IE und Firefox stürzen sofort nach dem Starten ab! Syswiederherst. nicht möglich

#1 Guten Morgen. habe seit gestern folgendes Problem.

Sowohl mein IE als auch Firefox stürzen sofort nach dem Starten ab.

Eine Systemwiederherstellung ist nicht möglich da angeblich alle Kontrollpunkte Fehlerhaft sind.

Hier die OTL.txt

Code

OTL logfile created on: 27.07.2011 09:58:02 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\FresH\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,28% Memory free
6,19 Gb Paging File | 4,88 Gb Available in Paging File | 78,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 137,31 Gb Free Space | 45,26% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 194,09 Gb Free Space | 41,67% Space Free | Partition Type: NTFS
Drive E: | 150,69 Gb Total Space | 99,05 Gb Free Space | 65,73% Space Free | Partition Type: NTFS
Drive F: | 702,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FRESH0R | User Name: FresH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\FresH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Safari\Safari.exe (Apple Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\dcmsvc\dcmsvc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems, Ltd.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\FresH\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20081127.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mmo-champion.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\FresH\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.29 09:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.29 09:04:10 | 000,000,000 | ---D | M]
 
[2009.09.04 14:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FresH\AppData\Roaming\mozilla\Extensions
[2009.09.04 14:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FresH\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.01.04 16:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FresH\AppData\Roaming\mozilla\Firefox\Profiles\dza4tt2t.Andre\extensions
[2011.01.03 16:03:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\FresH\AppData\Roaming\mozilla\Firefox\Profiles\dza4tt2t.Andre\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.02 20:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FresH\AppData\Roaming\mozilla\Firefox\Profiles\rzciau38.default\extensions
[2010.08.08 10:03:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\FresH\AppData\Roaming\mozilla\Firefox\Profiles\rzciau38.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.28 12:50:48 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\FresH\AppData\Roaming\mozilla\Firefox\Profiles\rzciau38.default\extensions\DeviceDetection@logitech.com
[2011.07.27 09:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FresH\AppData\Roaming\mozilla\Firefox\Profiles\v9c18hdt.FresH\extensions
[2011.03.15 18:56:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\FresH\AppData\Roaming\mozilla\Firefox\Profiles\v9c18hdt.FresH\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.21 19:18:32 | 000,000,000 | ---D | M] (vShare) -- C:\Users\FresH\AppData\Roaming\mozilla\Firefox\Profiles\v9c18hdt.FresH\extensions\vshare@toolbar
[2010.12.27 17:45:23 | 000,000,961 | ---- | M] () -- C:\Users\FresH\AppData\Roaming\Mozilla\Firefox\Profiles\rzciau38.default\searchplugins\icqplugin-1.xml
[2010.12.29 09:20:29 | 000,000,961 | ---- | M] () -- C:\Users\FresH\AppData\Roaming\Mozilla\Firefox\Profiles\rzciau38.default\searchplugins\icqplugin-2.xml
[2010.12.22 21:15:24 | 000,000,168 | ---- | M] () -- C:\Users\FresH\AppData\Roaming\Mozilla\Firefox\Profiles\rzciau38.default\searchplugins\icqplugin.gif
[2010.12.22 21:15:24 | 000,000,618 | ---- | M] () -- C:\Users\FresH\AppData\Roaming\Mozilla\Firefox\Profiles\rzciau38.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\FresH\AppData\Roaming\Mozilla\Firefox\Profiles\rzciau38.default\searchplugins\icqplugin.xml
[2011.03.30 12:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.15 17:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.31 16:50:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.30 12:06:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008.09.04 20:44:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.29 18:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.31 06:16:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.10.09 13:58:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010.10.15 17:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.31 16:50:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.06.29 09:03:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.29 09:03:58 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.29 09:03:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.29 09:03:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.29 09:03:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dcmsvc] C:\Programme\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [Device Detector]  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [recinfo707] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [isuc.exe] C:\Users\FresH\AppData\Roaming\Inik\isuc.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\FresH\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\FresH\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0019640e-cd72-11dd-afc7-001e9002478b}\Shell - "" = AutoRun
O33 - MountPoints2\{0019640e-cd72-11dd-afc7-001e9002478b}\Shell\AutoRun\command - "" = N:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.07.26 14:08:47 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\FresH\Desktop\OTL.exe
[2011.07.26 13:41:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.11 11:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.07.08 19:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.08 19:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.08 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.10.29 15:21:41 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe6B7A.dll
[2009.09.07 22:04:32 | 000,016,384 | ---- | C] (SM Software) -- C:\Users\FresH\AppData\Roaming\onload.exe
[2009.05.16 03:55:40 | 168,857,432 | ---- | C] (Sony Creative Software Inc.) -- C:\Users\FresH\AppData\Roaming\vegaspro90_32bit.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\FresH\AppData\Local\*.tmp files -> C:\Users\FresH\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.07.27 09:31:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.27 09:29:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.27 09:29:37 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2011.07.27 09:29:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.27 09:29:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.27 09:29:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.27 09:29:12 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.27 09:29:06 | 257,261,031 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.26 23:45:36 | 000,111,616 | ---- | M] () -- C:\Users\FresH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.26 22:41:23 | 000,024,546 | ---- | M] () -- C:\Users\FresH\Desktop\logs.rar
[2011.07.26 22:32:51 | 000,000,000 | ---- | M] () -- C:\Users\FresH\AppData\Local\{409B53EF-6B26-45B1-B44C-BE6C72FD8DB3}
[2011.07.26 14:17:51 | 000,000,060 | ---- | M] () -- C:\Users\FresH\Desktop\n5n4qv80.URL
[2011.07.26 14:15:57 | 000,314,708 | ---- | M] () -- C:\Users\FresH\AppData\Local\census.cache
[2011.07.26 14:15:31 | 000,232,655 | ---- | M] () -- C:\Users\FresH\AppData\Local\ars.cache
[2011.07.26 14:03:39 | 000,000,036 | ---- | M] () -- C:\Users\FresH\AppData\Local\housecall.guid.cache
[2011.07.26 13:32:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\FresH\Desktop\OTL.exe
[2011.07.26 13:31:11 | 000,000,000 | ---- | M] () -- C:\Users\FresH\defogger_reenable
[2011.07.26 13:30:55 | 000,050,477 | ---- | M] () -- C:\Users\FresH\Desktop\Defogger.exe
[2011.07.16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\FresH\Desktop\gmer.exe
[2011.07.15 20:57:58 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.15 20:57:58 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.15 20:57:58 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.15 20:57:58 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.08 19:58:36 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\FresH\AppData\Local\*.tmp files -> C:\Users\FresH\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.07.26 22:41:23 | 000,024,546 | ---- | C] () -- C:\Users\FresH\Desktop\logs.rar
[2011.07.26 22:32:51 | 000,000,000 | ---- | C] () -- C:\Users\FresH\AppData\Local\{409B53EF-6B26-45B1-B44C-BE6C72FD8DB3}
[2011.07.26 14:18:27 | 000,302,592 | ---- | C] () -- C:\Users\FresH\Desktop\gmer.exe
[2011.07.26 14:17:51 | 000,000,060 | ---- | C] () -- C:\Users\FresH\Desktop\n5n4qv80.URL
[2011.07.26 14:15:57 | 000,314,708 | ---- | C] () -- C:\Users\FresH\AppData\Local\census.cache
[2011.07.26 14:15:31 | 000,232,655 | ---- | C] () -- C:\Users\FresH\AppData\Local\ars.cache
[2011.07.26 14:03:39 | 000,000,036 | ---- | C] () -- C:\Users\FresH\AppData\Local\housecall.guid.cache
[2011.07.26 13:31:11 | 000,000,000 | ---- | C] () -- C:\Users\FresH\defogger_reenable
[2011.07.26 13:30:53 | 000,050,477 | ---- | C] () -- C:\Users\FresH\Desktop\Defogger.exe
[2011.07.08 19:58:36 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.01.21 17:12:26 | 000,407,552 | ---- | C] () -- C:\Users\FresH\AppData\Local\feacsw.exe
[2011.01.14 13:41:43 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2009.09.22 23:04:46 | 000,139,152 | ---- | C] () -- C:\Users\FresH\AppData\Roaming\PnkBstrK.sys
[2009.09.22 23:04:27 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.08.09 03:29:27 | 000,000,760 | ---- | C] () -- C:\Users\FresH\AppData\Roaming\setup_ldm.iss
[2009.05.28 13:47:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.16 14:52:05 | 000,002,032 | ---- | C] () -- C:\Users\FresH\AppData\Local\d3d9caps.dat
[2008.09.04 21:46:30 | 000,037,888 | ---- | C] () -- C:\Windows\System32\AVIwrap.dll
[2008.09.04 21:46:28 | 000,073,216 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.09.04 21:46:26 | 000,105,472 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008.09.04 21:46:26 | 000,092,672 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008.09.04 21:46:26 | 000,090,624 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008.09.04 21:46:26 | 000,021,504 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008.09.04 21:46:23 | 000,132,096 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.09.04 21:46:23 | 000,028,672 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008.09.04 21:46:23 | 000,008,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008.09.04 21:46:21 | 000,077,664 | ---- | C] () -- C:\Windows\System32\IR21_R.DLL
[2008.09.04 21:46:21 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008.09.04 21:46:20 | 000,180,736 | ---- | C] () -- C:\Windows\System32\vfcodec.dll
[2008.09.04 21:46:19 | 000,202,240 | ---- | C] () -- C:\Windows\System32\XviD.dll
[2008.09.04 21:46:18 | 000,039,936 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2008.09.04 16:41:51 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.09.04 14:30:46 | 000,111,616 | ---- | C] () -- C:\Users\FresH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.04 13:47:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.09.04 13:23:23 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 17:33:31 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,297,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,609,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,726 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009.01.03 04:46:47 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\ACD Systems
[2011.07.24 14:23:08 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\Ahtit
[2009.11.16 12:45:50 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\Amazon
[2011.06.13 20:02:54 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\Azureus
[2011.06.14 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\calibre
[2010.02.28 16:22:33 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.02.28 19:54:00 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\DVDVideoSoft
[2010.11.03 03:55:49 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.07.09 16:13:27 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\Electronic Arts
[2011.07.23 20:32:20 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\ICQ
[2011.05.25 17:37:57 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\Inik
[2009.08.09 03:29:37 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\Leadertech
[2010.11.19 13:55:57 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\LimeWire
[2010.10.14 17:18:41 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\LolClient
[2011.07.26 22:49:21 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\Mumble
[2010.10.30 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\MyPhoneExplorer
[2009.02.02 13:27:14 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\NoNameScript
[2009.10.16 13:11:27 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\Publish Providers
[2011.01.20 01:00:40 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\QIP
[2009.10.16 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\Sony
[2011.01.14 23:16:25 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\TrojanHunter
[2010.08.22 20:22:33 | 000,000,000 | ---D | M] -- C:\Users\FresH\AppData\Roaming\TS3Client
[2011.07.27 09:29:37 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job
[2011.07.26 13:45:37 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

und die Extras.txt

Code

OTL Extras logfile created on: 26.07.2011 13:33:21 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\FresH\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,44% Memory free
6,19 Gb Paging File | 5,05 Gb Available in Paging File | 81,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 129,71 Gb Free Space | 42,76% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 194,09 Gb Free Space | 41,67% Space Free | Partition Type: NTFS
Drive E: | 150,69 Gb Total Space | 99,05 Gb Free Space | 65,73% Space Free | Partition Type: NTFS
Drive F: | 702,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FRESH0R | User Name: FresH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17AFC557-EC76-4A53-A94F-4B3644C75CF4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2C28125A-125F-4048-835C-42DCE6B80CAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3007434F-D353-4FB3-8A0F-2C80FD8F0E3A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{35C00DF8-F306-43B5-9FFD-6FD7D810C864}" = rport=445 | protocol=6 | dir=out | app=system | 
"{41B01A62-FC02-4923-B44A-8681A619230D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5B74BA5F-7D3C-4507-AEE6-F96062D31580}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{62DFC9AE-4FAF-4582-873F-B4F05A0F7916}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8F457B08-BDF8-440C-B104-938CCF65D428}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9E0ED565-197F-4A5A-9E3D-781E0205F375}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A4A70A71-AC84-4A23-9DBE-4D5F4B05C383}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A815E44E-3C95-4536-922C-A1502189DCB6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A90DE1E6-A20F-40B4-B5B0-FAF03EEA8DE0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AF870332-3C85-43F4-9EE1-F3FBC196631C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B3341EDB-7B26-4274-8CF9-4409B6C9BB7E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C67C00A9-4482-41B4-9D4C-7713F3B8610D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CEB6CE99-5D92-4980-BF64-D7134EF4FA9F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D0C91EF2-E11F-42FC-9325-E05899775CB8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FAB2B393-AC39-4AFB-8EEF-81FA65A53065}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04389086-582F-469A-BD63-A02345DC8ACC}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{055472BD-92AB-417C-9D94-FF1222869D9C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0CA50644-F5B0-43A3-885A-30387038D423}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{23E90D71-C1D0-4806-ADB3-E74362E0C168}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{27660887-3CCA-4459-8742-E55B889227C2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{3EFDF547-67A4-48CF-BFE4-90FE335D84DF}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{3F74552B-5850-480F-9A4D-9572C4804A43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{400CE12D-3E46-423D-9E8A-6AED498A0447}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4A93A12A-EF56-4B69-ACE2-FD1942146825}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4F993081-6E4D-4E50-8457-A8D264C47993}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{57AD77BD-59E1-4E06-A148-6738393269B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{57D1B224-640C-48B8-9376-FA98AC7BC626}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{586BC47E-C2B5-4DE0-9523-88AA0D508A16}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5974D779-CD05-41DC-85F1-DAD5245A90E8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5BD14E57-2A3E-4F2B-96E3-4EB3229937E9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5C1F07B5-91A4-469D-B48D-9F656EF96B32}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe | 
"{6D4D8947-6CE5-4FB8-B71B-0DC7B8761DC9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{6EEE7839-E0F4-4918-A54D-9C1DD35252B2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7A7FD7E4-9EE0-45BE-9937-433BEF0AD479}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7A990B5E-56E6-4AED-A007-F9B5E1D02FBF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8CB0416A-52A9-4507-8E9B-4C09A9BC1BB2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{90CA0F9B-58EA-4AE7-9695-F2F96653E3D3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{965EF3CE-68D8-4B33-B992-C01094108BA8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{99A6A692-E970-4F02-8F49-73497F42CA91}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{AA921487-8DAC-4330-B7FC-37E2C2716730}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AD9A92D9-06F4-4EC5-BC35-EE93E90A7091}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B4952E81-BCD4-4CE2-98E3-77C66F5EDE4D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | 
"{B5F7A751-0FA8-407F-84A0-A20F5D1DA852}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe | 
"{B69659AC-6FD9-46B7-A656-D59BC77C7A5E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BBFCDA9C-8B6F-413B-AC08-70872AE8DEFF}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{BD0B96BA-5C53-425F-BECE-0A4C9558540A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | 
"{BD27B900-1B95-4ADD-BF34-5BDC36DCBB6C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D0384C5A-7A5D-4D4C-A2DF-81CF8DE4DE02}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D10592CB-C991-4ECB-8B5F-23B39C473C34}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{D2C9BEFF-14D0-4716-8992-1F26061340E1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{E395142F-9E15-4E63-BC0F-E4D60A8FC887}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F090F932-0F16-4A2C-A75B-BE909819DB1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F6932ED4-0772-4220-8C28-0403C89B735E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FEB4D7D9-5702-46FF-9E5C-AEE1195A0D47}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"TCP Query User{08D9CD25-4273-47A0-ABF7-04686F4C97A8}E:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"TCP Query User{0FC623F3-C494-4E20-A12B-1DC76DDAE34B}E:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"TCP Query User{27F86A2F-0467-4331-BA22-DF7E173EA179}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{2CD3C430-D33B-4846-8AB4-F95F11B76495}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{382A5B40-F44C-4BAE-B203-3CF1ABB67A73}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{496C6791-16F0-4667-A911-73102084888A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{5514037A-E401-44B2-A2DD-1CDB9A3A0952}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{713C23A4-6BE0-4A78-88FE-79D7ABB68DE0}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{C6717DED-1B30-4EBD-8BA5-184C08F55E8B}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{C7E84DE9-2B1B-4E17-8958-7B26285F0AB9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{0115B0A3-A0CC-4641-AA11-00E2C8D39C30}E:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"UDP Query User{03943955-35E0-4D49-9521-E508703DF958}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{07768760-EF50-4931-AD2D-6638952482DF}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{2044B850-2A6A-4FB5-9061-95E6C4C63C7A}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{2AB77081-C0A6-4F65-9F4A-773C4F5CDFC6}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{4CF8F55F-6164-4C39-B0E2-B859F9F3ABAF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{6EC65937-E00D-4808-BBD8-A858721679A2}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{8B5A1BB2-7E6A-4545-A71A-82502297E8FC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{8E6B8811-DB60-4BE1-A8AD-8D47B622AA6E}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{AE97A0DB-1851-47A9-BE8E-D48E0B163756}E:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A6E3503-6E94-4A8C-B158-B7A4C5C29C22}" = calibre
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B8D26D-5D6D-21D5-0366-3664E5DE3471}" = ATI Catalyst Install Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AE80641A-0C8D-4670-A518-B4EC154B1027}" = ACDSee 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DCFF9230-22DC-40ED-BBCC-0F260B85734C}" = Tsunami-Filter-Pack
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"dcmsvc_is1" = dcmsvc 1.0
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"Fraps" = Fraps (remove only)
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 5.2.13
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MPE" = MyPhoneExplorer
"Mumble" = Mumble and Murmur
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2004" = Unreal Tournament 2004
"Veetle TV" = Veetle TV 0.9.18
"VentriloMix1.2" = VentriloMix
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"Vuze" = Vuze
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NoNameScript" = NoNameScript
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 13.07.2011 19:29:57 | Computer Name = FresH0r | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0xec0, 
Anwendungsstartzeit 01cc4071d3abcafb.
 
Error - 15.07.2011 07:29:24 | Computer Name = FresH0r | Source = WerSvc | ID = 5007
Description = 
 
Error - 16.07.2011 09:49:31 | Computer Name = FresH0r | Source = WerSvc | ID = 5007
Description = 
 
Error - 16.07.2011 19:19:45 | Computer Name = FresH0r | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0xfa0, 
Anwendungsstartzeit 01cc43b6d65a2f39.
 
Error - 25.07.2011 08:20:38 | Computer Name = FresH0r | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0xfd0, 
Anwendungsstartzeit 01cc4ac110dda035.
 
Error - 25.07.2011 08:50:15 | Computer Name = FresH0r | Source = WerSvc | ID = 5007
Description = 
 
Error - 25.07.2011 10:02:51 | Computer Name = FresH0r | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.17037, Zeitstempel
 0x4b9658a0, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x04464afe,  Prozess-ID 0x1e58, Anwendungsstartzeit
 01cc4ad384716795.
 
Error - 25.07.2011 10:03:25 | Computer Name = FresH0r | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.17037, Zeitstempel
 0x4b9658a0, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x051f5d65,  Prozess-ID 0x1de0, Anwendungsstartzeit
 01cc4ad3997e0bc5.
 
Error - 26.07.2011 07:05:27 | Computer Name = FresH0r | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.17037, Zeitstempel
 0x4b9658a0, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x03365d65,  Prozess-ID 0x1064, Anwendungsstartzeit
 01cc4b83e8e8556f.
 
Error - 26.07.2011 07:07:09 | Computer Name = FresH0r | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.17037, Zeitstempel
 0x4b9658a0, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x05045d65,  Prozess-ID 0x1e2c, Anwendungsstartzeit
 01cc4b842691db2f.
 
[ System Events ]
Error - 22.07.2011 06:46:10 | Computer Name = FresH0r | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom5 ist für den Zugriff noch nicht bereit.
 
Error - 22.07.2011 06:46:10 | Computer Name = FresH0r | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom5 ist für den Zugriff noch nicht bereit.
 
Error - 22.07.2011 06:46:10 | Computer Name = FresH0r | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom5 ist für den Zugriff noch nicht bereit.
 
Error - 24.07.2011 04:41:46 | Computer Name = FresH0r | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Optiarc DVD-ROM DDU1671S ATA Device" (IDE\CdRomOptiarc_DVD-ROM_DDU1671S________________1.81____\5&1d6fd7e8&0&1.0.0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 24.07.2011 04:41:45 | Computer Name = FresH0r | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom7 ist für den Zugriff noch nicht bereit.
 
Error - 24.07.2011 04:41:45 | Computer Name = FresH0r | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom7 ist für den Zugriff noch nicht bereit.
 
Error - 24.07.2011 04:41:45 | Computer Name = FresH0r | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom7 ist für den Zugriff noch nicht bereit.
 
Error - 25.07.2011 07:50:37 | Computer Name = FresH0r | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.07.2011 07:01:59 | Computer Name = FresH0r | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.07.2011 07:12:08 | Computer Name = FresH0r | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Beim Scan von Gmer stürzt der Rechner ab.

Vielen Dank schonmal jetzt für die Hilfe

#2 Du bist kein Freund von Windows-Updates, oder? Und Du bist auch sonst kein Freund von Updates, oder?

Ansonsten wüsste ich nicht, warum Du weder das SP2 von Vista, noch die aktuellen (und ohne aktuelle kritische Sicherheitslücken) Versionen von bspw. Adobe Reader oder Java installiert hast. Der Internet Explorer ist veraltet und auch der Firefox ist nicht mehr aktuell (wobei mit Version 3.6.18 eine fast aktuelle Version der 3.6er-Reihe installiert ist).

Dein PC ist infiziert, die Infektion ist sehr wahrscheinlich über eine Sicherheitslücke, die Du nicht gestopft hast, auf Deinen PC gelangt. Wie aktuell ist Dein Virenscanner? Sind die aktuellen Virendefinitionen (von heute) installiert und welche Version von Norton ist installiert?

Du hattest mal Malwarebytes AntiMalware installiert. Installiere es erneut und führe einen ausführlichen Scan damit durch. Poste hier bitte die Log-Datei.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#3 Guten Morgen. Also ich habe im Update Center täglich nach Updates suchen und auch automatisch installieren an. Daher bin ich davon ausgegangen, dass dies auch so passiert. SP 2 wird nach dem Scan von Malewarebytes AntiMalware drauf geworfen.

IE benutze ich NIE, ich hab es nur versucht nachdem Firefox nicht ging.

Code

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7308

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

28.07.2011 13:06:26
mbam-log-2011-07-28 (13-06-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 339015
Laufzeit: 1 Stunde(n), 13 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\IMSIDE1EGATE.APPLICATION.1 (Adware.Mywebsearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\(default) (Adware.Mywebsearch) -> Value: (default) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\FresH\AppData\Local\feacsw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\FresH\downloads\u999\u999.exe (Trojan.Downloader.PS) -> Quarantined and deleted successfully.

#4 Sieht doch schon mal fein aus. Ich bin jedoch in Eile und könnte frühestens am Sonntag hier weitermachen. Ich hoffe, einer der anderen Profis kümmert sich weiter um Dich.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#5 Also SP 2 ist nun drauf, das Problem besteht weiterhin.

Danke schonmal für die Hilfe, ich wart dann wohl bis Sonntag

#6 Hallo, ich werde für Gool Übernehmen.

Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
O4 - HKCU..\Run: [isuc.exe] C:\Users\FresH\AppData\Roaming\Inik\isuc.exe ()
O33 - MountPoints2\{0019640e-cd72-11dd-afc7-001e9002478b}\Shell - "" = AutoRun
O33 - MountPoints2\{0019640e-cd72-11dd-afc7-001e9002478b}\Shell\AutoRun\command - "" = N:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[2011.01.21 17:12:26 | 000,407,552 | ---- | C] () -- C:\Users\FresH\AppData\Local\feacsw.exe
[2011.07.26 14:17:51 | 000,000,060 | ---- | C] () -- C:\Users\FresH\Desktop\n5n4qv80.URL
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Commands
[purity]
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
• nichts am Rechner getan werden,
• nach jedem Scan der Rechner neu gestartet werden.
• Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
• Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.