Home » Viren, Trojaner & Malware Forum » TrojanDownloader:Win32/Renos.MQ » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

TrojanDownloader:Win32/Renos.MQ

08.08.2010, 05:13

RedOne

...neu hier

Beiträge: 7

#1 Hi leute,

Also, erstmal. ich habe absolut keine Ahnung von Vieren oder sonstigem. Ich habe schon danach gegooglet und die haben mir geraten meine Festplatte zu defragmentieren (hat nichts gebracht). Deshalb bitte ich euch jetzt um Hilfe. Habe auch AntiVir schon durchlaufen lassen. Aber irgendwann kommt immer eine Wahrnmeldung (von Windows Defender oder so) welche heißt: TrojanDownloader:Win32/Renos.MQ, habe die Datei gesucht aber die Existiert nicht auf meinem PC. Was kann ich tun? bitte helft mir...

lg

08.08.2010, 11:47

Swisstreasure

Moderator

Beiträge: 5694

#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.

• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.

Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.

• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 3

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
• nichts am Rechner getan werden,
• nach jedem Scan der Rechner neu gestartet werden.
• Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
• Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

08.08.2010, 14:54

RedOne

...neu hier

Themenstarter

Beiträge: 7

#3 Hi,

Vielen Dank für die schnelle Hilfe. Okay, also meine Vorgehensweise:

Schritt 1: Ja ich kann alle Dateien inkl. Dateiendungen sehen.

Schritt 2: Systemscan mit OTL gemacht.

OTL Datei:

Code

OTL logfile created on: 08.08.2010 14:07:35 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Jonny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 27,66 Gb Free Space | 11,88% Space Free | Partition Type: NTFS
Drive D: | 224,04 Gb Total Space | 223,81 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 8,77 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JONNY-PC
Current User Name: Jonny
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Jonny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jonny\AppData\Local\Temp\Rlm.exe (ConeXware, Inc.)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\J River\Media Jukebox 12\Media Jukebox 12.exe (J. River, Inc.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Jonny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\J River\Media Jukebox 12\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (wxpSvc) -- C:\Program Files\wLite\wService.exe (Moonware Studios)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (clwvd) -- C:\Windows\System32\DRIVERS\clwvd.sys File not found
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15003&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {86bac0dc-cb09-4dcf-b134-b720890c6c23}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=24332B48-2EBD-4570-B834-821E298FE7C3&apn_ptnrs=PV&apn_sauid=2B6CA946-24CB-4EAB-8F5A-5474AE9FD9D1&apn_dtid=&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.08 03:30:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.08 03:30:52 | 000,000,000 | ---D | M]
 
[2010.04.13 22:22:46 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Extensions
[2010.08.06 14:20:42 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions
[2010.06.21 20:53:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.24 16:35:05 | 000,000,000 | ---D | M] (SweetIm German Toolbar) -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\{86bac0dc-cb09-4dcf-b134-b720890c6c23}
[2010.04.18 22:25:33 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.07.27 15:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.20 20:24:13 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\firefox@tvunetworks.com
[2010.06.24 20:42:40 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\toolbar@ask.com
[2010.08.08 03:19:27 | 000,002,384 | ---- | M] () -- C:\Users\Jonny\AppData\Roaming\Mozilla\FireFox\Profiles\clea8g9a.default\searchplugins\askcom.xml
[2010.08.08 03:30:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.21 15:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.29 13:54:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.06.21 15:57:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [ZE18MW23GY] C:\Users\Jonny\AppData\Local\Temp\Rlm.exe (ConeXware, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jonny\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jonny\Pictures\Wallpaper\Sommer\summer_nights.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jonny\Pictures\Wallpaper\Sommer\summer_nights.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.08.08 14:06:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jonny\Desktop\OTL.exe
[2010.08.08 03:39:42 | 000,000,000 | ---D | C] -- C:\Users\Jonny\Desktop\Sony Vegas
[2010.08.07 10:03:43 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\Publish Providers
[2010.08.07 02:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.08.07 01:30:15 | 176,001,152 | ---- | C] (Sony Creative Software Inc.) -- C:\Users\Jonny\Desktop\vegaspro90e_32bit.exe
[2010.08.06 23:39:00 | 000,000,000 | ---D | C] -- C:\Users\Jonny\Documents\Vegas Movie Studio HD Platinum 10.0 Projekte
[2010.08.06 23:39:00 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Local\Sony
[2010.08.06 11:07:10 | 000,000,000 | ---D | C] -- C:\Programme\Sony
[2010.08.06 11:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\Sony
[2010.08.06 10:28:30 | 000,000,000 | ---D | C] -- C:\Programme\Neffy
[2010.08.06 10:13:16 | 000,000,000 | ---D | C] -- C:\Users\Jonny\Documents\Programme
[2010.08.04 05:08:37 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\avidemux
[2010.08.04 05:08:15 | 000,000,000 | ---D | C] -- C:\Programme\Avidemux 2.5
[2010.08.04 04:51:22 | 001,576,960 | ---- | C] (http://mediainfo.sourceforge.net) -- C:\Windows\System32\MediaInfo.dll
[2010.08.04 04:51:22 | 000,088,379 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2010.08.04 04:51:21 | 000,000,000 | ---D | C] -- C:\Programme\Free MOV to AVI Converter
[2010.08.02 11:14:13 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\FileZilla
[2010.08.02 11:14:07 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2010.07.28 14:06:18 | 000,000,000 | ---D | C] -- C:\Programme\Free M4a to MP3 Converter
[2010.07.27 15:26:36 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.25 12:54:25 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\ImgBurn
[2010.07.25 12:54:13 | 000,000,000 | ---D | C] -- C:\Programme\Haali
[2010.07.25 12:53:50 | 000,000,000 | ---D | C] -- C:\Programme\ImgBurn
[2010.07.25 12:53:25 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2010.07.25 12:47:14 | 000,000,000 | ---D | C] -- C:\Programme\AVStoDVD
[2010.07.22 17:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\Mp3tag
[2010.07.22 17:17:54 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag
[2010.07.16 23:23:19 | 000,000,000 | ---D | C] -- C:\Programme\Audacity
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.08.08 14:10:51 | 002,621,440 | -HS- | M] () -- C:\Users\Jonny\NTUSER.DAT
[2010.08.08 14:06:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jonny\Desktop\OTL.exe
[2010.08.08 14:01:55 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.08 13:58:28 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.08 13:57:58 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.08 13:57:58 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.08 13:57:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.08 13:57:51 | 000,281,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.08 13:57:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.08 13:57:23 | 3216,875,520 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.08 13:10:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.08 13:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Jonny\NTUSER.DAT{48ff171b-4b94-11df-a49d-001eeca3cece}.TMContainer00000000000000000001.regtrans-ms
[2010.08.08 13:10:42 | 000,065,536 | -HS- | M] () -- C:\Users\Jonny\NTUSER.DAT{48ff171b-4b94-11df-a49d-001eeca3cece}.TM.blf
[2010.08.08 13:10:33 | 002,913,985 | -H-- | M] () -- C:\Users\Jonny\AppData\Local\IconCache.db
[2010.08.08 03:55:34 | 000,204,800 | ---- | M] () -- C:\Users\Jonny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.08 03:52:57 | 000,069,080 | ---- | M] () -- C:\Users\Jonny\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.08 03:37:11 | 000,022,808 | ---- | M] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv.sfk
[2010.08.08 03:36:33 | 002,911,064 | ---- | M] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv.sfap0
[2010.08.08 03:30:55 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.08 03:24:13 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.07 18:45:58 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.07 18:45:58 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.07 18:45:58 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.07 18:45:58 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.07 18:45:58 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.07 11:49:34 | 231,518,552 | ---- | M] () -- C:\Users\Jonny\Desktop\VivaCR46.rar
[2010.08.07 10:11:57 | 009,093,533 | ---- | M] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv
[2010.08.07 10:09:51 | 000,167,686 | ---- | M] () -- C:\Users\Jonny\Desktop\bauchbinde.zip
[2010.08.07 02:30:12 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010.08.07 01:55:40 | 000,204,800 | ---- | M] () -- C:\Users\Jonny\Desktop\Keygen.exe
[2010.08.07 01:47:34 | 176,001,152 | ---- | M] (Sony Creative Software Inc.) -- C:\Users\Jonny\Desktop\vegaspro90e_32bit.exe
[2010.08.06 10:58:25 | 045,302,421 | ---- | M] () -- C:\Users\Jonny\Desktop\10.0.part2.rar
[2010.08.06 10:57:09 | 000,009,030 | ---- | M] () -- C:\Users\Jonny\Desktop\cooltext466160782.png
[2010.08.06 10:23:50 | 104,857,600 | ---- | M] () -- C:\Users\Jonny\Desktop\10.0.part1.rar
[2010.08.05 23:01:23 | 000,067,374 | ---- | M] () -- C:\Users\Jonny\.recently-used.xbel
[2010.08.05 22:39:12 | 000,002,263 | ---- | M] () -- C:\Users\Jonny\Documents\ergebnisse.html
[2010.08.05 22:22:36 | 000,003,403 | ---- | M] () -- C:\Users\Jonny\Documents\cw-ergebnisse.html
[2010.08.04 05:08:27 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk
[2010.08.04 04:51:23 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Free MOV to AVI Converter.lnk
[2010.08.03 15:14:53 | 000,007,620 | ---- | M] () -- C:\Users\Jonny\AppData\Local\d3d9caps.dat
[2010.08.03 11:45:04 | 000,001,402 | ---- | M] () -- C:\Users\Jonny\Documents\Clan_werdegang.html
[2010.08.02 11:20:32 | 000,000,911 | ---- | M] () -- C:\Users\Jonny\Desktop\FileZilla.lnk
[2010.08.02 10:43:30 | 000,000,654 | ---- | M] () -- C:\Users\Jonny\Documents\mitte.html
[2010.08.01 10:19:08 | 000,001,945 | ---- | M] () -- C:\Users\Jonny\Documents\ClanRegeln.html
[2010.07.28 14:06:21 | 000,000,862 | ---- | M] () -- C:\Users\Jonny\Desktop\Free M4a to MP3 Converter.lnk
[2010.07.27 15:26:32 | 000,001,032 | ---- | M] () -- C:\Users\Jonny\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.25 23:49:10 | 000,001,515 | ---- | M] () -- C:\Users\Jonny\Documents\testt.html
[2010.07.25 17:10:55 | 000,022,389 | ---- | M] () -- C:\Users\Jonny\Documents\Berichtsheft.odt
[2010.07.25 12:53:54 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.07.25 12:53:15 | 000,000,814 | ---- | M] () -- C:\Users\Jonny\Desktop\AVStoDVD.lnk
[2010.07.22 17:17:55 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.07.16 23:23:21 | 000,000,752 | ---- | M] () -- C:\Users\Jonny\Desktop\Audacity.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.08.08 03:36:34 | 000,022,808 | ---- | C] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv.sfk
[2010.08.08 03:36:32 | 002,911,064 | ---- | C] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv.sfap0
[2010.08.08 03:30:55 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.08 03:24:12 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.07 11:30:25 | 231,518,552 | ---- | C] () -- C:\Users\Jonny\Desktop\VivaCR46.rar
[2010.08.07 10:11:09 | 009,093,533 | ---- | C] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv
[2010.08.07 10:09:51 | 000,167,686 | ---- | C] () -- C:\Users\Jonny\Desktop\bauchbinde.zip
[2010.08.07 02:30:12 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010.08.07 01:55:40 | 000,204,800 | ---- | C] () -- C:\Users\Jonny\Desktop\Keygen.exe
[2010.08.07 01:15:55 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.07 01:15:50 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.06 10:57:09 | 000,009,030 | ---- | C] () -- C:\Users\Jonny\Desktop\cooltext466160782.png
[2010.08.06 10:51:06 | 045,302,421 | ---- | C] () -- C:\Users\Jonny\Desktop\10.0.part2.rar
[2010.08.06 10:06:36 | 104,857,600 | ---- | C] () -- C:\Users\Jonny\Desktop\10.0.part1.rar
[2010.08.05 23:01:23 | 000,067,374 | ---- | C] () -- C:\Users\Jonny\.recently-used.xbel
[2010.08.05 22:39:09 | 000,002,263 | ---- | C] () -- C:\Users\Jonny\Documents\ergebnisse.html
[2010.08.05 22:22:33 | 000,003,403 | ---- | C] () -- C:\Users\Jonny\Documents\cw-ergebnisse.html
[2010.08.04 05:08:27 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk
[2010.08.04 04:51:23 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Free MOV to AVI Converter.lnk
[2010.08.03 11:45:02 | 000,001,402 | ---- | C] () -- C:\Users\Jonny\Documents\Clan_werdegang.html
[2010.08.02 11:14:56 | 000,000,911 | ---- | C] () -- C:\Users\Jonny\Desktop\FileZilla.lnk
[2010.08.02 10:43:27 | 000,000,654 | ---- | C] () -- C:\Users\Jonny\Documents\mitte.html
[2010.08.01 10:19:04 | 000,001,945 | ---- | C] () -- C:\Users\Jonny\Documents\ClanRegeln.html
[2010.07.28 14:06:21 | 000,000,862 | ---- | C] () -- C:\Users\Jonny\Desktop\Free M4a to MP3 Converter.lnk
[2010.07.25 23:49:06 | 000,001,515 | ---- | C] () -- C:\Users\Jonny\Documents\testt.html
[2010.07.25 12:53:54 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.07.25 12:53:15 | 000,000,814 | ---- | C] () -- C:\Users\Jonny\Desktop\AVStoDVD.lnk
[2010.07.24 20:33:46 | 000,022,389 | ---- | C] () -- C:\Users\Jonny\Documents\Berichtsheft.odt
[2010.07.22 17:17:55 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.07.16 23:23:21 | 000,000,752 | ---- | C] () -- C:\Users\Jonny\Desktop\Audacity.lnk
[2010.06.26 10:41:06 | 000,000,193 | ---- | C] () -- C:\Windows\gesangstrainer.INI
[2010.06.22 11:34:53 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.22 22:54:33 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.04.19 15:09:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.04.14 16:44:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.04.14 16:44:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.04.13 22:02:22 | 000,000,076 | ---- | C] () -- C:\Windows\System32\w3url.dll
[2010.04.13 18:59:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2008.05.21 09:38:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004.06.27 19:04:56 | 000,004,608 | ---- | C] () -- C:\Windows\System32\imslevel.dll
[2004.06.27 18:33:38 | 000,011,776 | ---- | C] () -- C:\Windows\System32\imsispd.dll
[2002.06.06 01:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.04.18 18:30:50 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Anvil Studio
[2010.04.19 16:39:40 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\AquaSoft
[2010.08.04 05:09:07 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\avidemux
[2010.05.19 10:06:37 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\DAoC Portal
[2010.04.15 14:23:46 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\DemoPlugin
[2010.07.27 15:26:36 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.13 19:49:20 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Electronic Arts
[2010.08.03 01:23:00 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\FileZilla
[2010.07.05 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\FreeMoviesToDVD
[2010.08.05 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\gtk-2.0
[2010.04.16 19:24:56 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\ICQ
[2010.07.25 17:22:37 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\ImgBurn
[2010.04.13 22:02:17 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\J River
[2010.06.22 11:39:27 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\MAGIX
[2010.07.22 17:19:00 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Mp3tag
[2010.04.18 18:14:21 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\OpenOffice.org
[2010.04.13 21:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Opera
[2010.04.14 16:51:19 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\PC Suite
[2010.08.07 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Publish Providers
[2010.08.07 03:20:28 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\QuickStoresToolbar
[2010.04.14 16:44:35 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Samsung
[2010.08.07 10:03:37 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Sony
[2010.04.13 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\TuneUp Software
[2010.08.08 13:10:46 | 000,024,968 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.08 13:58:28 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.08 14:01:55 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Extras Datei:

Code

OTL Extras logfile created on: 08.08.2010 14:07:35 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Jonny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 27,66 Gb Free Space | 11,88% Space Free | Partition Type: NTFS
Drive D: | 224,04 Gb Total Space | 223,81 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 8,77 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JONNY-PC
Current User Name: Jonny
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C20272-73CF-4EF4-8091-AA8BF5D43D04}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{12F2ECB9-42ED-44B4-A23C-662F71525D0E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{180C82A9-B1F8-4C6F-B638-4F7E51332275}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E8B8D4B-E81D-45FB-9AC3-590A2509B5B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{395B4C86-6E1A-4AE0-816C-E4C578739F32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47E3D317-EAFC-4614-9466-324CC708E971}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4A913779-28C1-41FF-83B7-E39B013E7CF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{78AA01E5-BD77-4C59-8330-947E815E9B42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7ED1D1AA-7CE4-4921-B824-5AFC6500ABE6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE68010D-0A36-4B7F-A71D-93EF8EB8A17D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041A8231-B978-42E0-AE97-78F53E33122E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{0D7FCD52-814E-44D5-9BD4-1AE097B1FFF8}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{0F627D1B-C1D4-4A22-9233-67E0203F557D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{12B1E802-620E-462F-99BB-7FC05EF65D3C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{191BC525-0851-411B-8A72-E2EA84FDB9A1}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{1CD22D06-FCCD-49A4-98AC-8340FEBCD398}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{21EB2421-B90B-4F60-9E45-035385ACA2AF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{24D8BD78-1F06-4CCD-8F8E-268179F9F09D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{2E0EE5D8-498E-41A9-A36B-EFF590CB5C38}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3769B251-84FF-4A07-AB16-674EA50B3243}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{457680B9-B065-4E22-97B7-33CAF5B9EB3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{47546414-5CAC-4EDC-9C8E-42CC66E0BD8D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{4E77C407-13AD-408E-9FE2-93FCE427B128}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe | 
"{51B80ADE-C103-4E6B-B59E-F3594CAB4786}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{6D9A1B69-19A9-40D3-B4AC-35C93259886F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{7478B046-30BD-45B6-99E4-EA592636AC7E}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe | 
"{9694050C-2B6A-49C1-B961-4FF3BF68482E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{AA41BD95-DB71-409D-B9C9-4A720C133DFA}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{B2ACC9C8-271D-4065-A179-03F86E4DB50D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B5EABA45-FA33-4371-A3A8-B2D9EC3353A5}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{B9E4C0CC-4909-4E4F-ADFB-276D5261769B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{D8902D8D-DBA7-4078-BFB6-25F1061A2135}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe | 
"{DAC6F070-18BF-40EC-B6E5-C236D6C20983}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe | 
"{E6935086-237A-41CB-9F97-62CF00A00012}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F129FD10-DBFA-4769-B6A8-2B232C5C8B5B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F2BD3260-0541-4144-8E20-A57E5A54078D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{F733C939-5762-4EB9-A6D2-89C843DCE996}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"TCP Query User{3C451477-5BBF-40CC-B2E6-4B5C2C7A7BEE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{663159E3-4091-4576-A7B8-5AC1E5FA51FD}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{7F21CC42-754A-4132-AF61-E4F13059164B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{40F67287-A8D2-43EA-B2A8-A792501F189D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{71782952-C37A-4C3F-AAEF-42679F042047}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{95595A97-0D65-439F-A7F4-022A2F32EDFE}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0170D5C9-AF68-D6D1-07CC-A83FD90AB7D9}" = ATI Catalyst Install Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2228034C-BEFF-D60F-F2FF-80E69F6DD5A5}" = Catalyst Control Center Graphics Full Existing
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241D34AA-652B-4324-55A7-CD0259CEAA32}" = ccc-core-static
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{59A03F71-E85D-D470-5470-F4F2A940EC10}" = Catalyst Control Center Core Implementation
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{73591820-9655-D347-9032-3AED2D676225}" = Skins
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852D308A-9F81-EE66-24FC-36598BA96501}" = CCC Help German
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AA039BB-EA04-E7E2-54F4-963326F994FC}" = Catalyst Control Center Graphics Light
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ADF71B34-7446-F7C8-A2B2-3CB3E00D4165}" = Catalyst Control Center Graphics Previews Vista
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7C73454-CB05-57C7-0B59-72303E738F39}" = Catalyst Control Center Localization German
"{C8906D0F-C256-B8C7-4D7F-DDD3F68C672C}" = ccc-utility
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEFB865-E4EB-7202-1AD8-C3BE9B0E68CE}" = Catalyst Control Center Graphics Full New
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5B46D30-F054-4C64-9C0F-97C8451E7D04}" = BtwMfcMM
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.0.46
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.2
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVStoDVD" = AVStoDVD 2.3.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CursorFX" = CursorFX
"CursorXP" = CursorXP
"Dark Age of Camelot" = Dark Age of Camelot
"DivX Setup.divx.com" = DivX-Setup
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free MOV to AVI Converter_is1" = Free MOV to AVI Converter 1.2
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Gesangstrainer 1" = Gesangstrainer 1
"HaaliMkx" = Haali Media Splitter
"HP MiniCard Hybrid TV" = HP MiniCard Hybrid TV 1.3.0.61
"ImgBurn" = ImgBurn
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"intelliScore Polyphonic WAV to MIDI Converter" = intelliScore Polyphonic WAV to MIDI Converter
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Media Jukebox 12" = Media Jukebox 12
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.46a
"Neffy" = Neffy 1,3,29,0
"Oblivion User Patch v1.07 > v1.07.1 Minifix_is1" = Oblivion User Patch
"Oblivion User Patch v1.07_is1" = Oblivion User Patch
"Picasa 3" = Picasa 3
"PSP Video 9" = PSP Video 9 2.25
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SopCast" = SopCast 3.2.9
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VistaGlazz_is1" = VistaGlazz 2.0
"VLC media player" = VLC media player 1.0.5
"WAV 2 MID 1" = WAV 2 MID 1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DAoC Portal" = DAoC Portal
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25.07.2010 09:35:23 | Computer Name = Jonny-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: b84  Anfangszeit: 01cb2bfdff8b9890  Zeitpunkt der Beendigung:
 9
 
Error - 03.08.2010 09:11:27 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2010 13:26:48 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.08.2010 13:00:02 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.08.2010 19:16:34 | Computer Name = Jonny-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.08.2010 19:31:03 | Computer Name = Jonny-PC | Source = VSS | ID = 12289
Description = 
 
Error - 07.08.2010 19:28:40 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.08.2010 21:13:53 | Computer Name = Jonny-PC | Source = VSS | ID = 8194
Description = 
 
Error - 08.08.2010 07:59:00 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.08.2010 08:00:48 | Computer Name = Jonny-PC | Source = VSS | ID = 8194
Description = 
 
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Schritt 3: Rootkit-Suche mit Gmer Gemacht.

Alle programme beendet
Internet (W-Lan) ausgemacht
exe Datei Installiert
Antivir und Windows defender deaktiviert/ausgeschaltet
Gmer gestartet
dieser Warnhinweis kam nicht!
"copy" gedrückt
PC Neu gestartet
Antivir und Defender waren automatisch wieder eingestellt

Kopierte Datei:

Code

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-08 14:44:44
Windows 6.0.6002 Service Pack 2
Running: en6cm49m.exe; Driver: C:\Users\Jonny\AppData\Local\Temp\fglcypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Hoffe ich habe alles richtig gemacht und ihr könnt mir helfen.....

08.08.2010, 16:14

Swisstreasure

Moderator

Beiträge: 5694

#4 Weiterer Support fraglich

Code


[2010.08.07 01:55:40 | 000,204,800 | ---- | M] () -- C:\Users\Jonny\Desktop\Keygen.exe

Die Nutzung von Cracks, Keygens und/oder Patchs, die das Ziel haben, Bezahlsoftware ohne Bezahlung nutzbar zu machen, ist illegal und wir haben uns darauf geeinigt, dass wir uns nicht der Beihilfe schuldig machen werden. Dieses Forum unterliegt deutschen Gesetzen und die sind diesbezüglich sehr streng.

Dass Cracks und Keygens im Wesentlichen dazu dienen, um auf den Computern Malware und Backdoors unterzubringen, ist kein Geheimnis und muss jedem klar sein.

Du hast jetzt zwei Möglichkeiten: Entweder Du entfernst konsequent und rückstandlos jede Software, die auf diese Weise genutzt wird und verzichtest in Zukunft darauf, oder ich stelle den Support an dieser Stelle komplett ein.

08.08.2010, 17:22

RedOne

...neu hier

Themenstarter

Beiträge: 7

#5 Okay, sag mir alles Dateien die ich entfernen soll. Ich möchte meinen Laptop für alles dieser Welt wieder Viren frei bekommen und kann mich damit abfinden solche Dateien in Zukunft auch nicht mehr zu benutzen!

08.08.2010, 17:27

Swisstreasure

Moderator

Beiträge: 5694

#6 Was war dann das für ein Keygen?
Vermutlich für Vegas Pro 9.0. Falls ja, dann deinstallier bitte dieses Programm.

08.08.2010, 17:43

RedOne

...neu hier

Themenstarter

Beiträge: 7

#7 Programm ist deinstalliert, Setup gelöscht und Keygen gelöscht!

08.08.2010, 18:28

Swisstreasure

Moderator

Beiträge: 5694

#8 Schritt 1

Programme deinstallieren

Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren.

Code

Ask Toolbar
Ask.com

Berichte mir, falls sich ein Programm nicht deinstallieren lässt. Nach Beendigung der Bereinigung können wir schauen, welche davon Du wieder installieren kannst/sollest.

Schritt 2

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code

:OTL

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=24332B48-2EBD-4570-B834-821E298FE7C3&apn_ptnrs=PV&apn_sauid=2B6CA946-24CB-4EAB-8F5A-5474AE9FD9D1&apn_dtid=&q="
[2010.06.24 20:42:40 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\toolbar@ask.com
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
[2010.08.08 14:01:55 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.08 13:58:28 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.08 13:57:58 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.08 13:57:58 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
:Commands
[purity]
[emptytemp]

• und füge es hier ein:

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf

.
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 3

Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

Lade Malwarebytes Anti-Malware (ca. 2 MB) von diesem Downloadspiegel herunter:

Malwarebytes

* Anwendbar auf Windows 2000, XP, Vista und Windows 7.
* Installiere das Programm in den vorgegebenen Pfad.
* Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
* Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
* Aktiviere "Komplett Scan durchführen" => Scan.
* Wähle alle verfügbaren Laufwerke aus und starte den Scan.
* Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
* Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
* Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
* Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
* Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
* Berichte, wie der Rechner nun läuft.

14.08.2010, 12:48

RedOne

...neu hier

Themenstarter

Beiträge: 7

#9 Sorry hatte extrem viel stress, habs jetzt alles gemacht:

Schritt 1: Ask Datei deinstaliert

Schritt 2:

Code

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: toolbar@ask.com:3.6.6.117 removed from extensions.enabledItems
Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=24332B48-2EBD-4570-B834-821E298FE7C3&apn_ptnrs=PV&apn_sauid=2B6CA946-24CB-4EAB-8F5A-5474AE9FD9D1&apn_dtid=&q=" removed from keyword.URL
Folder C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\toolbar@ask.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
File C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job not found.
File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 1967909 bytes
->Temporary Internet Files folder emptied: 188939 bytes
->Java cache emptied: 6379 bytes
->FireFox cache emptied: 20793456 bytes
->Opera cache emptied: 10205131 bytes
->Flash cache emptied: 2038 bytes
 
User: Jonny
->Temp folder emptied: 343078 bytes
->Temporary Internet Files folder emptied: 526859 bytes
->Java cache emptied: 2071603 bytes
->FireFox cache emptied: 37702976 bytes
->Opera cache emptied: 22169205 bytes
->Flash cache emptied: 7156 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1192 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 92,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08142010_105037

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Schritt 3:

Code

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4427

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

14.08.2010 12:38:41
mbam-log-2010-08-14 (12-38-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 293370
Laufzeit: 1 Stunde(n), 37 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Public\winbrd.jpg (Malware.Trace) -> Quarantined and deleted successfully.

Okay, Pc läuft gut....war das alles?
Vielen, Vielen dank für deine Hilfe!

14.08.2010, 14:55

Swisstreasure

Moderator

Beiträge: 5694

#10 Schritt 1

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button

drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den

Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".•

drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.

Schritt 2

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.

15.08.2010, 00:02

RedOne

...neu hier

Themenstarter

Beiträge: 7

#11 Schritt 1:

Code

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c98600cd0121d6409689530e3b4c58ed
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-14 09:45:32
# local_time=2010-08-14 11:45:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 591624 40911978 124731 0
# compatibility_mode=5892 16776573 100 100 131874 119348013 0 0
# compatibility_mode=8192 67108863 100 0 205 205 0 0
# scanned=165990
# found=0
# cleaned=0
# scan_time=7047

Schritt 2:

Teil 1:

Code

OTL logfile created on: 14.08.2010 23:57:42 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Jonny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 21,50 Gb Free Space | 9,23% Space Free | Partition Type: NTFS
Drive D: | 224,04 Gb Total Space | 223,81 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 8,77 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JONNY-PC
Current User Name: Jonny
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Users\Jonny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Jonny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\J River\Media Jukebox 12\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (wxpSvc) -- C:\Program Files\wLite\wService.exe (Moonware Studios)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (clwvd) -- C:\Windows\System32\DRIVERS\clwvd.sys File not found
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15003&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {86bac0dc-cb09-4dcf-b134-b720890c6c23}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.08 03:30:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.08 03:30:52 | 000,000,000 | ---D | M]
 
[2010.04.13 22:22:46 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Extensions
[2010.08.12 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions
[2010.06.21 20:53:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.24 16:35:05 | 000,000,000 | ---D | M] (SweetIm German Toolbar) -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\{86bac0dc-cb09-4dcf-b134-b720890c6c23}
[2010.04.18 22:25:33 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.07.27 15:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.20 20:24:13 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\mozilla\Firefox\Profiles\clea8g9a.default\extensions\firefox@tvunetworks.com
[2010.08.08 03:19:27 | 000,002,384 | ---- | M] () -- C:\Users\Jonny\AppData\Roaming\Mozilla\FireFox\Profiles\clea8g9a.default\searchplugins\askcom.xml
[2010.08.12 21:31:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.21 15:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.29 13:54:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.06.21 15:57:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jonny\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jonny\Pictures\Wallpaper\Sommer\space_art_wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jonny\Pictures\Wallpaper\Sommer\space_art_wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.08.14 21:44:40 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.14 10:50:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.14 10:49:27 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\Malwarebytes
[2010.08.14 10:49:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.14 10:49:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.14 10:49:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.14 10:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.14 10:48:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jonny\Desktop\mbam-setup-1.46.exe
[2010.08.12 20:47:32 | 000,000,000 | ---D | C] -- C:\Users\Jonny\Desktop\Qut Of Map#
[2010.08.11 00:00:48 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 00:00:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 00:00:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 00:00:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.11 00:00:23 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.11 00:00:08 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.10 23:59:43 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.10 23:59:42 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.09 20:00:17 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\Cuttermaran
[2010.08.09 19:56:40 | 000,000,000 | ---D | C] -- C:\Programme\Cuttermaran
[2010.08.09 19:46:46 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\XMedia Recode
[2010.08.09 19:43:24 | 000,000,000 | ---D | C] -- C:\Programme\XMedia Recode
[2010.08.08 14:06:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jonny\Desktop\OTL.exe
[2010.08.08 03:39:42 | 000,000,000 | ---D | C] -- C:\Users\Jonny\Desktop\Sony Vegas
[2010.08.07 10:03:43 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\Publish Providers
[2010.08.07 02:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.08.07 01:30:15 | 176,001,152 | ---- | C] (Sony Creative Software Inc.) -- C:\Users\Jonny\Desktop\vegaspro90e_32bit.exe
[2010.08.06 23:39:00 | 000,000,000 | ---D | C] -- C:\Users\Jonny\Documents\Vegas Movie Studio HD Platinum 10.0 Projekte
[2010.08.06 23:39:00 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Local\Sony
[2010.08.06 11:07:10 | 000,000,000 | ---D | C] -- C:\Programme\Sony
[2010.08.06 11:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\Sony
[2010.08.06 10:28:30 | 000,000,000 | ---D | C] -- C:\Programme\Neffy
[2010.08.06 10:13:16 | 000,000,000 | ---D | C] -- C:\Users\Jonny\Documents\Programme
[2010.08.04 05:08:37 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\avidemux
[2010.08.04 05:08:15 | 000,000,000 | ---D | C] -- C:\Programme\Avidemux 2.5
[2010.08.04 04:51:22 | 001,576,960 | ---- | C] (http://mediainfo.sourceforge.net) -- C:\Windows\System32\MediaInfo.dll
[2010.08.04 04:51:22 | 000,088,379 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2010.08.04 04:51:21 | 000,000,000 | ---D | C] -- C:\Programme\Free MOV to AVI Converter
[2010.08.02 11:14:13 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\FileZilla
[2010.08.02 11:14:07 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2010.07.28 14:06:18 | 000,000,000 | ---D | C] -- C:\Programme\Free M4a to MP3 Converter
[2010.07.27 15:26:36 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.25 12:54:25 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\ImgBurn
[2010.07.25 12:54:13 | 000,000,000 | ---D | C] -- C:\Programme\Haali
[2010.07.25 12:53:50 | 000,000,000 | ---D | C] -- C:\Programme\ImgBurn
[2010.07.25 12:53:25 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2010.07.25 12:47:14 | 000,000,000 | ---D | C] -- C:\Programme\AVStoDVD
[2010.07.22 17:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jonny\AppData\Roaming\Mp3tag
[2010.07.22 17:17:54 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag
[2010.07.16 23:23:19 | 000,000,000 | ---D | C] -- C:\Programme\Audacity
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.08.14 23:57:18 | 002,621,440 | -HS- | M] () -- C:\Users\Jonny\NTUSER.DAT
[2010.08.14 23:06:59 | 000,002,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.14 23:06:59 | 000,002,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.14 21:09:55 | 002,672,312 | ---- | M] () -- C:\Users\Jonny\Desktop\esetsmartinstaller_enu.exe
[2010.08.14 21:07:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.14 14:02:00 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.14 12:40:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.14 12:40:13 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.14 12:39:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.14 12:39:13 | 000,524,288 | -HS- | M] () -- C:\Users\Jonny\NTUSER.DAT{48ff171b-4b94-11df-a49d-001eeca3cece}.TMContainer00000000000000000001.regtrans-ms
[2010.08.14 12:39:13 | 000,065,536 | -HS- | M] () -- C:\Users\Jonny\NTUSER.DAT{48ff171b-4b94-11df-a49d-001eeca3cece}.TM.blf
[2010.08.14 12:39:12 | 002,987,966 | -H-- | M] () -- C:\Users\Jonny\AppData\Local\IconCache.db
[2010.08.14 10:59:03 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.14 10:59:03 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.14 10:59:03 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.14 10:59:03 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.14 10:59:03 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.14 10:49:18 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.14 10:48:57 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jonny\Desktop\mbam-setup-1.46.exe
[2010.08.12 21:53:34 | 000,056,846 | ---- | M] () -- C:\Users\Jonny\Desktop\Foto0617.jpg
[2010.08.12 21:30:01 | 000,210,432 | ---- | M] () -- C:\Users\Jonny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.12 20:43:22 | 000,021,656 | ---- | M] () -- C:\Users\Jonny\Desktop\Sniper Montage Vegas rec.veg
[2010.08.12 11:48:48 | 000,002,172 | ---- | M] () -- C:\Users\Jonny\Documents\html_clan war ergebnisse.html
[2010.08.11 03:23:25 | 000,281,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.10 21:23:52 | 003,145,339 | ---- | M] () -- C:\Users\Jonny\Desktop\Mirrors(LEAKTHATdotCOM).mp3
[2010.08.10 21:18:21 | 004,366,431 | ---- | M] () -- C:\Users\Jonny\Desktop\CircleTheDrain(LEAKTHATdotCOM).mp3
[2010.08.10 21:17:31 | 009,849,081 | ---- | M] () -- C:\Users\Jonny\Desktop\CircleTheDrain(LEAKTHATdotCOM).m4a
[2010.08.10 09:12:46 | 007,150,368 | ---- | M] () -- C:\Users\Jonny\Desktop\Mirrors(LEAKTHATdotCOM).m4a
[2010.08.09 20:00:11 | 000,002,465 | ---- | M] () -- C:\Users\Jonny\Desktop\Cuttermaran 1.70.lnk
[2010.08.09 19:43:25 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2010.08.09 19:42:28 | 005,358,681 | ---- | M] () -- C:\Users\Jonny\Desktop\XMediaRecode2253_setup.exe
[2010.08.08 22:11:44 | 000,304,610 | ---- | M] () -- C:\Users\Jonny\Desktop\Newone.jpg
[2010.08.08 22:11:11 | 007,518,372 | ---- | M] () -- C:\Users\Jonny\Desktop\01 Doin' Your Mom.mp4
[2010.08.08 14:30:14 | 000,293,376 | ---- | M] () -- C:\Users\Jonny\Desktop\en6cm49m.exe
[2010.08.08 14:06:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jonny\Desktop\OTL.exe
[2010.08.08 03:52:57 | 000,069,080 | ---- | M] () -- C:\Users\Jonny\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.08 03:37:11 | 000,022,808 | ---- | M] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv.sfk
[2010.08.08 03:36:33 | 002,911,064 | ---- | M] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv.sfap0
[2010.08.08 03:30:55 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.07 11:49:34 | 231,518,552 | ---- | M] () -- C:\Users\Jonny\Desktop\VivaCR46.rar
[2010.08.07 10:11:57 | 009,093,533 | ---- | M] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv
[2010.08.07 10:09:51 | 000,167,686 | ---- | M] () -- C:\Users\Jonny\Desktop\bauchbinde.zip
[2010.08.07 01:47:34 | 176,001,152 | ---- | M] (Sony Creative Software Inc.) -- C:\Users\Jonny\Desktop\vegaspro90e_32bit.exe
[2010.08.06 10:58:25 | 045,302,421 | ---- | M] () -- C:\Users\Jonny\Desktop\10.0.part2.rar
[2010.08.06 10:57:09 | 000,009,030 | ---- | M] () -- C:\Users\Jonny\Desktop\cooltext466160782.png
[2010.08.06 10:23:50 | 104,857,600 | ---- | M] () -- C:\Users\Jonny\Desktop\10.0.part1.rar
[2010.08.05 23:01:23 | 000,067,374 | ---- | M] () -- C:\Users\Jonny\.recently-used.xbel
[2010.08.05 22:39:12 | 000,002,263 | ---- | M] () -- C:\Users\Jonny\Documents\ergebnisse.html
[2010.08.05 22:22:36 | 000,003,403 | ---- | M] () -- C:\Users\Jonny\Documents\cw-ergebnisse.html
[2010.08.04 05:08:27 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk
[2010.08.04 04:51:23 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Free MOV to AVI Converter.lnk
[2010.08.03 15:14:53 | 000,007,620 | ---- | M] () -- C:\Users\Jonny\AppData\Local\d3d9caps.dat
[2010.08.03 11:45:04 | 000,001,402 | ---- | M] () -- C:\Users\Jonny\Documents\Clan_werdegang.html
[2010.08.02 11:20:32 | 000,000,911 | ---- | M] () -- C:\Users\Jonny\Desktop\FileZilla.lnk
[2010.08.02 10:43:30 | 000,000,654 | ---- | M] () -- C:\Users\Jonny\Documents\mitte.html
[2010.08.01 10:19:08 | 000,001,945 | ---- | M] () -- C:\Users\Jonny\Documents\ClanRegeln.html
[2010.07.28 14:06:21 | 000,000,862 | ---- | M] () -- C:\Users\Jonny\Desktop\Free M4a to MP3 Converter.lnk
[2010.07.27 15:26:32 | 000,001,032 | ---- | M] () -- C:\Users\Jonny\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.25 23:49:10 | 000,001,515 | ---- | M] () -- C:\Users\Jonny\Documents\testt.html
[2010.07.25 17:10:55 | 000,022,389 | ---- | M] () -- C:\Users\Jonny\Documents\Berichtsheft.odt
[2010.07.25 12:53:54 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.07.25 12:53:15 | 000,000,814 | ---- | M] () -- C:\Users\Jonny\Desktop\AVStoDVD.lnk
[2010.07.22 17:17:55 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.07.16 23:23:21 | 000,000,752 | ---- | M] () -- C:\Users\Jonny\Desktop\Audacity.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.08.14 21:09:47 | 002,672,312 | ---- | C] () -- C:\Users\Jonny\Desktop\esetsmartinstaller_enu.exe
[2010.08.14 12:40:25 | 000,002,096 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.14 12:40:25 | 000,002,096 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.14 10:49:18 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 21:53:05 | 000,056,846 | ---- | C] () -- C:\Users\Jonny\Desktop\Foto0617.jpg
[2010.08.12 20:43:22 | 000,021,656 | ---- | C] () -- C:\Users\Jonny\Desktop\Sniper Montage Vegas rec.veg
[2010.08.12 11:48:45 | 000,002,172 | ---- | C] () -- C:\Users\Jonny\Documents\html_clan war ergebnisse.html
[2010.08.10 21:18:24 | 003,145,339 | ---- | C] () -- C:\Users\Jonny\Desktop\Mirrors(LEAKTHATdotCOM).mp3
[2010.08.10 21:18:05 | 004,366,431 | ---- | C] () -- C:\Users\Jonny\Desktop\CircleTheDrain(LEAKTHATdotCOM).mp3
[2010.08.10 09:12:23 | 009,849,081 | ---- | C] () -- C:\Users\Jonny\Desktop\CircleTheDrain(LEAKTHATdotCOM).m4a
[2010.08.10 09:12:10 | 007,150,368 | ---- | C] () -- C:\Users\Jonny\Desktop\Mirrors(LEAKTHATdotCOM).m4a
[2010.08.09 19:56:41 | 000,002,465 | ---- | C] () -- C:\Users\Jonny\Desktop\Cuttermaran 1.70.lnk
[2010.08.09 19:43:25 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2010.08.09 19:42:09 | 005,358,681 | ---- | C] () -- C:\Users\Jonny\Desktop\XMediaRecode2253_setup.exe
[2010.08.08 22:11:20 | 000,304,610 | ---- | C] () -- C:\Users\Jonny\Desktop\Newone.jpg
[2010.08.08 22:09:35 | 007,518,372 | ---- | C] () -- C:\Users\Jonny\Desktop\01 Doin' Your Mom.mp4
[2010.08.08 14:30:14 | 000,293,376 | ---- | C] () -- C:\Users\Jonny\Desktop\en6cm49m.exe
[2010.08.08 03:36:34 | 000,022,808 | ---- | C] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv.sfk
[2010.08.08 03:36:32 | 002,911,064 | ---- | C] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv.sfap0
[2010.08.08 03:30:55 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.08 03:24:12 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.07 11:30:25 | 231,518,552 | ---- | C] () -- C:\Users\Jonny\Desktop\VivaCR46.rar
[2010.08.07 10:11:09 | 009,093,533 | ---- | C] () -- C:\Users\Jonny\Desktop\Intro_3_GuGy.wmv
[2010.08.07 10:09:51 | 000,167,686 | ---- | C] () -- C:\Users\Jonny\Desktop\bauchbinde.zip
[2010.08.06 10:57:09 | 000,009,030 | ---- | C] () -- C:\Users\Jonny\Desktop\cooltext466160782.png
[2010.08.06 10:51:06 | 045,302,421 | ---- | C] () -- C:\Users\Jonny\Desktop\10.0.part2.rar
[2010.08.06 10:06:36 | 104,857,600 | ---- | C] () -- C:\Users\Jonny\Desktop\10.0.part1.rar
[2010.08.05 23:01:23 | 000,067,374 | ---- | C] () -- C:\Users\Jonny\.recently-used.xbel
[2010.08.05 22:39:09 | 000,002,263 | ---- | C] () -- C:\Users\Jonny\Documents\ergebnisse.html
[2010.08.05 22:22:33 | 000,003,403 | ---- | C] () -- C:\Users\Jonny\Documents\cw-ergebnisse.html
[2010.08.04 05:08:27 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk
[2010.08.04 04:51:23 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Free MOV to AVI Converter.lnk
[2010.08.03 11:45:02 | 000,001,402 | ---- | C] () -- C:\Users\Jonny\Documents\Clan_werdegang.html
[2010.08.02 11:14:56 | 000,000,911 | ---- | C] () -- C:\Users\Jonny\Desktop\FileZilla.lnk
[2010.08.02 10:43:27 | 000,000,654 | ---- | C] () -- C:\Users\Jonny\Documents\mitte.html
[2010.08.01 10:19:04 | 000,001,945 | ---- | C] () -- C:\Users\Jonny\Documents\ClanRegeln.html
[2010.07.28 14:06:21 | 000,000,862 | ---- | C] () -- C:\Users\Jonny\Desktop\Free M4a to MP3 Converter.lnk
[2010.07.25 23:49:06 | 000,001,515 | ---- | C] () -- C:\Users\Jonny\Documents\testt.html
[2010.07.25 12:53:54 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.07.25 12:53:15 | 000,000,814 | ---- | C] () -- C:\Users\Jonny\Desktop\AVStoDVD.lnk
[2010.07.24 20:33:46 | 000,022,389 | ---- | C] () -- C:\Users\Jonny\Documents\Berichtsheft.odt
[2010.07.22 17:17:55 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.07.16 23:23:21 | 000,000,752 | ---- | C] () -- C:\Users\Jonny\Desktop\Audacity.lnk
[2010.06.26 10:41:06 | 000,000,193 | ---- | C] () -- C:\Windows\gesangstrainer.INI
[2010.06.22 11:34:53 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.22 22:54:33 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.04.19 15:09:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.04.14 16:44:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.04.14 16:44:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.04.13 22:02:22 | 000,000,076 | ---- | C] () -- C:\Windows\System32\w3url.dll
[2010.04.13 18:59:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2008.05.21 09:38:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004.06.27 19:04:56 | 000,004,608 | ---- | C] () -- C:\Windows\System32\imslevel.dll
[2004.06.27 18:33:38 | 000,011,776 | ---- | C] () -- C:\Windows\System32\imsispd.dll
[2002.06.06 01:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.04.18 18:30:50 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Anvil Studio
[2010.04.19 16:39:40 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\AquaSoft
[2010.08.04 05:09:07 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\avidemux
[2010.08.09 20:02:26 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Cuttermaran
[2010.05.19 10:06:37 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\DAoC Portal
[2010.04.15 14:23:46 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\DemoPlugin
[2010.07.27 15:26:36 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.13 19:49:20 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Electronic Arts
[2010.08.03 01:23:00 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\FileZilla
[2010.07.05 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\FreeMoviesToDVD
[2010.08.05 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\gtk-2.0
[2010.04.16 19:24:56 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\ICQ
[2010.07.25 17:22:37 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\ImgBurn
[2010.04.13 22:02:17 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\J River
[2010.06.22 11:39:27 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\MAGIX
[2010.07.22 17:19:00 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Mp3tag
[2010.04.18 18:14:21 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\OpenOffice.org
[2010.04.13 21:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Opera
[2010.04.14 16:51:19 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\PC Suite
[2010.08.07 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Publish Providers
[2010.08.07 03:20:28 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\QuickStoresToolbar
[2010.04.14 16:44:35 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Samsung
[2010.08.07 10:03:37 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\Sony
[2010.04.13 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\TuneUp Software
[2010.08.09 19:46:46 | 000,000,000 | ---D | M] -- C:\Users\Jonny\AppData\Roaming\XMedia Recode
[2010.08.14 12:39:18 | 000,026,858 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Teil 2:

Code

OTL Extras logfile created on: 14.08.2010 23:57:42 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Jonny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 21,50 Gb Free Space | 9,23% Space Free | Partition Type: NTFS
Drive D: | 224,04 Gb Total Space | 223,81 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 8,77 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JONNY-PC
Current User Name: Jonny
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C20272-73CF-4EF4-8091-AA8BF5D43D04}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{12F2ECB9-42ED-44B4-A23C-662F71525D0E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{180C82A9-B1F8-4C6F-B638-4F7E51332275}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E8B8D4B-E81D-45FB-9AC3-590A2509B5B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{395B4C86-6E1A-4AE0-816C-E4C578739F32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47E3D317-EAFC-4614-9466-324CC708E971}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4A913779-28C1-41FF-83B7-E39B013E7CF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{78AA01E5-BD77-4C59-8330-947E815E9B42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7ED1D1AA-7CE4-4921-B824-5AFC6500ABE6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE68010D-0A36-4B7F-A71D-93EF8EB8A17D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041A8231-B978-42E0-AE97-78F53E33122E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{0D7FCD52-814E-44D5-9BD4-1AE097B1FFF8}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{0F627D1B-C1D4-4A22-9233-67E0203F557D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{12B1E802-620E-462F-99BB-7FC05EF65D3C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{191BC525-0851-411B-8A72-E2EA84FDB9A1}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{1CD22D06-FCCD-49A4-98AC-8340FEBCD398}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{21EB2421-B90B-4F60-9E45-035385ACA2AF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{24D8BD78-1F06-4CCD-8F8E-268179F9F09D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{2E0EE5D8-498E-41A9-A36B-EFF590CB5C38}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3769B251-84FF-4A07-AB16-674EA50B3243}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{457680B9-B065-4E22-97B7-33CAF5B9EB3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{47546414-5CAC-4EDC-9C8E-42CC66E0BD8D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{4E77C407-13AD-408E-9FE2-93FCE427B128}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe | 
"{51B80ADE-C103-4E6B-B59E-F3594CAB4786}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{6D9A1B69-19A9-40D3-B4AC-35C93259886F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{7478B046-30BD-45B6-99E4-EA592636AC7E}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe | 
"{9694050C-2B6A-49C1-B961-4FF3BF68482E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{AA41BD95-DB71-409D-B9C9-4A720C133DFA}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{B2ACC9C8-271D-4065-A179-03F86E4DB50D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B5EABA45-FA33-4371-A3A8-B2D9EC3353A5}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{B9E4C0CC-4909-4E4F-ADFB-276D5261769B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{D8902D8D-DBA7-4078-BFB6-25F1061A2135}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe | 
"{DAC6F070-18BF-40EC-B6E5-C236D6C20983}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe | 
"{E6935086-237A-41CB-9F97-62CF00A00012}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F129FD10-DBFA-4769-B6A8-2B232C5C8B5B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F2BD3260-0541-4144-8E20-A57E5A54078D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{F733C939-5762-4EB9-A6D2-89C843DCE996}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"TCP Query User{3C451477-5BBF-40CC-B2E6-4B5C2C7A7BEE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{663159E3-4091-4576-A7B8-5AC1E5FA51FD}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{7F21CC42-754A-4132-AF61-E4F13059164B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{40F67287-A8D2-43EA-B2A8-A792501F189D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{71782952-C37A-4C3F-AAEF-42679F042047}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{95595A97-0D65-439F-A7F4-022A2F32EDFE}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0170D5C9-AF68-D6D1-07CC-A83FD90AB7D9}" = ATI Catalyst Install Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2228034C-BEFF-D60F-F2FF-80E69F6DD5A5}" = Catalyst Control Center Graphics Full Existing
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241D34AA-652B-4324-55A7-CD0259CEAA32}" = ccc-core-static
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{59A03F71-E85D-D470-5470-F4F2A940EC10}" = Catalyst Control Center Core Implementation
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{73591820-9655-D347-9032-3AED2D676225}" = Skins
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852D308A-9F81-EE66-24FC-36598BA96501}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AA039BB-EA04-E7E2-54F4-963326F994FC}" = Catalyst Control Center Graphics Light
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ADF71B34-7446-F7C8-A2B2-3CB3E00D4165}" = Catalyst Control Center Graphics Previews Vista
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7C73454-CB05-57C7-0B59-72303E738F39}" = Catalyst Control Center Localization German
"{C8906D0F-C256-B8C7-4D7F-DDD3F68C672C}" = ccc-utility
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEFB865-E4EB-7202-1AD8-C3BE9B0E68CE}" = Catalyst Control Center Graphics Full New
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5B46D30-F054-4C64-9C0F-97C8451E7D04}" = BtwMfcMM
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.0.46
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.2
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVStoDVD" = AVStoDVD 2.3.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CursorFX" = CursorFX
"CursorXP" = CursorXP
"Dark Age of Camelot" = Dark Age of Camelot
"DivX Setup.divx.com" = DivX-Setup
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free MOV to AVI Converter_is1" = Free MOV to AVI Converter 1.2
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Gesangstrainer 1" = Gesangstrainer 1
"HaaliMkx" = Haali Media Splitter
"HP MiniCard Hybrid TV" = HP MiniCard Hybrid TV 1.3.0.61
"ImgBurn" = ImgBurn
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"intelliScore Polyphonic WAV to MIDI Converter" = intelliScore Polyphonic WAV to MIDI Converter
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Jukebox 12" = Media Jukebox 12
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.46a
"Neffy" = Neffy 1,3,29,0
"Oblivion User Patch v1.07 > v1.07.1 Minifix_is1" = Oblivion User Patch
"Oblivion User Patch v1.07_is1" = Oblivion User Patch
"Picasa 3" = Picasa 3
"PSP Video 9" = PSP Video 9 2.25
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SopCast" = SopCast 3.2.9
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VistaGlazz_is1" = VistaGlazz 2.0
"VLC media player" = VLC media player 1.0.5
"WAV 2 MID 1" = WAV 2 MID 1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.5.3
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DAoC Portal" = DAoC Portal
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 08.08.2010 08:41:47 | Computer Name = Jonny-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.08.2010 08:43:32 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.08.2010 08:45:04 | Computer Name = Jonny-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.08.2010 08:46:30 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.08.2010 11:42:45 | Computer Name = Jonny-PC | Source = VSS | ID = 8194
Description = 
 
Error - 09.08.2010 14:41:42 | Computer Name = Jonny-PC | Source = VSS | ID = 8194
Description = 
 
Error - 10.08.2010 21:23:50 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2010 04:53:23 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2010 06:40:27 | Computer Name = Jonny-PC | Source = Software Licensing Service | ID = 12291
Description = Fehler beim Starten des Schlüsselverwaltungsdienstes (Key Management
 Service, KMS).  Info:  hr=0xC004D301
 
Error - 14.08.2010 06:41:51 | Computer Name = Jonny-PC | Source = WinMgmt | ID = 10
Description = 
 
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

16.08.2010, 13:07

Swisstreasure

Moderator

Beiträge: 5694

#12 Gib kurz eine Rückmeldung wie die Kiste läuft

16.08.2010, 20:55

RedOne

...neu hier

Themenstarter

Beiträge: 7

#13 Der Warnhinweis kam nicht mehr. Weder antiVir noch Windows Defender haben sich gemeldet.
PC Läuft gut. Kein unterschied zu vorher. Ist das Virus jetzt komplett weg?

17.08.2010, 12:52

Swisstreasure

Moderator

Beiträge: 5694

#14 Schritt 1

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button

Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".•

18.08.2010, 14:55

Chris1972

Member

Beiträge: 29

#15 Guten Tag,

den oben genannten Virus hatte meine Bekannte auch vor kurzem. Dumm war nur dabei, dass Sie WoW installiert hatte und am Ende einen PW-Stealth Trojaner drauf hatte, welcher Ihre PW ausliest.

Ich ratete Ihr im abgesicherten Modus, AntiMalwarebyte laufen zu lassen, was am Ende half.
Avira konnte den gar nicht ausmachen, WindowsDefender hat ununterbrochen geschrien und Norton (=Ansichtssache) hat mal wieder Menge Speicher angenommen und nix gefunden!

Wie Moderator schon sagte, ladet auf gar keinen Fall irgendwelche Keygens oder derart runter.
SIND ILLEGAL UND BRINGEN NIX !
Diese sind zu 99% mit Viren verseucht (meist 123kb Gross). Wenn Ihr das macht, wird ein TrojanDownloader aktiv, welcher einerseits Sypware und Trojaner nachläd wie es in diesem Punkt bei meiner Bekannten war. Im TaskManager könnt Ihr unter laufende Prozesse meistens eine q... Datei ausfindig machen wo Apix und noch etwas im Text dabei steht. Ausserdem kopiert der eine Datei unter
Benutzer/Name des Benutzers/AppData/Temp hinein (bei Windows7). In der Registry ist der ebenfalls vorhanden.

Habe den Link von dieser Site Ihr weitergeleitet, damit, wenn Sie wieder etwas hat, sich gleich an das Forum richten kann.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2