010 07:08:31 | Computer Name = Meike | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 09.02.2010 07:38:41 | Computer Name = Meike | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >

Schritt 5:
find.txt-->

Zitat

Volume in drive C is Windows 7 Professional
Volume Serial Number is F0CB-1752

Directory of C:\Windows\Prefetch

09.02.2010 15:28 9.250 SVCHOST.EXE-05F624AB.pf
09.02.2010 14:37 16.384 SVCHOST.EXE-7AC6742A.pf
09.02.2010 15:17 18.970 SVCHOST.EXE-7CFEDEA3.pf
09.02.2010 15:26 44.790 SVCHOST.EXE-80F4A784.pf
09.02.2010 15:28 201.688 SVCHOST.EXE-E2C2633A.pf
09.02.2010 15:12 28.088 SVCHOSTANALYZER.EXE-5498C49D.pf
09.02.2010 15:23 26.524 SVCHOSTANALYZER.EXE-9E4EB0A2.pf
7 File(s) 345.694 bytes

Directory of C:\Windows\System32

14.07.2009 02:39 27.136 svchost.exe
1 File(s) 27.136 bytes

Directory of C:\Windows\System32\en-US

14.07.2009 03:26 2.048 svchost.exe.mui
1 File(s) 2.048 bytes

Directory of C:\Windows\SysWOW64

14.07.2009 02:14 20.992 svchost.exe
1 File(s) 20.992 bytes

Directory of C:\Windows\SysWOW64\en-US

14.07.2009 03:02 2.048 svchost.exe.mui
1 File(s) 2.048 bytes

Directory of C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17

14.07.2009 03:26 2.048 svchost.exe.mui
1 File(s) 2.048 bytes

Directory of C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c

14.07.2009 02:39 27.136 svchost.exe
1 File(s) 27.136 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1

14.07.2009 03:02 2.048 svchost.exe.mui
1 File(s) 2.048 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356

14.07.2009 02:14 20.992 svchost.exe
1 File(s) 20.992 bytes

Total Files Listed:
15 File(s) 450.142 bytes
0 Dir(s) 218.907.209.728 bytes free

--> Eingabeaufforderung

Zitat

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\BuGz4eVeR>tasklist /svc

Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 328 N/A
csrss.exe 436 N/A
wininit.exe 496 N/A
csrss.exe 520 N/A
services.exe 564 N/A
lsass.exe 580 EFS, ProtectedStorage, SamSs
lsm.exe 588 N/A
svchost.exe 692 DcomLaunch, PlugPlay, Power
winlogon.exe 760 N/A
nvvsvc.exe 832 nvsvc
svchost.exe 872 RpcEptMapper, RpcSs
svchost.exe 940 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc
svchost.exe 996 AudioEndpointBuilder, CscService, hidserv,
Netman, PcaSvc, SysMain, TrkWks, UxSms,
wudfsvc
svchost.exe 272 BITS, gpsvc, IKEEXT, iphlpsvc,
LanmanServer, MMCSS, ProfSvc, Schedule,
SENS, ShellHWDetection, Themes, Winmgmt,
wuauserv
CTAudSvc.exe 856 CTAudSvcService
svchost.exe 1052 EventSystem, netprofm, nsi, WdiServiceHost
nvvsvc.exe 1116 N/A
WUDFHost.exe 1248 N/A
WUDFHost.exe 1312 N/A
spoolsv.exe 1428 Spooler
sched.exe 1456 AntiVirSchedulerService
avguard.exe 1476 AntiVirService
svchost.exe 1500 BFE, DPS, MpsSvc
svchost.exe 1584 CryptSvc, LanmanWorkstation, NlaSvc
AppleMobileDeviceService. 1820 Apple Mobile Device
ekrn.exe 1868 ekrn
svchost.exe 1904 FDResPub, SSDPSRV
oodag.exe 1936 O&O Defrag
PnkBstrA.exe 2012 PnkBstrA
TCPSVCS.EXE 2044 simptcp
svchost.exe 1180 stisvc
WLIDSVC.EXE 1612 wlidsvc
WLIDSVCM.EXE 2228 N/A
SearchIndexer.exe 2444 WSearch
taskhost.exe 2768 N/A
dwm.exe 2900 N/A
explorer.exe 2928 N/A
LCDMon.exe 3048 N/A
LGDCore.exe 3060 N/A
egui.exe 2208 N/A
SetPoint.exe 2392 N/A
mousometer.exe 2784 N/A
avgnt.exe 2944 N/A
SetPoint32.exe 2256 N/A
iTunesHelper.exe 2628 N/A
jusched.exe 1848 N/A
KHALMNPR.exe 2760 N/A
LCDCountdown.exe 3268 N/A
LCDMedia.exe 3276 N/A
LCDClock.exe 3288 N/A
iPodService.exe 3588 iPod Service
taskhost.exe 3388 N/A
svchost.exe 3976 SDRSVC
svchost.exe 1608 WinDefend
audiodg.exe 2992 N/A
cmd.exe 3864 N/A
conhost.exe 216 N/A
SearchProtocolHost.exe 3456 N/A
SearchFilterHost.exe 2420 N/A
cmd.exe 448 N/A
conhost.exe 3476 N/A
tasklist.exe 3300 N/A
WmiPrvSE.exe 3924 N/A

C:\Users\BuGz4eVeR>tasklist /svc

#10 Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.
• BleepingComputer
• ForoSpyware
**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte füge das C:\ComboFix.txt Log deiner Antwort im Forum bei, so dass wir uns diese analysieren können.

#11 Bei mir kommt da ein Fehler, dass ComboFix nur auf einem 32bit-Rechner läuft.

#12 • Eset Online Scanner (NOD32)
• Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
• Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
• Voraussetzung: Internet Explorer (IE) 5.0 oder höher
• Haken bei "YES, I accept the Terms of Use" machen
• Start
• ActiveX-Steuerelement installieren
• Start
• Signaturen werden heruntergeladen
• Haken machen bei "Remove found threads"
• Haken machen bei "Remove found threads" und "Scan unwanted applications"
• Scan
• Scanende
• Browser schließen
• Explorer öffnen
• C:\Programme\EsetOnlineScanner\log.txt
• Log hier posten
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner entfernen.

#13 Hier das Log des ESET Online Scanners:

Zitat

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=04f23cd20b208149b2580bce6bf3196c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-09 10:31:50
# local_time=2010-02-09 11:31:50 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 100 223690 65250171 132004 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 92542 18204843 0 0
# compatibility_mode=8192 67108863 100 0 4766 4766 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=04f23cd20b208149b2580bce6bf3196c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-10 12:41:28
# local_time=2010-02-10 01:41:28 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 100 223936 65250417 132250 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 96388 18205089 0 0
# compatibility_mode=8192 67108863 100 0 5012 5012 0 0
# scanned=380394
# found=2
# cleaned=2
# scan_time=7532
E:\Downloads\Programme\7 x64\Nero-8.3.6.0_deu_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Downloads\Programme\7 x64\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

#14 An den Dateien liegt es aber nicht, habe es gerade noch einmal versucht. Es tritt immer noch das gleiche Problem auf.

#15 Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu


Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code

:filefind
AskSBar

:regfind
AskSBar

• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.