Home » Viren, Trojaner & Malware Forum » Verstopfter PC/Sehr langsame Leistung » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3 4

Antworten

Verstopfter PC/Sehr langsame Leistung

09.09.2010, 17:02

Virenproblemo

Member

Beiträge: 36

#1 Guten Nachmittag.

Ich habe folgendes Problem. Von meinen Sohn der Computer läuft sehr langsam.
Dies mag vielleicht auch daran liegen, dass er Online-Spiele spielt etc.
Es dauert sehr lange, bis sich ein Ordner öffnet.
Machmal bleibt die Maus und der gesamte Pc stehen, es tut sich nicht,
sekundenpause so zu sagen. Ich weiß nicht ob das Viruse sind, oder sonst fremde Programme.

Ich wollte hier mal entreinigen. ich hoffe ihr hillft mir.

Eins wer noch zu sagen, sein Computer macht Geräusche, beim youtube clip,
sogar auch beim Tastentippen. Ist das das Netzteil, oder vielleicht die Grafikkarte?

Mfg
Virenproblemo

09.09.2010, 18:11

gangren

Member

Beiträge: 420

#2 Hi,

ähm, es macht Geräusche? Könntest Du das etwas präziser beschreiben?

1. Malwarebytes
http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe
Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten.

2. OTL
http://oldtimer.geekstogo.com/OTL.exe
Das Programm starten, bei Scan All Users, Loop Check und Purity Check Häckchen setzen und auf Run Scan klicken. Es werden zwei Logs erstellt, OTL.txt und Extras.txt, die beiden bitte posten.

09.09.2010, 19:41

Virenproblemo

Member

Themenstarter

Beiträge: 36

#3 Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4111

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

09.09.2010 19:39:53
mbam-log-2010-09-09 (19-39-53).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132430
Laufzeit: 7 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

09.09.2010, 19:48

Virenproblemo

Member

Themenstarter

Beiträge: 36

#4 OTL ist auf deutsch.
Wo soll ich Häkchen setzen?

09.09.2010, 19:51

gangren

Member

Beiträge: 420

#5 Bei "Scanne alle Benutzer", "Loop Prüfung" und "Purity Prüfung". Aber bevor du mit OTL scannst:

Zitat

Datenbank Version: 4111

Malwarebytes war nicht aktuell. Bitte aktualisieren und noch mal scannen lassen.

09.09.2010, 20:04

Virenproblemo

Member

Themenstarter

Beiträge: 36

#6 MalwareBytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4583

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

09.09.2010 20:04:27
mbam-log-2010-09-09 (20-04-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148444
Laufzeit: 5 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\WINDOWS\system32\scvhost (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

09.09.2010, 20:07

Virenproblemo

Member

Themenstarter

Beiträge: 36

#7 OTL

OTL logfile created on: 09.09.2010 20:05:15 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Maik\Desktop\VirenTrojaner Scanner
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 12,13 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 151,94 Gb Free Space | 81,55% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 44,80 Gb Free Space | 91,74% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 40,34 Gb Free Space | 82,62% Space Free | Partition Type: NTFS
Drive G: | 39,82 Gb Total Space | 28,41 Gb Free Space | 71,36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIK-E390DD33B9
Current User Name: Maik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.09.09 19:44:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Maik\Desktop\VirenTrojaner Scanner\OTL.exe
PRC - [2010.09.09 09:45:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox3.6\firefox.exe
PRC - [2010.07.17 11:38:07 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\AVG9\avgnsx.exe
PRC - [2010.07.17 11:38:07 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\AVG9\avgrsx.exe
PRC - [2010.07.17 11:38:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\AVG9\avgwdsvc.exe
PRC - [2010.07.17 11:37:24 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\AVG9\avgcsrvx.exe
PRC - [2010.07.17 11:37:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\AVG9\avgchsvx.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.08.28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Programme\RealVNC\VNC4\winvnc4.exe
PRC - [2008.06.03 19:00:05 | 001,134,592 | -H-- | M] (Müller) -- C:\WINDOWS\system32\winadm.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.10 13:24:34 | 000,278,528 | ---- | M] () -- C:\Programme\Philips\Philips SPC210NC Webcam\TrayMin210.exe
PRC - [2005.08.06 02:07:30 | 000,061,440 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.01.31 20:11:00 | 002,752,000 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005.01.05 16:40:24 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004.06.09 15:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE
PRC - [2002.04.12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001.12.13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.09.09 19:44:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Maik\Desktop\VirenTrojaner Scanner\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010.08.28 16:55:47 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3745.dll -- (Akamai)
SRV - [2010.07.17 11:38:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.06.18 15:15:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.14 19:56:28 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Programme\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008.07.18 15:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.05.30 12:32:16 | 000,572,416 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.04.12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\VClone.sys -- (VClone)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010.07.17 11:38:09 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.17 11:37:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.06.05 19:49:31 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.03.25 20:06:30 | 000,099,728 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.06.11 14:47:39 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.02.17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008.10.29 05:10:58 | 003,341,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 21:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.10.09 16:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.02.02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.01.31 18:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005.12.14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005.11.30 18:42:30 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2005.11.24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.11.11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005.08.16 13:17:01 | 000,015,360 | ---- | M] () [Kernel | System | Running] -- C:\Programme\TRIXX\TRIXXDriver.sys -- (TRIXX)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.07.22 12:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005.07.22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.02.26 16:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2005.02.09 18:02:52 | 000,666,368 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.02.01 14:40:44 | 002,514,560 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.12.02 17:36:06 | 000,070,912 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.10.15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004.03.17 17:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2001.01.08 03:53:24 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\AVG9\Firefox [2010.07.21 11:30:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.02.20 16:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.02.20 16:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: D:\Mozilla Firefox3.6\components [2010.09.09 09:45:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: D:\Mozilla Firefox3.6\plugins [2010.09.09 09:45:13 | 000,000,000 | ---D | M]

[2002.01.07 01:38:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\Mozilla\Extensions
[2010.09.09 16:36:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\Mozilla\Firefox\Profiles\8lhnf6te.default\extensions
[2010.04.28 19:09:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\Mozilla\Firefox\Profiles\8lhnf6te.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.05 15:34:26 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\Mozilla\Firefox\Profiles\8lhnf6te.default\searchplugins\conduit.xml
[2010.09.04 17:40:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\Mozilla\Firefox\Profiles\8lhnf6te.default\searchplugins\icqplugin-1.xml
[2010.05.09 19:13:17 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\Mozilla\Firefox\Profiles\8lhnf6te.default\searchplugins\icqplugin-2.xml
[2010.03.27 23:02:34 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\Mozilla\Firefox\Profiles\8lhnf6te.default\searchplugins\icqplugin.xml
[2010.02.15 12:46:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.02.19 16:23:42 | 000,001,487 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:23:42 | 000,001,779 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\clipfish.xml
[2010.02.19 16:23:42 | 000,001,013 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\conrad.xml
[2010.02.19 16:23:42 | 000,002,487 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\discount24.xml
[2010.02.19 16:23:42 | 000,000,860 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\ebay-de.xml
[2010.02.19 15:59:47 | 000,006,818 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:23:42 | 000,001,047 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\musicload.xml
[2010.02.19 16:23:42 | 000,002,120 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\myvideo.xml
[2010.02.19 16:23:42 | 000,002,023 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\otto.xml
[2010.02.19 16:23:42 | 000,000,758 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\quelle.xml
[2010.02.19 16:23:42 | 000,001,329 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\telefonbuch-de.xml
[2009.12.31 13:33:59 | 000,001,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 15:59:47 | 000,000,599 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
[2010.02.19 16:23:42 | 000,005,375 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yodl.xml

O1 HOSTS File: ([2004.08.10 21:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Snagit\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Programme\ivo\Expressivo\IH_iexplore.dll (IVO Software Sp. z o.o.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Programme\ivo\Expressivo\IH_iexplore.dll (IVO Software Sp. z o.o.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Snagit\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [_winadm] C:\WINDOWS\system32\winadm.exe (Müller)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Tracing Host] C:\Dokumente und Einstellungen\Maik\Desktop\Scene\Projekte\RAT\CyberGate v1.04.8\server.exe File not found
O4 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006..\Run: [NBJ] C:\Programme\Nero\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006..\Run: [Shell Services] C:\Dokumente und Einstellungen\Maik\Desktop\Scene\Projekte\RAT\CyberGate v1.04.8\server.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TrayMin210.exe.lnk = C:\Programme\Philips\Philips SPC210NC Webcam\TrayMin210.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Trace Update = C:\Dokumente und Einstellungen\Maik\Desktop\Scene\Projekte\RAT\CyberGate v1.04.8\server.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Trace Update = C:\Dokumente und Einstellungen\Maik\Desktop\Scene\Projekte\RAT\CyberGate v1.04.8\server.exe File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\ICQ7\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\ICQ7\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.01.06 17:33:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = xefile] -- "C:\WINDOWS\system32\Regsvr16.exe" "%1" %* ()

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010.09.09 19:57:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.09 19:57:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.09 19:57:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.09 17:34:22 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Maik\Recent
[2010.07.20 14:05:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Maik\Desktop\Praktikum Maik 2010
[2010.07.17 11:38:07 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.07.03 11:40:29 | 000,000,000 | ---D | C] -- C:\Programme\ICQ Contact Revealer
[2010.06.12 12:39:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\PriceGong
[2 C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010.09.09 20:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.09.09 19:43:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.09 19:43:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.09 19:43:32 | 000,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.09.09 19:41:28 | 013,893,632 | -H-- | M] () -- C:\Dokumente und Einstellungen\Maik\NTUSER.DAT
[2010.09.09 19:41:28 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Maik\ntuser.ini
[2010.09.09 17:19:09 | 064,468,357 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.09.09 12:51:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.09.08 00:16:40 | 001,070,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.08 00:16:40 | 000,458,766 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.09.08 00:16:40 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.08 00:16:40 | 000,084,280 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.09.08 00:16:40 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.04 10:37:34 | 000,076,560 | ---- | M] () -- C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.09.04 10:36:55 | 001,583,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.01 16:46:56 | 000,068,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.28 16:55:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.17 11:38:09 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.07.17 11:38:07 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.07.17 11:37:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.06.25 23:30:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.21 14:23:33 | 002,662,408 | -H-- | M] () -- C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.16 14:33:50 | 000,000,137 | ---- | M] () -- C:\WINDOWS\Readiris.ini
[2 C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.02.02 16:39:56 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2010.01.25 16:45:53 | 000,007,403 | ---- | C] () -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\SmarThruOptions.xml
[2009.12.28 17:32:13 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2009.12.28 17:31:54 | 000,000,137 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009.12.28 17:31:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009.12.28 17:29:23 | 000,094,208 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009.12.28 17:29:23 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009.12.28 17:29:22 | 000,086,016 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009.12.28 17:29:22 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2009.11.19 06:01:46 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2009.11.19 06:01:46 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2009.11.19 06:01:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2009.11.19 06:01:44 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2009.11.19 06:01:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2009.11.19 06:01:34 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sugw2l3.dll
[2009.10.15 21:44:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.10.03 11:56:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.10.03 11:56:34 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.06.08 18:17:22 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2009.03.30 14:47:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Mswinmask32.dll
[2009.01.11 22:18:19 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\$_hpcst$.hpc
[2009.01.05 22:04:45 | 000,000,505 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.12.04 21:31:07 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2008.12.04 21:31:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2008.12.04 21:27:41 | 000,003,953 | R--- | C] () -- C:\WINDOWS\System32\coinst.dll
[2008.12.04 21:27:40 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2008.11.24 20:45:46 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2008.11.24 20:45:45 | 000,494,557 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2008.11.24 20:45:44 | 000,566,624 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2008.11.24 20:45:44 | 000,519,912 | ---- | C] () -- C:\WINDOWS\System32\d3dx10.dll
[2008.11.24 20:05:38 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.11.05 15:30:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.11.02 00:19:21 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008.11.02 00:09:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008.11.02 00:09:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.10.23 13:39:28 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008.10.23 13:39:28 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008.10.23 13:39:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.08.27 21:22:44 | 000,068,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.07 22:14:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.07.28 19:49:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.09.02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.06.02 08:41:14 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\dwlGina2.dll
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002.01.06 20:16:13 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2002.01.06 17:37:39 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.02.19 16:57:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2009.09.03 13:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX
[2010.02.19 16:41:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008.08.01 16:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2002.01.06 18:02:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2010.02.02 20:10:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Metacafe
[2009.03.03 20:34:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU
[2010.02.18 15:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2008.08.01 16:11:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.12.12 15:46:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2008.07.28 19:28:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2009.09.10 14:21:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2009.12.21 22:37:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.06.14 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.09.23 14:59:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.08.17 13:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.02.19 19:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TeamViewer
[2010.09.09 19:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\FileZilla
[2009.03.03 19:17:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\GoodSync
[2010.09.07 14:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\ICQ
[2010.04.27 19:07:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\MSNInstaller
[2009.12.31 13:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\OCS
[2009.12.31 13:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\Opera
[2008.08.02 16:14:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\PC Suite
[2010.08.10 22:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\PriceGong
[2006.06.10 04:17:22 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\scvhost
[2009.12.31 13:34:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\soul.im
[2009.06.03 19:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\SumatraPDF
[2010.04.26 21:00:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\TeamViewer
[2009.10.04 15:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\TuneUp Software
[2009.01.07 22:40:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\GoodSync
[2009.01.07 22:16:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\GoPal Assistant
[2010.07.15 11:13:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\ICQ
[2010.07.15 12:37:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\kikin
[2008.08.03 02:34:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\PC Suite
[2010.07.15 12:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\PriceGong
[2009.12.28 17:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\SmarThru4
[2009.06.09 19:05:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\SumatraPDF
[2008.07.28 19:29:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\T-Online
[2009.07.26 20:39:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\TuneUp Software
[2010.09.09 20:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 134 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:671329E4
< End of report >

09.09.2010, 20:32

gangren

Member

Beiträge: 420

#8 Es fehlt noch die Extras.txt

09.09.2010, 20:33

Virenproblemo

Member

Themenstarter

Beiträge: 36

#9 OTL Extras logfile created on: 09.09.2010 19:45:58 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Maik\Desktop\VirenTrojaner Scanner
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 12,15 Gb Free Space | 24,89% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 151,94 Gb Free Space | 81,55% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 44,80 Gb Free Space | 91,74% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 40,34 Gb Free Space | 82,62% Space Free | Partition Type: NTFS
Drive G: | 39,82 Gb Total Space | 28,41 Gb Free Space | 71,36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIK-E390DD33B9
Current User Name: Maik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = xefile] -- C:\WINDOWS\System32\Regsvr16.exe ()

[HKEY_USERS\S-1-5-21-1085031214-1801674531-725345543-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox3.6\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC.Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC.Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"4321:TCP" = 4321:TCP:*:Enabled:CyberGate
"4321:UDP" = 4321:UDP:*:Enabled:Cybergate
"1049:TCP" = 1049:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\COMBANT MAIK SPIEL\Combat Arms EU\CombatArms.exe" = E:\COMBANT MAIK SPIEL\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"E:\COMBANT MAIK SPIEL\Combat Arms EU\Engine.exe" = E:\COMBANT MAIK SPIEL\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\ICQ7\ICQ7.0\ICQ.exe" = D:\ICQ7\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"D:\ICQ7\ICQ7.0\aolload.exe" = D:\ICQ7\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Programme\Metin2_Germany\metin2.bin" = C:\Programme\Metin2_Germany\metin2.bin:*

isabled:metin2 -- ()
"F:\Metin2\metin2.bin" = F:\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Senstic\Air Cam\AirCamWin.exe" = C:\Programme\Senstic\Air Cam\AirCamWin.exe:*:Enabled:Air Cam Live Video - PC Control -- (Senstic)
"C:\Programme\RealVNC\VNC4\vncviewer.exe" = C:\Programme\RealVNC\VNC4\vncviewer.exe:*:Enabled:vncviewer -- (RealVNC Ltd.)
"C:\Programme\RealVNC\VNC4\winvnc4.exe" = C:\Programme\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4 -- (RealVNC Ltd.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"F:\Metin2\metin2client.bin" = F:\Metin2\metin2client.bin:*

isabled:metin2client -- ()
"D:\ICQ7\ICQ7.0\ICQ.exe" = D:\ICQ7\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"D:\ICQ7\ICQ7.0\aolload.exe" = D:\ICQ7\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"D:\AVG9\avgupd.exe" = D:\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"D:\AVG9\avgnsx.exe" = D:\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Pserver\Aeromt2\AeRoMT2 Starter.exe" = D:\Pserver\Aeromt2\AeRoMT2 Starter.exe:*

isabled:AeRoMT2 Starter -- File not found
"D:\PServer\Aeromt2\metin2.bin" = D:\PServer\Aeromt2\metin2.bin:*:Enabled:metin2 -- File not found
"C:\Dokumente und Einstellungen\Maik\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Dokumente und Einstellungen\Maik\temp\TeamViewer\Version5
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\STEAM\steamapps\markus_cs801\counter-strike\hl.exe" = D:\STEAM\steamapps\markus_cs801\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24E3FB60-4589-45A1-9C7D-19184D1368FC}" = ATI MCE Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = AcronisMigrateEasy
"{38D95956-E92C-4473-904B-CD877EA04410}" = Philips SPC210NC Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49FC50FC-F965-40D9-89B4-CBFF80941PLK}" = Windows Movie Maker 2.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{5DC02603-6642-11D3-80AC-00C04F348408}" = Word in Works Suite-Add-In
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86EC42B5-346E-4BAB-948D-58E021EA4BD1}" = ATI Catalyst Control Center
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}" = PC Connectivity Solution
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1331002-62A6-4CE3-A519-B1F293DE22E5}" = JavaServer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{ADDD6985-3A28-44D0-A1BA-FDD19A820491}" = SnagIt 9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF4E46F4-B5DE-4578-9617-C6ECBEFE385D}" = Air Cam
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Expressivo" = Expressivo
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.3.2.1
"FLV Player" = FLV Player 2.0 (build 25)
"GMX ProfiFax" = GMX ProfiFax
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medion GoPal Assistant" = Medion GoPal Assistant 3.00.0385
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealVNC_is1" = VNC Free Edition 4.1.3
"SmarThru PC Fax" = SmarThru PC Fax
"Steam App 10" = Counter-Strike
"SumatraPDF" = Sumatra PDF reader
"SysadmV10" = Sysadm
"TISV10" = Tis
"TRIXX" = Sapphire TRIXX
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works2kSetup" = Microsoft Works 2000-Setup-Start
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 02.09.2010 12:45:11 | Computer Name = MAIK-E390DD33B9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 03.09.2010 09:02:00 | Computer Name = MAIK-E390DD33B9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 03.09.2010 09:02:01 | Computer Name = MAIK-E390DD33B9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3855,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.

Error - 03.09.2010 16:28:47 | Computer Name = MAIK-E390DD33B9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung steam.exe, Version 1.0.868.88, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 03.09.2010 16:28:47 | Computer Name = MAIK-E390DD33B9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung steam.exe, Version 1.0.868.88, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 05.09.2010 13:13:33 | Computer Name = MAIK-E390DD33B9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 06.09.2010 06:55:27 | Computer Name = MAIK-E390DD33B9 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 06.09.2010 15:06:42 | Computer Name = MAIK-E390DD33B9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 06.09.2010 15:06:43 | Computer Name = MAIK-E390DD33B9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3855,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.

Error - 09.09.2010 09:12:51 | Computer Name = MAIK-E390DD33B9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3888,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.

[ System Events ]
Error - 09.09.2010 11:19:11 | Computer Name = MAIK-E390DD33B9 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Error - 09.09.2010 11:19:11 | Computer Name = MAIK-E390DD33B9 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Error - 09.09.2010 11:19:11 | Computer Name = MAIK-E390DD33B9 | Source = atapi | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Ide\IdePort2 gefunden.

Error - 09.09.2010 11:19:11 | Computer Name = MAIK-E390DD33B9 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Error - 09.09.2010 11:19:11 | Computer Name = MAIK-E390DD33B9 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Error - 09.09.2010 11:19:11 | Computer Name = MAIK-E390DD33B9 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Error - 09.09.2010 11:19:12 | Computer Name = MAIK-E390DD33B9 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Error - 09.09.2010 11:19:12 | Computer Name = MAIK-E390DD33B9 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Error - 09.09.2010 13:44:03 | Computer Name = MAIK-E390DD33B9 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "G:" aus.

Error - 09.09.2010 13:44:03 | Computer Name = MAIK-E390DD33B9 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "G:" aus.

< End of report >

09.09.2010, 20:39

gangren

Member

Beiträge: 420

#10 1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\..\URLSearchHook: - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [_winadm] C:\WINDOWS\system32\winadm.exe (Müller)
O4 - HKLM..\Run: [Tracing Host] C:\Dokumente und Einstellungen\Maik\Desktop\Scene\Projekte\RAT\CyberGate v1.04.8\server.exe File not found
O4 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006..\Run: [Shell Services] C:\Dokumente und Einstellungen\Maik\Desktop\Scene\Projekte\RAT\CyberGate v1.04.8\server.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Trace Update = C:\Dokumente und Einstellungen\Maik\Desktop\Scene\Projekte\RAT\CyberGate v1.04.8\server.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1085031214-1801674531-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Trace Update = C:\Dokumente und Einstellungen\Maik\Desktop\Scene\Projekte\RAT\CyberGate v1.04.8\server.exe File not found
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
@Alternate Data Stream - 134 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:671329E4

:Commands
[purity]
[emptytemp]
[emptyflash]

und klicke auf Fix. Unter Umständen ist ein Neustart notwendig. Poste bitte das Fix Log.

2. RootRepeal
http://sites.google.com/site/rootrepeal/
Starte RootRepeal.
Beende alle anderen Programme.
Gehe unten auf den Reiter Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Falls gefragt, wähle Laufwerk C:
Bestätige mit OK.
Am Ende des Scans wird ein Log eingeblendet, poste es bitte.

10.09.2010, 14:30

Virenproblemo

Member

Themenstarter

Beiträge: 36

#11 Bei OTl kommt kein Log. Computer wurde neugestartet,
jedoch war es für mich schon zu spät. Jetzt schau ich in meinen Ordner,
OTL ist weg. Und in jeden Ordner sind bleiche Ordner.
Thumps.db /Desktop.ini

10.09.2010, 16:04

gangren

Member

Beiträge: 420

#12 Sieh bitte nach, ob es den Ordner C:\_OTL gibt, in diesem sollte auch das Log zu finden sein. Falls es den Ordner nicht gibt, hol erneut OTL und wiederhole den Schritt. Bitte diesmal auch auf "Fix" klicken, nicht auf "Bereinigung".

Übrigens: war oder ist ein Programm namens Parents Friend auf dem PC?

10.09.2010, 16:17

Virenproblemo

Member

Themenstarter

Beiträge: 36

#13 All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1801674531-725345543-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\_winadm deleted successfully.
Invalid CLSID key: _winadm
C:\WINDOWS\system32\winadm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Tracing Host deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-1801674531-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Shell Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Trace Update deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1801674531-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1085031214-1801674531-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-1801674531-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Trace Update deleted successfully.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:671329E4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Maik
->Temp folder emptied: 816908 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44591658 bytes
->Flash cache emptied: 2578548 bytes

User: Matti -Admin-
->Apple Safari cache emptied: 16284672 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1097360 bytes

User: Papa
->Temp folder emptied: 21226695 bytes
->Temporary Internet Files folder emptied: 13161704 bytes
->Java cache emptied: 24714547 bytes
->FireFox cache emptied: 85920927 bytes
->Flash cache emptied: 32260 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 490000 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 116720008 bytes

Total Files Cleaned = 313,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Maik
->Flash cache emptied: 0 bytes

User: Matti -Admin-

User: NetworkService

User: Papa
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <Quelle: http://board.protecus.de/t40325.htm#345174#ixzz0z3je9Xl3> in the current context!

OTL by OldTimer - Version 3.2.11.0 log created on 09092010_204207

Ja, ich denke schon. Ist/war zur Sicherheit meines Sohnes da.
Leider habe ich die Zugriffskombination vergessen, somit habe ich leider keinen Zugriff mehr.
Es sollte dazu dienen, dass mein jüngster Sohn nicht auf "jugendfreie" Seiten gelangt.

10.09.2010, 16:34

Virenproblemo

Member

Themenstarter

Beiträge: 36

#14 ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/10 16:27
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB07C5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79DF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE41D000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\dokumente und einstellungen\all users\anwendungsdaten\avg9\chjw\869351d5-baab-4b24-bd98-0108e46ab6a4.cm-2-p.dat
Status: Allocation size mismatch (API: 589824, Raw: 0)

Path: c:\dokumente und einstellungen\all users\anwendungsdaten\avg9\chjw\4cf4bbd8f4bbc28e\35821b04-9f7d-418b-9e7c-cd8cade363ae
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\dokumente und einstellungen\all users\anwendungsdaten\avg9\chjw\4cf4bbd8f4bbc28e\4d4e836c-8568-47e4-b072-2da3c0a04b98
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\dokumente und einstellungen\all users\anwendungsdaten\avg9\chjw\6485696485683f9\06e86e4d-9093-4136-98f0-62c7979cde1c
Status: Allocation size mismatch (API: 328, Raw: 0)

Path: c:\dokumente und einstellungen\all users\anwendungsdaten\avg9\chjw\6485696485683f9\7e3d5f49-4a01-4bbd-b80f-28b6323bd459
Status: Allocation size mismatch (API: 328, Raw: 0)

Path: c:\dokumente und einstellungen\all users\anwendungsdaten\avg9\chjw\6485696485683f9\adaa09d7-e2d0-46cd-ae19-a2dae51b27ed
Status: Allocation size mismatch (API: 480, Raw: 0)

==EOF==

10.09.2010, 17:53

gangren

Member

Beiträge: 420

#15 Wir werden sehen, ob wir das Programm töten können (falls mit dem OTL-Script noch nicht geschehen, glaube aber nicht, dass es so einfach geht), die Probleme könnten von diesem Programm ausgehen, sagt mir zumindest Google.

Dann weiter:

Arbeite bitte diese Anleitung ab und poste das Log:
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3 4