Home » Viren, Trojaner & Malware Forum » Phishing Trojaner Onlinebanking, wie entfernen? » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Phishing Trojaner Onlinebanking, wie entfernen?

20.09.2011, 16:24

kamku

...neu hier

Beiträge: 7

#1 Hallo, ich bin neu hier und auch zum ersten mal in einem Forum, also eine Premiere für mich...

Ich habe von der Sparkasse Post bekommen, woraufhin mein Onlinebanking aufgrund eines Trojaners auf meinem Laptop gesperrt wurde, jetzt bräuchte ich bitte Hilfe um eben diesen von meinem System zu werfen.
Ich habe hier im Forum schon ein wenig gestöbert und OTL laufen lassen und habe nun die Logfiles erhalten. Vielen Dank schon mal im Vorraus.

Code

OTL logfile created on: 20.09.2011 15:24:15 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\tanja\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 63,05% Memory free
5,70 Gb Paging File | 4,67 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 61,51 Gb Free Space | 52,82% Space Free | Partition Type: NTFS
Drive D: | 106,67 Gb Total Space | 106,39 Gb Free Space | 99,73% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 1,95 Gb Free Space | 52,97% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\tanja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Windows\System32\SafeRemoveDialog.exe (AMD)
PRC - C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe (AMD)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Windows\System32\PresentationSettings.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SafeRemove) -- C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe (AMD)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MODRC) Cinergy DT USB XS Diversity (MKII) -- C:\Windows\System32\drivers\modrc.sys (DiBcom S.A.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions [2011.03.20 19:13:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 23:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.13 23:03:00 | 000,000,000 | ---D | M]
 
[2009.01.26 16:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tanja\AppData\Roaming\mozilla\Extensions
[2011.08.10 14:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tanja\AppData\Roaming\mozilla\Firefox\Profiles\9hmg661y.default\extensions
[2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\askcom.xml
[2011.09.19 16:23:44 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-1.xml
[2010.05.04 18:37:50 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-10.xml
[2010.09.14 02:41:24 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-11.xml
[2010.09.15 15:38:12 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-12.xml
[2009.07.25 20:40:05 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-2.xml
[2009.08.14 01:44:37 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-3.xml
[2009.09.24 13:02:32 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-4.xml
[2009.11.14 22:32:22 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-5.xml
[2009.12.28 11:12:12 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-6.xml
[2010.01.10 18:57:48 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-7.xml
[2010.03.03 08:21:48 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-8.xml
[2010.04.27 18:45:55 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin.xml
[2011.07.22 10:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.18 15:52:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.26 19:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.07.22 10:40:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.03.20 19:13:26 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.666.0\FIREFOX\EXTENSIONS
[2009.08.20 12:47:14 | 000,000,000 | ---D | M] (DVDVideoSoft YouTube Download Firefox Integration) -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY
[2009.09.02 03:01:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.07.22 10:40:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.13 23:02:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.13 23:02:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.13 23:02:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.13 23:02:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.13 23:02:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ClickPotatoLiteSA] "C:\Program Files\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\tanja\mload51.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" File not found
O4 - Startup: C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanrdiskgs80.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSABHO.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C3CAAC8-E7E3-4450-8C5D-7755EFB170B7}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F7245D-EFC5-490E-98CC-FB4A52FAC2E2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE9B678A-63D1-4191-A19A-EE5B85F381E5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tanja\Desktop\Hochzeit Fotografenbilder\06b.jpg
O24 - Desktop BackupWallPaper: C:\Users\tanja\Desktop\Hochzeit Fotografenbilder\06b.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0be071e4-1a1d-11df-b0f2-8d0962cd4c91}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{12771ade-2637-11df-8471-8f92e47e1fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{12771ade-2637-11df-8471-8f92e47e1fb6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{12771afd-2637-11df-8471-8f92e47e1fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{12771afd-2637-11df-8471-8f92e47e1fb6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{89871df8-67c8-11e0-b7b7-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{89871df8-67c8-11e0-b7b7-001e101f82a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{89871e08-67c8-11e0-b7b7-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{89871e08-67c8-11e0-b7b7-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b7c483ce-27bb-11df-a979-dbae5d58f8e3}\Shell - "" = AutoRun
O33 - MountPoints2\{b7c483ce-27bb-11df-a979-dbae5d58f8e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.09.20 15:22:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\tanja\Desktop\OTL.exe
[2011.09.10 16:38:01 | 000,000,000 | ---D | C] -- C:\Users\tanja\Documents\ebay
[2011.08.26 19:31:03 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Seven Zip
[2008.06.03 16:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.09.20 15:33:21 | 000,000,893 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.09.20 15:22:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\tanja\Desktop\OTL.exe
[2011.09.20 15:08:43 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 15:08:43 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 15:08:41 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.09.20 13:57:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.20 13:57:46 | 2949,808,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.20 10:53:45 | 302,369,856 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.19 18:19:07 | 000,591,967 | ---- | M] () -- C:\Users\tanja\Desktop\Produktionshelfer_Kamil_KubischFerrero.pdf
[2011.09.12 17:22:50 | 000,014,807 | ---- | M] () -- C:\Users\tanja\Desktop\Kamil Bewerbung.jpg
[2011.09.09 20:31:49 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.09 20:31:49 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.09 20:31:49 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.09 20:31:49 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.03 19:11:20 | 000,048,640 | ---- | M] () -- C:\Users\tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.31 18:01:37 | 000,041,548 | ---- | M] () -- C:\Users\tanja\Desktop\preview.pdf
[2011.08.27 12:31:37 | 000,006,679 | ---- | M] () -- C:\Users\tanja\Desktop\klingel.jpg
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.09.19 18:19:06 | 000,591,967 | ---- | C] () -- C:\Users\tanja\Desktop\Produktionshelfer_Kamil_KubischFerrero.pdf
[2011.09.18 01:13:56 | 000,000,893 | ---- | C] () -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.09.12 17:22:50 | 000,014,807 | ---- | C] () -- C:\Users\tanja\Desktop\Kamil Bewerbung.jpg
[2011.08.31 18:01:37 | 000,041,548 | ---- | C] () -- C:\Users\tanja\Desktop\preview.pdf
[2011.08.27 12:30:31 | 000,006,679 | ---- | C] () -- C:\Users\tanja\Desktop\klingel.jpg
[2011.04.17 23:45:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.20 19:14:05 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.20 19:14:05 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.28 12:08:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009.07.05 14:58:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.07 22:28:15 | 000,000,680 | ---- | C] () -- C:\Users\tanja\AppData\Local\d3d9caps.dat
[2009.01.26 17:32:52 | 000,048,640 | ---- | C] () -- C:\Users\tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.12 03:29:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.12.12 03:26:07 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008.12.12 03:25:47 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008.12.12 02:53:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.12.12 01:44:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.12.12 01:44:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.30 00:00:25 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.04.29 23:32:03 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.04.16 13:11:34 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.06 12:40:53 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.03.04 21:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.10.02 00:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.07.20 07:24:51 | 000,032,768 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007.05.10 01:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,367,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 19:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.05.16 14:00:00 | 000,000,000 | -HSD | M] -- C:\Users\tanja\AppData\Roaming\.#
[2011.07.12 19:40:22 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\ICQ
[2010.12.02 20:19:41 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\LG Electronics
[2011.02.27 17:53:55 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\Micrografx
[2009.05.25 19:37:20 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\Moyea
[2010.04.11 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\Skip-Bo
[2011.08.26 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\TerraTec
[2009.01.26 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\TuneUp Software
[2011.09.20 13:56:24 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Code

OTL Extras logfile created on: 20.09.2011 15:24:15 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\tanja\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 63,05% Memory free
5,70 Gb Paging File | 4,67 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 61,51 Gb Free Space | 52,82% Space Free | Partition Type: NTFS
Drive D: | 106,67 Gb Total Space | 106,39 Gb Free Space | 99,73% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 1,95 Gb Free Space | 52,97% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092F0707-90B0-4547-BD1C-2E8693CE397E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1F33A0A4-B33D-4CA0-B4E0-B097BD7D1970}" = lport=138 | protocol=17 | dir=in | app=system | 
"{273D7599-1700-4C1C-B323-CF345F99CC07}" = lport=137 | protocol=17 | dir=in | app=system | 
"{97C77A73-C2FA-4C9C-B84A-1C94A6D56432}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BED26034-4436-4B1B-9B59-5490BB2E57A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C632E0EB-2C57-45E3-A9C2-0CAF277DCA48}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CD12DCEB-FBB6-45D0-9E49-44413FE45AC8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D30EB249-DF21-4460-9CB3-16D278CA6401}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D4A5BDC0-CB24-49A5-ADCA-FCCF78AA299D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E76EA634-1947-4406-9648-16387D344CBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000C8C4E-F1EB-468D-BB91-465D06CDF1CF}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{0239CA71-1D7C-453E-B7C2-01A9A7018E27}" = protocol=6 | dir=in | app=c:\users\tanja\appdata\local\temp\{188a931a-b831-4870-8267-f0e6cb450fd9}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{130BB09C-7EDD-453F-AEC2-F69302E3E2A2}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{13E2D55C-0FDD-4919-8A7D-74FE102746BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{15461893-1AE7-41EA-A7FF-0575D04F7682}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{15E13B76-2D6A-4CD5-9C26-7604F2B1F9FA}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{2CEBA0B5-37D7-4164-945F-0B54B72A136D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{391DCDBF-EDCE-4167-8CCD-A38BFB747105}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4B6A4560-7D94-452E-A250-0AA72679BA58}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{50893CE7-C800-49E8-B0ED-054BED080ACD}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{55437685-4B41-4E84-82D5-855EC9D0BCDC}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{6017AB42-E0A7-4287-8389-3B0D1E1DD2EA}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{60C18565-43B9-4F49-9464-B878A6D5FEFC}" = protocol=17 | dir=in | app=c:\users\tanja\desktop\jannik\jannik pfeffer.exe | 
"{660E144B-C09F-40FE-8AAC-19B217040906}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{69BC2CFC-3284-4F2D-8685-39A1B7CE8345}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{703DE484-F3C3-4DD3-B49E-9A0BB4CC8E6B}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{723E4593-1092-48BF-BAFA-6DBBB1164C46}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{73F94202-C6A3-454D-94B7-52EF23F10513}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{7C6B8E55-F366-4227-8104-54BB06EDCECB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7CC1E877-F6DF-4B6A-8729-48542B4D9B8F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{82033FD3-7465-4F6E-A8A5-C7DB0157F0CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{898B6FB0-EAE6-4492-8AC7-87880AEEE0F3}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{899F7A91-2172-4DD5-AC62-F1CA47DC1FA6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9EAB5FDA-42AB-4B48-BA94-505A93F0FCFA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A31E6FA8-3EE4-4A29-B6D8-550F0A7DD8AD}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{AB26C248-53CB-4417-A37A-9DA2408093D1}" = protocol=17 | dir=in | app=c:\users\tanja\appdata\local\temp\{188a931a-b831-4870-8267-f0e6cb450fd9}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{ACB0F91A-C0A3-4A66-A998-FFDCE471046B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B42845C7-DCF3-4643-8468-020B8A34AA64}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B72FCCB6-29CE-428B-B730-898A30FB6FEB}" = protocol=6 | dir=in | app=c:\users\tanja\desktop\jannik\jannik pfeffer.exe | 
"{B88A7BCC-8424-4BE7-AB38-7E8B2A37CD1D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C4F71F64-081B-4846-823D-A2D0C9478472}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{C80845DB-36AA-437D-83CE-005D1511F431}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{CA5A30C4-6561-4285-A3E6-013933CA72FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CB6A3582-C4A4-4F8D-85F0-B4FEC78B450F}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{D925009C-2214-41E1-8829-33DDFF4EAB4E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{DBCC5337-547B-40D2-AA74-30FC9DB4AEAB}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{DE236213-BB83-4BE4-B07F-3F6560CB6B1F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{E0E32418-F572-410E-83F0-02B2E0576162}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{F364C985-0818-438F-9682-02B6AEA13B42}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{FB1FD8AA-AA25-413E-AF76-16B060558103}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"TCP Query User{1E10DD27-FDF9-4D62-B073-EB98D36A54CB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{242A3C8C-3904-4D2F-989E-66B6107C6513}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{2718FE26-065A-4CD5-AC4D-DB4A93DFD4C0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{90F3C394-54DA-49B9-A988-28E5E9DA57C2}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{9BAC15E2-D102-4096-97CB-0CC2E5B509F5}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{E5758709-4549-444C-AB92-9A2B25A0866C}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{1635A845-FFB0-4438-9E5A-EC068D80FA6B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{4802185C-D7C4-4FBD-849A-316F94FE0058}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{B668CE60-4645-42FE-8859-8C162A50A5E0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{CADE151E-15AA-43E2-BAC7-CE7A680F0591}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{CE0C63A4-41E1-4CE6-9379-CE1DFACAB9D8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{F29FAD18-7BE3-41F8-892C-3E56743DE498}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046B61A-99CA-3860-AF60-70B50C9A67AA}" = Catalyst Control Center Localization Spanish
"{03ECA42B-5AF3-AFE7-7AC2-DD8465A39FE5}" = ATI Catalyst Install Manager
"{04AABF6D-55C5-4779-ABF9-992016E913A2}" = Micrografx Picture Publisher 10
"{08F27D43-7DCD-D56E-23E4-E3B513A503ED}" = CCC Help Spanish
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F97342A-56FA-4E9B-9F58-87DBD9DE9D9A}" = Safely Remove Disk Drive
"{124CCA05-99DD-8507-EF84-5F3C11C9BA92}" = CCC Help Finnish
"{15D30554-5656-3121-0D49-82141BF7801B}" = CCC Help Swedish
"{18C4DFD3-96FB-6541-FF28-23AD2819EEAE}" = Catalyst Control Center Localization Hungarian
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D91B2F4-A6CA-A905-7FB8-6D0C895D612D}" = Catalyst Control Center Localization Dutch
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1FA4A5A0-410F-1322-5BCD-06E6CE80727A}" = Catalyst Control Center Localization Greek
"{21742DEC-F8EA-857D-42F5-9157C76FABE2}" = Catalyst Control Center Localization Portuguese
"{25300827-38B1-37A1-2BDE-15B2B52F0D30}" = CCC Help Russian
"{25D14314-61B6-D952-CFBF-6B327B12042F}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2992709C-9BB2-6324-7F37-A9CC507A59A1}" = CCC Help Czech
"{2BD7024F-A801-7445-AD31-FE1EFC461A10}" = Catalyst Control Center Localization Italian
"{2DB2AB2A-F023-1409-0801-87EE21AFDA77}" = CCC Help Thai
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3DF88F1C-131F-DF4E-E6B3-34E1035EDB47}" = Catalyst Control Center Graphics Full Existing
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40171099-D967-66A1-D6A3-6D9D8469684A}" = Skins
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7B4836-484A-3D1B-BB5C-853279A85360}" = CCC Help German
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{571CAC49-4871-7002-24E4-89A778BAC559}" = Catalyst Control Center Localization Polish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{577D78F6-334E-5838-1C29-B0C7339ADB77}" = Catalyst Control Center Localization Norwegian
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5D8BD889-902F-39A0-BDBB-1490447715B6}" = Catalyst Control Center Localization Turkish
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{689DA2FE-27E1-70EF-9CA4-FA7A8FA09D92}" = Catalyst Control Center Localization Danish
"{69A21F70-D6E6-9A06-3BBD-F52C742DD328}" = Catalyst Control Center Localization German
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77729170-2DA2-CC9E-C277-1AD315D02F4C}" = ccc-utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BD103AB-4485-3B04-15F3-3D384CA60AEF}" = CCC Help Hungarian
"{7E540935-7BB3-07E1-869E-43BD44CB7691}" = Catalyst Control Center Localization Swedish
"{8374C65A-02AD-2759-AD30-0FE14E14DC29}" = CCC Help Norwegian
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{85D7624E-77A3-BEA5-4AF1-23782515B67F}" = CCC Help Italian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88B3635E-519A-4653-645F-E03F29A2A09B}" = Catalyst Control Center Localization Chinese Traditional
"{890FE9F5-4737-5D3F-81EE-2B3D2C7D1F04}" = Catalyst Control Center Graphics Full New
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F271824-10F8-3468-4729-999B19CA9B37}" = Catalyst Control Center Localization Finnish
"{8F998E51-91FD-9B45-49A5-D8962F00E909}" = Catalyst Control Center Graphics Previews Vista
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC428C6-B8C9-7776-FC00-A2DD404FDC00}" = CCC Help French
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B30642B6-E4A9-5DC6-B43C-C1032CD96120}" = ccc-core-static
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5B270F6-B49B-8BC7-3C3E-5F993F9AD00A}" = CCC Help Danish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA413CE2-A6F0-3902-724B-D4632E00331E}" = Catalyst Control Center Localization Czech
"{BCB5E9F1-ACA0-7040-ED3B-BF7D5B00B154}" = CCC Help Turkish
"{BD77C639-3C98-F8DD-36E3-8C7E97CCF29C}" = Catalyst Control Center Localization Russian
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C7635E53-7E9A-9B54-BD7D-6CF6A010CF48}" = Catalyst Control Center Graphics Light
"{CA696301-6211-263B-9BC4-DAE570CCFEA0}" = CCC Help Chinese Standard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF271CB2-F047-9A43-EB2D-5B88DFD204F9}" = Catalyst Control Center Localization French
"{D3890615-AA15-F9CE-F829-D826F945748B}" = CCC Help English
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DA736F25-C022-D7CB-6807-BD9E46025572}" = CCC Help Greek
"{DBB981F7-86E5-A9ED-FB52-0F566D00C0FD}" = CCC Help Polish
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{DE77A851-54AB-9BB1-7446-4B2700CF3663}" = CCC Help Chinese Traditional
"{E08E9665-50D7-9EA6-A075-5CDD61A7C1DC}" = Catalyst Control Center Localization Japanese
"{E0C0D19E-A52A-E11F-F3CD-298E87DBC8B4}" = Catalyst Control Center Core Implementation
"{E3E6609F-1BC2-81B1-A9CB-342A1ECCC49C}" = CCC Help Dutch
"{E569FBDC-4392-DBE7-D97B-4A0F2E02BEA9}" = Catalyst Control Center Localization Chinese Standard
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E65C36C1-0015-DF24-609A-449BB1AEF6CE}" = Catalyst Control Center Localization Thai
"{E69544F1-7EC4-731C-C61D-C679F30886E2}" = Catalyst Control Center Localization Korean
"{EDE6D0A4-7AC5-5E23-B7D4-B2B3B9F03A4A}" = CCC Help Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F63BD394-8EFB-5C98-4997-F49907FF9E1F}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ClickPotatoLiteSA" = ClickPotato
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"InstallShield_{0F97342A-56FA-4E9B-9F58-87DBD9DE9D9A}" = Safely Remove Disk Drive
"IrfanView" = IrfanView (remove only)
"MediacoderSE1.1" = MediacoderSE
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 29.04.2010 03:46:02 | Computer Name = laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 29.04.2010 13:34:26 | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.04.2010 13:34:26 | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.04.2010 13:35:31 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.04.2010 14:21:30 | Computer Name = laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 29.04.2010 18:00:00 | Computer Name = laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 30.04.2010 01:33:00 | Computer Name = laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 01.05.2010 05:57:48 | Computer Name = laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 01.05.2010 11:59:09 | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2010 11:59:09 | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 18.09.2011 19:55:32 | Computer Name = laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 19.09.2011 05:24:58 | Computer Name = laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 19.09.2011 05:25:47 | Computer Name = laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 19.09.2011 09:11:55 | Computer Name = laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 19.09.2011 09:14:01 | Computer Name = laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 20.09.2011 04:53:53 | Computer Name = laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 20.09.2011 um 02:45:39 unerwartet heruntergefahren.
 
Error - 20.09.2011 04:55:12 | Computer Name = laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 20.09.2011 07:56:20 | Computer Name = laptop | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 20.09.2011 07:57:59 | Computer Name = laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 20.09.2011 07:59:08 | Computer Name = laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

Habe jetzt auch Gmer laufen lassen und das ist das Logfile dazu:

Code

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-20 18:41:07
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\00000076 ST925082 rev.3.AA
Running: wiqi2sis.exe; Driver: C:\Users\tanja\AppData\Local\Temp\fwddapow.sys


---- System - GMER 1.0.15 ----

SSDT            9E9510A4                                                                                                                                                                                                           ZwCreateThread
SSDT            9E951090                                                                                                                                                                                                           ZwOpenProcess
SSDT            9E951095                                                                                                                                                                                                           ZwOpenThread
SSDT            9E95109F                                                                                                                                                                                                           ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                                                                                                                                    824CEA78 4 Bytes  [A4, 10, 95, 9E]
.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                                                                                                                                    824CEC48 4 Bytes  [90, 10, 95, 9E]
.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                                                                                                                                    824CEC64 4 Bytes  [95, 10, 95, 9E]
.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                                                                                                                                    824CEE78 4 Bytes  [9F, 10, 95, 9E]
?               C:\Windows\System32\Drivers\sptd.sys                                                                                                                                                                               Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                                                                                           section is writeable [0x8FC0F000, 0x1FB57A, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                                                                                                              903624CB 5 Bytes  JMP 86F3C1C8 
.text           aknzs04r.SYS                                                                                                                                                                                                       82B73000 22 Bytes  [26, 62, 7D, 82, 10, 61, 7D, ...]
.text           aknzs04r.SYS                                                                                                                                                                                                       82B73017 181 Bytes  [00, 32, 47, 70, 80, 3D, 45, ...]
.text           aknzs04r.SYS                                                                                                                                                                                                       82B730CE 73 Bytes  [00, 00, 00, 00, 01, C2, 03, ...]
.text           aknzs04r.SYS                                                                                                                                                                                                       82B73118 185 Bytes  [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text           aknzs04r.SYS                                                                                                                                                                                                       82B731D2 22 Bytes  [E0, C2, E2, 84, E3, 46, E6, ...]
.text           ...                                                                                                                                                                                                                

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!TerminateProcess                                                                                                                                75CB18EF 6 Bytes  PUSH 02F32680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!ExitProcess                                                                                                                                     75CD3B54 6 Bytes  PUSH 02F32630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!FindNextFileW                                                                                                                                   75CDA6C1 6 Bytes  PUSH 02F32590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!FindNextFileA                                                                                                                                   75CE1329 6 Bytes  PUSH 02F324D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] ADVAPI32.dll!RegDeleteValueA                                                                                                                                 773EA565 6 Bytes  PUSH 02F32340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] ADVAPI32.dll!RegDeleteValueW                                                                                                                                 773EBC79 6 Bytes  PUSH 02F323D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] WS2_32.dll!closesocket                                                                                                                                       758F330C 5 Bytes  JMP 0305A07B C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] WS2_32.dll!recv                                                                                                                                              758F343A 5 Bytes  JMP 03059CF9 C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] WS2_32.dll!WSASend                                                                                                                                           758F4496 5 Bytes  JMP 03059DCC C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] WS2_32.dll!send                                                                                                                                              758F659B 5 Bytes  JMP 03059C18 C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] WS2_32.dll!WSARecv                                                                                                                                           758F8400 5 Bytes  JMP 03059F2D C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\Dwm.exe[2232] kernel32.dll!TerminateProcess                                                                                                                                                    75CB18EF 6 Bytes  PUSH 02692680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\Dwm.exe[2232] kernel32.dll!ExitProcess                                                                                                                                                         75CD3B54 6 Bytes  PUSH 02692630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\Dwm.exe[2232] kernel32.dll!FindNextFileW                                                                                                                                                       75CDA6C1 6 Bytes  PUSH 02692590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\Dwm.exe[2232] kernel32.dll!FindNextFileA                                                                                                                                                       75CE1329 6 Bytes  PUSH 026924D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\Dwm.exe[2232] ADVAPI32.dll!RegDeleteValueA                                                                                                                                                     773EA565 6 Bytes  PUSH 02692340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\Dwm.exe[2232] ADVAPI32.dll!RegDeleteValueW                                                                                                                                                     773EBC79 6 Bytes  PUSH 026923D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\Dwm.exe[2232] WS2_32.dll!closesocket                                                                                                                                                           758F330C 5 Bytes  JMP 018FA07B 
.text           C:\Windows\system32\Dwm.exe[2232] WS2_32.dll!recv                                                                                                                                                                  758F343A 5 Bytes  JMP 018F9CF9 
.text           C:\Windows\system32\Dwm.exe[2232] WS2_32.dll!WSASend                                                                                                                                                               758F4496 5 Bytes  JMP 018F9DCC 
.text           C:\Windows\system32\Dwm.exe[2232] WS2_32.dll!send                                                                                                                                                                  758F659B 5 Bytes  JMP 018F9C18 
.text           C:\Windows\system32\Dwm.exe[2232] WS2_32.dll!WSARecv                                                                                                                                                               758F8400 5 Bytes  JMP 018F9F2D 
.text           C:\Windows\ehome\ehtray.exe[2504] kernel32.dll!TerminateProcess                                                                                                                                                    75CB18EF 6 Bytes  PUSH 01112680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehtray.exe[2504] kernel32.dll!ExitProcess                                                                                                                                                         75CD3B54 6 Bytes  PUSH 01112630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehtray.exe[2504] kernel32.dll!FindNextFileW                                                                                                                                                       75CDA6C1 6 Bytes  PUSH 01112590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehtray.exe[2504] kernel32.dll!FindNextFileA                                                                                                                                                       75CE1329 6 Bytes  PUSH 011124D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehtray.exe[2504] ADVAPI32.dll!RegDeleteValueA                                                                                                                                                     773EA565 6 Bytes  PUSH 01112340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehtray.exe[2504] ADVAPI32.dll!RegDeleteValueW                                                                                                                                                     773EBC79 6 Bytes  PUSH 011123D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehtray.exe[2504] WS2_32.dll!closesocket                                                                                                                                                           758F330C 5 Bytes  JMP 0084A07B 
.text           C:\Windows\ehome\ehtray.exe[2504] WS2_32.dll!recv                                                                                                                                                                  758F343A 5 Bytes  JMP 00849CF9 
.text           C:\Windows\ehome\ehtray.exe[2504] WS2_32.dll!WSASend                                                                                                                                                               758F4496 5 Bytes  JMP 00849DCC 
.text           C:\Windows\ehome\ehtray.exe[2504] WS2_32.dll!send                                                                                                                                                                  758F659B 5 Bytes  JMP 00849C18 
.text           C:\Windows\ehome\ehtray.exe[2504] WS2_32.dll!WSARecv                                                                                                                                                               758F8400 5 Bytes  JMP 00849F2D 
.text           C:\Windows\system32\taskeng.exe[2712] kernel32.dll!TerminateProcess                                                                                                                                                75CB18EF 6 Bytes  PUSH 03D92680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\taskeng.exe[2712] kernel32.dll!ExitProcess                                                                                                                                                     75CD3B54 6 Bytes  PUSH 03D92630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\taskeng.exe[2712] kernel32.dll!FindNextFileW                                                                                                                                                   75CDA6C1 6 Bytes  PUSH 03D92590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\taskeng.exe[2712] kernel32.dll!FindNextFileA                                                                                                                                                   75CE1329 6 Bytes  PUSH 03D924D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!RegDeleteValueA                                                                                                                                                 773EA565 6 Bytes  PUSH 03D92340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!RegDeleteValueW                                                                                                                                                 773EBC79 6 Bytes  PUSH 03D923D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\taskeng.exe[2712] WS2_32.dll!closesocket                                                                                                                                                       758F330C 5 Bytes  JMP 0291A07B 
.text           C:\Windows\system32\taskeng.exe[2712] WS2_32.dll!recv                                                                                                                                                              758F343A 5 Bytes  JMP 02919CF9 
.text           C:\Windows\system32\taskeng.exe[2712] WS2_32.dll!WSASend                                                                                                                                                           758F4496 5 Bytes  JMP 02919DCC 
.text           C:\Windows\system32\taskeng.exe[2712] WS2_32.dll!send                                                                                                                                                              758F659B 5 Bytes  JMP 02919C18 
.text           C:\Windows\system32\taskeng.exe[2712] WS2_32.dll!WSARecv                                                                                                                                                           758F8400 5 Bytes  JMP 02919F2D 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] kernel32.dll!TerminateProcess                                                                                                                                   75CB18EF 6 Bytes  PUSH 02802680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] kernel32.dll!ExitProcess                                                                                                                                        75CD3B54 6 Bytes  PUSH 02802630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] kernel32.dll!FindNextFileW                                                                                                                                      75CDA6C1 6 Bytes  PUSH 02802590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] kernel32.dll!FindNextFileA                                                                                                                                      75CE1329 6 Bytes  PUSH 028024D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!RegDeleteValueA                                                                                                                                    773EA565 6 Bytes  PUSH 02802340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!RegDeleteValueW                                                                                                                                    773EBC79 6 Bytes  PUSH 028023D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] WS2_32.dll!closesocket                                                                                                                                          758F330C 5 Bytes  JMP 026CA07B 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] WS2_32.dll!recv                                                                                                                                                 758F343A 5 Bytes  JMP 026C9CF9 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] WS2_32.dll!WSASend                                                                                                                                              758F4496 5 Bytes  JMP 026C9DCC 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] WS2_32.dll!send                                                                                                                                                 758F659B 5 Bytes  JMP 026C9C18 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[2716] WS2_32.dll!WSARecv                                                                                                                                              758F8400 5 Bytes  JMP 026C9F2D 
.text           C:\Windows\System32\rundll32.exe[3080] kernel32.dll!TerminateProcess                                                                                                                                               75CB18EF 6 Bytes  PUSH 00A32680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\rundll32.exe[3080] kernel32.dll!ExitProcess                                                                                                                                                    75CD3B54 6 Bytes  PUSH 00A32630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\rundll32.exe[3080] kernel32.dll!FindNextFileW                                                                                                                                                  75CDA6C1 6 Bytes  PUSH 00A32590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\rundll32.exe[3080] kernel32.dll!FindNextFileA                                                                                                                                                  75CE1329 6 Bytes  PUSH 00A324D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\rundll32.exe[3080] ADVAPI32.dll!RegDeleteValueA                                                                                                                                                773EA565 6 Bytes  PUSH 00A32340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\rundll32.exe[3080] ADVAPI32.dll!RegDeleteValueW                                                                                                                                                773EBC79 6 Bytes  PUSH 00A323D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\rundll32.exe[3080] WS2_32.dll!closesocket                                                                                                                                                      758F330C 5 Bytes  JMP 0090A07B 
.text           C:\Windows\System32\rundll32.exe[3080] WS2_32.dll!recv                                                                                                                                                             758F343A 5 Bytes  JMP 00909CF9 
.text           C:\Windows\System32\rundll32.exe[3080] WS2_32.dll!WSASend                                                                                                                                                          758F4496 5 Bytes  JMP 00909DCC 
.text           C:\Windows\System32\rundll32.exe[3080] WS2_32.dll!send                                                                                                                                                             758F659B 5 Bytes  JMP 00909C18 
.text           C:\Windows\System32\rundll32.exe[3080] WS2_32.dll!WSARecv                                                                                                                                                          758F8400 5 Bytes  JMP 00909F2D 
.text           C:\Windows\System32\wpcumi.exe[3092] kernel32.dll!TerminateProcess                                                                                                                                                 75CB18EF 6 Bytes  PUSH 02642680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\wpcumi.exe[3092] kernel32.dll!ExitProcess                                                                                                                                                      75CD3B54 6 Bytes  PUSH 02642630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\wpcumi.exe[3092] kernel32.dll!FindNextFileW                                                                                                                                                    75CDA6C1 6 Bytes  PUSH 02642590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\wpcumi.exe[3092] kernel32.dll!FindNextFileA                                                                                                                                                    75CE1329 6 Bytes  PUSH 026424D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\wpcumi.exe[3092] ADVAPI32.dll!RegDeleteValueA                                                                                                                                                  773EA565 6 Bytes  PUSH 02642340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\wpcumi.exe[3092] ADVAPI32.dll!RegDeleteValueW                                                                                                                                                  773EBC79 6 Bytes  PUSH 026423D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\System32\wpcumi.exe[3092] WS2_32.dll!closesocket                                                                                                                                                        758F330C 5 Bytes  JMP 0203A07B 
.text           C:\Windows\System32\wpcumi.exe[3092] WS2_32.dll!recv                                                                                                                                                               758F343A 5 Bytes  JMP 02039CF9 
.text           C:\Windows\System32\wpcumi.exe[3092] WS2_32.dll!WSASend                                                                                                                                                            758F4496 5 Bytes  JMP 02039DCC 
.text           C:\Windows\System32\wpcumi.exe[3092] WS2_32.dll!send                                                                                                                                                               758F659B 5 Bytes  JMP 02039C18 
.text           C:\Windows\System32\wpcumi.exe[3092] WS2_32.dll!WSARecv                                                                                                                                                            758F8400 5 Bytes  JMP 02039F2D 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] kernel32.dll!TerminateProcess                                                                                                                                  75CB18EF 6 Bytes  PUSH 01E22680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] kernel32.dll!ExitProcess                                                                                                                                       75CD3B54 6 Bytes  PUSH 01E22630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] kernel32.dll!FindNextFileW                                                                                                                                     75CDA6C1 6 Bytes  PUSH 01E22590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] kernel32.dll!FindNextFileA                                                                                                                                     75CE1329 6 Bytes  PUSH 01E224D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] ADVAPI32.dll!RegDeleteValueA                                                                                                                                   773EA565 6 Bytes  PUSH 01E22340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] ADVAPI32.dll!RegDeleteValueW                                                                                                                                   773EBC79 6 Bytes  PUSH 01E223D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] WS2_32.dll!closesocket                                                                                                                                         758F330C 5 Bytes  JMP 01C8A07B 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] WS2_32.dll!recv                                                                                                                                                758F343A 5 Bytes  JMP 01C89CF9 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] WS2_32.dll!WSASend                                                                                                                                             758F4496 5 Bytes  JMP 01C89DCC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] WS2_32.dll!send                                                                                                                                                758F659B 5 Bytes  JMP 01C89C18 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3276] WS2_32.dll!WSARecv                                                                                                                                             758F8400 5 Bytes  JMP 01C89F2D 
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] kernel32.dll!TerminateProcess                                                                                                                                       75CB18EF 6 Bytes  PUSH 02A02680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] kernel32.dll!ExitProcess                                                                                                                                            75CD3B54 6 Bytes  PUSH 02A02630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] kernel32.dll!FindNextFileW                                                                                                                                          75CDA6C1 6 Bytes  PUSH 02A02590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] kernel32.dll!FindNextFileA                                                                                                                                          75CE1329 6 Bytes  PUSH 02A024D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] ADVAPI32.dll!RegDeleteValueA                                                                                                                                        773EA565 6 Bytes  PUSH 02A02340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] ADVAPI32.dll!RegDeleteValueW                                                                                                                                        773EBC79 6 Bytes  PUSH 02A023D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] WS2_32.dll!closesocket                                                                                                                                              758F330C 5 Bytes  JMP 01C7A07B 
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] WS2_32.dll!recv                                                                                                                                                     758F343A 5 Bytes  JMP 01C79CF9 
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] WS2_32.dll!WSASend                                                                                                                                                  758F4496 5 Bytes  JMP 01C79DCC 
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] WS2_32.dll!send                                                                                                                                                     758F659B 5 Bytes  JMP 01C79C18 
.text           C:\Program Files\iTunes\iTunesHelper.exe[3316] WS2_32.dll!WSARecv                                                                                                                                                  758F8400 5 Bytes  JMP 01C79F2D 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] kernel32.dll!TerminateProcess                                                                                                          75CB18EF 6 Bytes  PUSH 01D82680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] kernel32.dll!ExitProcess                                                                                                               75CD3B54 6 Bytes  PUSH 01D82630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] kernel32.dll!FindNextFileW                                                                                                             75CDA6C1 6 Bytes  PUSH 01D82590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] kernel32.dll!FindNextFileA                                                                                                             75CE1329 6 Bytes  PUSH 01D824D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] ADVAPI32.dll!RegDeleteValueA                                                                                                           773EA565 6 Bytes  PUSH 01D82340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] ADVAPI32.dll!RegDeleteValueW                                                                                                           773EBC79 6 Bytes  PUSH 01D823D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] WS2_32.dll!closesocket                                                                                                                 758F330C 5 Bytes  JMP 01C4A07B 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] WS2_32.dll!recv                                                                                                                        758F343A 5 Bytes  JMP 01C49CF9 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] WS2_32.dll!WSASend                                                                                                                     758F4496 5 Bytes  JMP 01C49DCC 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] WS2_32.dll!send                                                                                                                        758F659B 5 Bytes  JMP 01C49C18 
.text           C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3388] WS2_32.dll!WSARecv                                                                                                                     758F8400 5 Bytes  JMP 01C49F2D 
.text           C:\Windows\system32\wuauclt.exe[3580] kernel32.dll!TerminateProcess                                                                                                                                                75CB18EF 6 Bytes  PUSH 01AF2680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\wuauclt.exe[3580] kernel32.dll!ExitProcess                                                                                                                                                     75CD3B54 6 Bytes  PUSH 01AF2630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\wuauclt.exe[3580] kernel32.dll!FindNextFileW                                                                                                                                                   75CDA6C1 6 Bytes  PUSH 01AF2590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\wuauclt.exe[3580] kernel32.dll!FindNextFileA                                                                                                                                                   75CE1329 6 Bytes  PUSH 01AF24D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!RegDeleteValueA                                                                                                                                                 773EA565 6 Bytes  PUSH 01AF2340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!RegDeleteValueW                                                                                                                                                 773EBC79 6 Bytes  PUSH 01AF23D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\system32\wuauclt.exe[3580] WS2_32.dll!closesocket                                                                                                                                                       758F330C 5 Bytes  JMP 016FA07B 
.text           C:\Windows\system32\wuauclt.exe[3580] WS2_32.dll!recv                                                                                                                                                              758F343A 5 Bytes  JMP 016F9CF9 
.text           C:\Windows\system32\wuauclt.exe[3580] WS2_32.dll!WSASend                                                                                                                                                           758F4496 5 Bytes  JMP 016F9DCC 
.text           C:\Windows\system32\wuauclt.exe[3580] WS2_32.dll!send                                                                                                                                                              758F659B 5 Bytes  JMP 016F9C18 
.text           C:\Windows\system32\wuauclt.exe[3580] WS2_32.dll!WSARecv                                                                                                                                                           758F8400 5 Bytes  JMP 016F9F2D 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] kernel32.dll!TerminateProcess                                                                                                                                  75CB18EF 6 Bytes  PUSH 01F02680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] kernel32.dll!ExitProcess                                                                                                                                       75CD3B54 6 Bytes  PUSH 01F02630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] kernel32.dll!FindNextFileW                                                                                                                                     75CDA6C1 6 Bytes  PUSH 01F02590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] kernel32.dll!FindNextFileA                                                                                                                                     75CE1329 6 Bytes  PUSH 01F024D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] ADVAPI32.dll!RegDeleteValueA                                                                                                                                   773EA565 6 Bytes  PUSH 01F02340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] ADVAPI32.dll!RegDeleteValueW                                                                                                                                   773EBC79 6 Bytes  PUSH 01F023D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] WS2_32.dll!closesocket                                                                                                                                         758F330C 5 Bytes  JMP 0099A07B 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] WS2_32.dll!recv                                                                                                                                                758F343A 5 Bytes  JMP 00999CF9 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] WS2_32.dll!WSASend                                                                                                                                             758F4496 5 Bytes  JMP 00999DCC 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] WS2_32.dll!send                                                                                                                                                758F659B 5 Bytes  JMP 00999C18 
.text           C:\Program Files\Windows Defender\MSASCui.exe[3616] WS2_32.dll!WSARecv                                                                                                                                             758F8400 5 Bytes  JMP 00999F2D 
.text           C:\Windows\Explorer.EXE[3672] kernel32.dll!TerminateProcess                                                                                                                                                        75CB18EF 6 Bytes  PUSH 08112680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\Explorer.EXE[3672] kernel32.dll!ExitProcess                                                                                                                                                             75CD3B54 6 Bytes  PUSH 08112630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\Explorer.EXE[3672] kernel32.dll!FindNextFileW                                                                                                                                                           75CDA6C1 6 Bytes  PUSH 08112590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\Explorer.EXE[3672] kernel32.dll!FindNextFileA                                                                                                                                                           75CE1329 6 Bytes  PUSH 081124D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\Explorer.EXE[3672] ADVAPI32.dll!RegDeleteValueA                                                                                                                                                         773EA565 6 Bytes  PUSH 08112340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\Explorer.EXE[3672] ADVAPI32.dll!RegDeleteValueW                                                                                                                                                         773EBC79 6 Bytes  PUSH 081123D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] kernel32.dll!TerminateProcess                                                                                                                                      75CB18EF 6 Bytes  PUSH 01CA2680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] kernel32.dll!ExitProcess                                                                                                                                           75CD3B54 6 Bytes  PUSH 01CA2630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] kernel32.dll!FindNextFileW                                                                                                                                         75CDA6C1 6 Bytes  PUSH 01CA2590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] kernel32.dll!FindNextFileA                                                                                                                                         75CE1329 6 Bytes  PUSH 01CA24D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] ADVAPI32.dll!RegDeleteValueA                                                                                                                                       773EA565 6 Bytes  PUSH 01CA2340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] ADVAPI32.dll!RegDeleteValueW                                                                                                                                       773EBC79 6 Bytes  PUSH 01CA23D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] WS2_32.dll!closesocket                                                                                                                                             758F330C 5 Bytes  JMP 0226A07B 
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] WS2_32.dll!recv                                                                                                                                                    758F343A 5 Bytes  JMP 02269CF9 
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] WS2_32.dll!WSASend                                                                                                                                                 758F4496 5 Bytes  JMP 02269DCC 
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] WS2_32.dll!send                                                                                                                                                    758F659B 5 Bytes  JMP 02269C18 
.text           C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[3772] WS2_32.dll!WSARecv                                                                                                                                                 758F8400 5 Bytes  JMP 02269F2D 
.text           C:\Windows\ehome\ehmsas.exe[3908] kernel32.dll!TerminateProcess                                                                                                                                                    75CB18EF 6 Bytes  PUSH 01FD2680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehmsas.exe[3908] kernel32.dll!ExitProcess                                                                                                                                                         75CD3B54 6 Bytes  PUSH 01FD2630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehmsas.exe[3908] kernel32.dll!FindNextFileW                                                                                                                                                       75CDA6C1 6 Bytes  PUSH 01FD2590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehmsas.exe[3908] kernel32.dll!FindNextFileA                                                                                                                                                       75CE1329 6 Bytes  PUSH 01FD24D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehmsas.exe[3908] ADVAPI32.dll!RegDeleteValueA                                                                                                                                                     773EA565 6 Bytes  PUSH 01FD2340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehmsas.exe[3908] ADVAPI32.dll!RegDeleteValueW                                                                                                                                                     773EBC79 6 Bytes  PUSH 01FD23D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Windows\ehome\ehmsas.exe[3908] WS2_32.dll!closesocket                                                                                                                                                           758F330C 5 Bytes  JMP 00F6A07B 
.text           C:\Windows\ehome\ehmsas.exe[3908] WS2_32.dll!recv                                                                                                                                                                  758F343A 5 Bytes  JMP 00F69CF9 
.text           C:\Windows\ehome\ehmsas.exe[3908] WS2_32.dll!WSASend                                                                                                                                                               758F4496 5 Bytes  JMP 00F69DCC 
.text           C:\Windows\ehome\ehmsas.exe[3908] WS2_32.dll!send                                                                                                                                                                  758F659B 5 Bytes  JMP 00F69C18 
.text           C:\Windows\ehome\ehmsas.exe[3908] WS2_32.dll!WSARecv                                                                                                                                                               758F8400 5 Bytes  JMP 00F69F2D 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] kernel32.dll!TerminateProcess                                                                                                                     75CB18EF 6 Bytes  PUSH 019C2680; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] kernel32.dll!ExitProcess                                                                                                                          75CD3B54 6 Bytes  PUSH 019C2630; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] kernel32.dll!FindNextFileW                                                                                                                        75CDA6C1 6 Bytes  PUSH 019C2590; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] kernel32.dll!FindNextFileA                                                                                                                        75CE1329 6 Bytes  PUSH 019C24D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] ADVAPI32.dll!RegDeleteValueA                                                                                                                      773EA565 6 Bytes  PUSH 019C2340; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] ADVAPI32.dll!RegDeleteValueW                                                                                                                      773EBC79 6 Bytes  PUSH 019C23D0; RET C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] WS2_32.dll!closesocket                                                                                                                            758F330C 5 Bytes  JMP 01A9A07B C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] WS2_32.dll!recv                                                                                                                                   758F343A 5 Bytes  JMP 01A99CF9 C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] WS2_32.dll!WSASend                                                                                                                                758F4496 5 Bytes  JMP 01A99DCC C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] WS2_32.dll!send                                                                                                                                   758F659B 5 Bytes  JMP 01A99C18 C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4032] WS2_32.dll!WSARecv                                                                                                                                758F8400 5 Bytes  JMP 01A99F2D C:\Users\tanja\mload51.dll (Microsoft InfoCards/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                                                                                          [8061161E] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                                                                                           [80610AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                                                                                   [80611748] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                                                                                                          [80610B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                                                                                    [80610C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortNotification]                                                                                                                                         000000DC
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                                                                                       000000A2
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                                                                                       00000333
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                                                                                                   000003D8
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                                                                                        0000024D
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                                                                                                 00000201
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                                                                                        000001EF
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortStallExecution]                                                                                                                                       0000031F
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                                                                                     000000A1
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortRequestCallback]                                                                                                                                      0000025C
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                                                                                                000003BE
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                                                                                                 00000215
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                                                                                      000000DD
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortMoveMemory]                                                                                                                                           00000190
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                                                                                            00000182
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                                                                                               00000363
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                                                                                                 00000258
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortReadPortUshort]                                                                                                                                       0000030E
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                                                                                                 0000017E
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortInitialize]                                                                                                                                           00000254
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                                                                                        0000019E
IAT             \SystemRoot\System32\Drivers\aknzs04r.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                                                                                                    000000AB

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                                                                              [741E8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                                                                               [74229855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                                                                                           [741EB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                                                                                     [741DFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                                                                               [741E7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                                                                                            [741DEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                                                                                [7421B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                                                                                   [741EBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                                                                                           [741E0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                                                                                            [741E06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                                                                                             [741D71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                                                                                     [7426D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                                                                                        [74207329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                                                                                           [741DE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                                                                                     [741D697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                                                                                    [741D69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                                                                                       [741E2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                                                                             849DA1E8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                                                                             AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device          \FileSystem\fastfat \FatCdrom                                                                                                                                                                                      87B59790

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                                            Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                                                            Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                                                                                                               849D61E8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                                                                                                   86F421E8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                                                                                                   86F421E8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                                                                                                                   86F3B1E8
Device          \Driver\usbohci \Device\USBPDO-3                                                                                                                                                                                   86F421E8
Device          \Driver\netbt \Device\NetBT_Tcpip_{DE9B678A-63D1-4191-A19A-EE5B85F381E5}                                                                                                                                           8768F790
Device          \Driver\usbohci \Device\USBPDO-4                                                                                                                                                                                   86F421E8
Device          \Driver\usbehci \Device\USBPDO-5                                                                                                                                                                                   86F3B1E8
Device          \Driver\usbohci \Device\USBPDO-6                                                                                                                                                                                   86F421E8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                             849D61E8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                             849D61E8
Device          \Driver\cdrom \Device\CdRom0                                                                                                                                                                                       86E6C790
Device          \Driver\PCI_NTPNP5505 \Device\00000065                                                                                                                                                                             sptd.sys
Device          \Driver\ACPI_HAL \Device\00000059                                                                                                                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                             849D61E8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                                                 849D81E8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                                                 849D81E8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                                             849D61E8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                                                                                                            8768F790
Device          \Driver\iScsiPrt \Device\RaidPort1                                                                                                                                                                                 86F46630
Device          \Driver\usbohci \Device\USBFDO-0                                                                                                                                                                                   86F421E8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                                                                                                   86F421E8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                                                                                                                   86F3B1E8
Device          \Driver\usbohci \Device\USBFDO-3                                                                                                                                                                                   86F421E8
Device          \Driver\usbohci \Device\USBFDO-4                                                                                                                                                                                   86F421E8
Device          \Driver\usbehci \Device\USBFDO-5                                                                                                                                                                                   86F3B1E8
Device          \Driver\usbohci \Device\USBFDO-6                                                                                                                                                                                   86F421E8
Device          \Driver\aknzs04r \Device\Scsi\aknzs04r1                                                                                                                                                                            86F791E8
Device          \FileSystem\fastfat \Fat                                                                                                                                                                                           87B59790

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                           fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                                                                                 771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                                                                                 285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                                                                                 1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                                C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                                0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                             0xEC 0x34 0x25 0xE1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                       0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                                    0xAA 0xA6 0x4A 0xB7 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                                               
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                                    C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                                    0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                                 0xEC 0x34 0x25 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                                                                      
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                                        0xAA 0xA6 0x4A 0xB7 ...
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@G:\001 Programme\Bildbearbeitung\IrfanView\IrfanView.v3.97.Multilang.+.JPEG.2000.v3.97.EAT.BL\xae\iview397.exe  8

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                                                                                                                                 0 bytes
File            C:\ADSM_PData_0150\DB                                                                                                                                                                                              0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                                                                                                                                        624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                                                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                                                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                                                                                                                                         512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                                                                                                                                    253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                                                                                                                                            512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                                                                                                                                        0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                                                                                                                              29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                                                                                                                                   512 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A1ED160B-DD0B-4096-A1A7-7B37C67B0F60}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C060758D-2523-4182-A70E-B89DBEDB7E66}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{EB7A1253-2CE4-425C-BC9F-0B72681C11A9}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{82F2160C-9B6A-4D5D-8317-951205C14A73}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B5C52CE6-8AE4-40CE-90C6-4802219A82F0}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D98ECDD4-F441-4A1A-BE31-5AB273A282DB}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{99058493-1EE1-449A-A253-3065DBB1E795}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6742C0BC-DAAD-433A-8F71-8649912BDEF7}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C8C71490-B9D6-4FE7-95BC-A2B4BA60811C}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{739676F1-7F48-49FB-BCFB-0B7676C6A38F}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7710B6A2-9456-46C4-83A1-BFDD85A20E17}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2D1CEF72-120D-43B6-B19F-E42AF0887027}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1645D9C1-A8B4-427C-B41D-B87F96D50A43}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46771BE0-B5A6-4D8F-B2C8-665262E0CCFD}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{220E9146-8250-447E-88C3-E8EB0A32D485}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C247538B-B929-42D7-9590-82AB8E1E427B}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A99D07D3-2038-4980-9557-289E2B5AB176}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{04DB476A-8F7E-4E8B-B62C-C70768A61C5E}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8DE37C29-1A17-43BF-B1C6-4D444D741539}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{86727C9C-6DC8-4E40-AC26-043B4E3582AD}                                                                                                    7956 bytes
File            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AAAAFA43-6CB1-4CD6-A29E-61858E63C744}                                                                                                    7956 bytes

---- EOF - GMER 1.0.15 ----

Dieser Beitrag wurde am 20.09.2011 um 18:52 Uhr von kamku editiert.

20.09.2011, 23:01

gangren

Member

Beiträge: 420

#2 Hi

Lade aswmbr von avast! herunter
http://public.avast.com/~gmerek/aswMBR.exe
Starte das Programm
Wähle Nein bei der Frage nach zusätzlichem Herunterladen von avast
Klicke auf Scan
Klicke nach dem Scan auf Save Log, speichere es ab und poste es hier (noch nichts "Fixen")

21.09.2011, 10:20

kamku

...neu hier

Themenstarter

Beiträge: 7

#3 Hallo, hier das Logfile:

Code


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-21 10:15:47
-----------------------------
10:15:47.292    OS Version: Windows 6.0.6002 Service Pack 2
10:15:47.292    Number of processors: 2 586 0x301
10:15:47.292    ComputerName: LAPTOP  UserName: tanja
10:15:50.381    Initialize success
10:16:31.012    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000076
10:16:31.012    Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 8
10:16:31.028    Disk 1  \Device\Harddisk1\SR0 -> \Device\SdBus-0
10:16:31.028    Disk 1 Vendor: (  Size: 3781MB BusType: 12
10:16:33.103    Disk 0 MBR read successfully
10:16:33.118    Disk 0 MBR scan
10:16:33.118    Disk 0 unknown MBR code
10:16:33.134    Disk 0 scanning sectors +488394752
10:16:33.227    Disk 0 scanning C:\Windows\system32\drivers
10:16:40.528    Service scanning
10:16:42.197    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:16:42.884    Modules scanning
10:16:51.152    Disk 0 trace - called modules:
10:16:51.199    ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll ahcix86s.sys 
10:16:51.214    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8673c170]
10:16:51.230    3 CLASSPNP.SYS[8a3ab8b3] -> nt!IofCallDriver -> \Device\00000076[0x85bf9c90]
10:16:51.245    Scan finished successfully
10:17:10.012    Disk 0 MBR has been saved successfully to "C:\Users\tanja\Desktop\MBR.dat"
10:17:10.028    The log file has been saved successfully to "C:\Users\tanja\Desktop\aswMBR.txt"

21.09.2011, 16:11

gangren

Member

Beiträge: 420

#4 Ok

1. Deinstalliere vorerst Daemon Tools Lite, es könnte stören

2. Folge danach (und zwar genau) dieser Anleitung
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
und poste das Log

21.09.2011, 19:46

kamku

...neu hier

Themenstarter

Beiträge: 7

Code


ComboFix 11-09-21.03 - tanja 21.09.2011  18:50:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2814.1453 [GMT 2:00]
ausgeführt von:: c:\users\tanja\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ClickPotatoLite
c:\program files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\ClickPotatoLiteSA
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\users\tanja\AppData\Roaming\.#
c:\users\tanja\AppData\Roaming\.#\MBX@890@2072718.###
c:\users\tanja\AppData\Roaming\.#\MBX@890@2072748.###
c:\users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanrdiskgs80.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-21 bis 2011-09-21  ))))))))))))))))))))))))))))))
.
.
2011-09-20 23:41 . 2011-09-20 23:42    --------    d-----w-    c:\windows\system32\ca-ES
2011-09-20 23:41 . 2011-09-20 23:41    --------    d-----w-    c:\windows\system32\eu-ES
2011-09-20 23:41 . 2011-09-20 23:41    --------    d-----w-    c:\windows\system32\vi-VN
2011-09-20 21:25 . 2011-09-20 21:25    --------    d-----w-    c:\windows\system32\EventProviders
2011-09-20 12:01 . 2011-08-12 02:44    7152464    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{97FF5B13-628C-417B-BF7F-EBD443028E89}\mpengine.dll
2011-08-26 17:31 . 2011-08-26 17:31    --------    d-----w-    c:\users\tanja\AppData\Local\Seven Zip
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 17:10 . 2008-12-12 01:29    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2011-09-20 21:25 . 2011-07-11 21:08    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 08:40 . 2011-07-22 08:40    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-07-06 15:31 . 2011-08-10 06:07    214016    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2009-05-01 21:02 . 2009-04-15 20:24    1044480    ----a-w-    c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-04-15 20:24    200704    ----a-w-    c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"NvCplDaemonTool"="c:\users\tanja\mload51.dll" [2009-02-13 1216000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
c:\users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
scandisk.lnk - c:\windows\system32\rundll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe"
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-08 113664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 MODRC;Cinergy DT USB XS Diversity (MKII) IR Service;c:\windows\system32\DRIVERS\modrc.sys [2009-11-16 20032]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-03 685816]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
S2 SafeRemove;AMD Safely Remove Disk Drive;c:\program files\AMD\Safely Remove Disk\SafeRemoveService.exe [2008-07-07 147456]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Remote Control Editor - c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
HKLM-Run-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-21 19:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3836)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\SafeRemoveDialog.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-21  19:17:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-21 17:17
.
Vor Suchlauf: 7 Verzeichnis(se), 68.713.959.424 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 69.148.463.104 Bytes frei
.
- - End Of File - - 528E14B2687971C3CD210B5E3A10B8C9

21.09.2011, 20:40

gangren

Member

Beiträge: 420

#6 ClickPotato musste dran glauben, ist auch gut so, wird als Adware eingestuft.
Anscheinend keine Rootkits drauf, das ist gut. Den Rest erwischen wir jetzt:

1. Installiere Malwarebytes
http://www.malwarebytes.org/
(Download Now)
lasse die Aktualisierung zu, führe einen Quick Scan durch, lasse evtl. Funde von Malwarebytes entfernen und poste anschließend das Log.

2. Überprüfe dein System mit Eset Online Scanner
http://www.eset.de/onlinescanner
und poste anschließend das Log

3. Poste ein neues Log von OTL

22.09.2011, 00:45

kamku

...neu hier

Themenstarter

Beiträge: 7

#7 So, erst mal Punkt 1, Punkt 2 kommt gleich.

Code


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7766

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

22.09.2011 00:42:25
mbam-log-2011-09-22 (00-42-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 195035
Laufzeit: 5 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\tanja\mload51.dll (Trojan.Sinowal) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Sinowal) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\tanja\mload51.dll (Trojan.Sinowal) -> Delete on reboot.
c:\Users\tanja\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanrdiskgs80.dll (Trojan.Sinowal) -> Quarantined and deleted successfully.
c:\Users\tanja\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

22.09.2011, 11:48

kamku

...neu hier

Themenstarter

Beiträge: 7

#8 Zu Punkt 2.
Ist das die Logdatei unter
C:\Program Files\ESET\ESET Online Scanner\log.txt

Code


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

22.09.2011, 12:17

kamku

...neu hier

Themenstarter

Beiträge: 7

#9 Zu Punkt 3

Code


OTL logfile created on: 22.09.2011 11:51:50 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\tanja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 64,27% Memory free
5,70 Gb Paging File | 4,74 Gb Available in Paging File | 83,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 64,32 Gb Free Space | 55,24% Space Free | Partition Type: NTFS
Drive D: | 106,67 Gb Total Space | 106,39 Gb Free Space | 99,73% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 1,95 Gb Free Space | 52,97% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\tanja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Windows\System32\SafeRemoveDialog.exe (AMD)
PRC - C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe (AMD)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SafeRemove) -- C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe (AMD)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MODRC) Cinergy DT USB XS Diversity (MKII) -- C:\Windows\System32\drivers\modrc.sys (DiBcom S.A.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 23:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.13 23:03:00 | 000,000,000 | ---D | M]
 
[2009.01.26 16:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tanja\AppData\Roaming\mozilla\Extensions
[2011.08.10 14:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tanja\AppData\Roaming\mozilla\Firefox\Profiles\9hmg661y.default\extensions
[2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\askcom.xml
[2011.09.19 16:23:44 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-1.xml
[2010.05.04 18:37:50 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-10.xml
[2010.09.14 02:41:24 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-11.xml
[2010.09.15 15:38:12 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-12.xml
[2009.07.25 20:40:05 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-2.xml
[2009.08.14 01:44:37 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-3.xml
[2009.09.24 13:02:32 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-4.xml
[2009.11.14 22:32:22 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-5.xml
[2009.12.28 11:12:12 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-6.xml
[2010.01.10 18:57:48 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-7.xml
[2010.03.03 08:21:48 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-8.xml
[2010.04.27 18:45:55 | 000,000,950 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Mozilla\Firefox\Profiles\9hmg661y.default\searchplugins\icqplugin.xml
[2011.07.22 10:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.18 15:52:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.26 19:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.07.22 10:40:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.08.20 12:47:14 | 000,000,000 | ---D | M] (DVDVideoSoft YouTube Download Firefox Integration) -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY
[2009.09.02 03:01:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.07.22 10:40:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.13 23:02:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.13 23:02:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.13 23:02:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.13 23:02:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.13 23:02:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.21 19:11:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C3CAAC8-E7E3-4450-8C5D-7755EFB170B7}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F7245D-EFC5-490E-98CC-FB4A52FAC2E2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE9B678A-63D1-4191-A19A-EE5B85F381E5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tanja\Desktop\Hochzeit Fotografenbilder\06b.jpg
O24 - Desktop BackupWallPaper: C:\Users\tanja\Desktop\Hochzeit Fotografenbilder\06b.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.09.22 00:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.22 00:28:20 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Malwarebytes
[2011.09.22 00:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.22 00:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.22 00:28:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.22 00:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.22 00:26:01 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\tanja\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.21 19:17:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.09.21 19:17:52 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\temp
[2011.09.21 19:16:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.09.21 18:47:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.09.21 18:47:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.09.21 18:47:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.09.21 18:47:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.09.21 18:47:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.09.21 18:47:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.21 18:23:38 | 004,222,691 | R--- | C] (Swearware) -- C:\Users\tanja\Desktop\ComboFix.exe
[2011.09.21 10:15:13 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\tanja\Desktop\aswMBR.exe
[2011.09.21 09:26:18 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.09.21 09:26:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.09.21 09:22:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.09.21 09:22:14 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.09.21 09:22:13 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.09.21 09:22:13 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.09.21 09:22:13 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.09.21 09:22:13 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.09.21 09:22:13 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.09.21 09:22:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.09.21 09:22:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.09.21 09:22:13 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.09.21 09:22:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.09.21 09:22:13 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.09.21 09:22:12 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.09.21 09:22:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.09.21 09:22:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.09.21 09:22:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.09.21 09:22:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.09.21 09:22:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.09.21 09:21:58 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.09.21 09:21:58 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.09.21 09:21:29 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.09.21 01:41:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.09.21 01:41:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.09.21 01:41:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.09.20 23:25:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.09.20 15:22:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\tanja\Desktop\OTL.exe
[2011.09.10 16:38:01 | 000,000,000 | ---D | C] -- C:\Users\tanja\Documents\ebay
[2011.08.26 19:31:03 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Seven Zip
[2008.06.03 16:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.09.22 11:42:28 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.22 11:42:28 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.22 09:43:08 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.09.22 09:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.22 03:33:38 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.22 03:33:38 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.22 03:33:38 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.22 03:33:38 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.22 03:25:14 | 2949,836,800 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.22 00:28:11 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.22 00:26:55 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\tanja\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.21 19:11:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.09.21 18:24:06 | 004,222,691 | R--- | M] (Swearware) -- C:\Users\tanja\Desktop\ComboFix.exe
[2011.09.21 10:17:10 | 000,000,512 | ---- | M] () -- C:\Users\tanja\Desktop\MBR.dat
[2011.09.21 10:15:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\tanja\Desktop\aswMBR.exe
[2011.09.21 01:47:10 | 000,367,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.09.20 23:25:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.09.20 16:55:07 | 000,302,592 | ---- | M] () -- C:\Users\tanja\Desktop\wiqi2sis.exe
[2011.09.20 15:22:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\tanja\Desktop\OTL.exe
[2011.09.20 10:53:45 | 302,369,856 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.19 18:19:07 | 000,591,967 | ---- | M] () -- C:\Users\tanja\Desktop\Produktionshelfer_Kamil_KubischFerrero.pdf
[2011.09.12 17:22:50 | 000,014,807 | ---- | M] () -- C:\Users\tanja\Desktop\Kamil Bewerbung.jpg
[2011.09.03 19:11:20 | 000,048,640 | ---- | M] () -- C:\Users\tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.31 18:01:37 | 000,041,548 | ---- | M] () -- C:\Users\tanja\Desktop\preview.pdf
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.27 12:31:37 | 000,006,679 | ---- | M] () -- C:\Users\tanja\Desktop\klingel.jpg
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.09.22 00:28:11 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.21 18:47:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.09.21 18:47:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.09.21 18:47:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.09.21 18:47:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.09.21 18:47:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.21 10:17:10 | 000,000,512 | ---- | C] () -- C:\Users\tanja\Desktop\MBR.dat
[2011.09.20 16:54:59 | 000,302,592 | ---- | C] () -- C:\Users\tanja\Desktop\wiqi2sis.exe
[2011.09.19 18:19:06 | 000,591,967 | ---- | C] () -- C:\Users\tanja\Desktop\Produktionshelfer_Kamil_KubischFerrero.pdf
[2011.09.12 17:22:50 | 000,014,807 | ---- | C] () -- C:\Users\tanja\Desktop\Kamil Bewerbung.jpg
[2011.08.31 18:01:37 | 000,041,548 | ---- | C] () -- C:\Users\tanja\Desktop\preview.pdf
[2011.08.27 12:30:31 | 000,006,679 | ---- | C] () -- C:\Users\tanja\Desktop\klingel.jpg
[2011.04.17 23:45:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.20 19:14:05 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.20 19:14:05 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.28 12:08:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009.09.11 12:01:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 12:01:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.05 14:58:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.07 22:28:15 | 000,000,680 | ---- | C] () -- C:\Users\tanja\AppData\Local\d3d9caps.dat
[2009.01.26 17:32:52 | 000,048,640 | ---- | C] () -- C:\Users\tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.12 03:29:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.12.12 03:26:07 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008.12.12 03:25:47 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008.12.12 02:53:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.12.12 01:44:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.30 00:00:25 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.04.29 23:32:03 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.04.16 13:11:34 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.06 12:40:53 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.03.04 21:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.10.02 00:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.07.20 07:24:51 | 000,032,768 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007.05.10 01:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,367,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 19:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011.07.12 19:40:22 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\ICQ
[2010.12.02 20:19:41 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\LG Electronics
[2011.02.27 17:53:55 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\Micrografx
[2009.05.25 19:37:20 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\Moyea
[2010.04.11 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\Skip-Bo
[2011.08.26 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\TerraTec
[2009.01.26 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\tanja\AppData\Roaming\TuneUp Software
[2011.09.22 03:24:04 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Code


OTL Extras logfile created on: 22.09.2011 11:51:50 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\tanja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 64,27% Memory free
5,70 Gb Paging File | 4,74 Gb Available in Paging File | 83,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 64,32 Gb Free Space | 55,24% Space Free | Partition Type: NTFS
Drive D: | 106,67 Gb Total Space | 106,39 Gb Free Space | 99,73% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 1,95 Gb Free Space | 52,97% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092F0707-90B0-4547-BD1C-2E8693CE397E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1F33A0A4-B33D-4CA0-B4E0-B097BD7D1970}" = lport=138 | protocol=17 | dir=in | app=system | 
"{273D7599-1700-4C1C-B323-CF345F99CC07}" = lport=137 | protocol=17 | dir=in | app=system | 
"{97C77A73-C2FA-4C9C-B84A-1C94A6D56432}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BED26034-4436-4B1B-9B59-5490BB2E57A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C632E0EB-2C57-45E3-A9C2-0CAF277DCA48}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CD12DCEB-FBB6-45D0-9E49-44413FE45AC8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D30EB249-DF21-4460-9CB3-16D278CA6401}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D4A5BDC0-CB24-49A5-ADCA-FCCF78AA299D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E76EA634-1947-4406-9648-16387D344CBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000C8C4E-F1EB-468D-BB91-465D06CDF1CF}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{0239CA71-1D7C-453E-B7C2-01A9A7018E27}" = protocol=6 | dir=in | app=c:\users\tanja\appdata\local\temp\{188a931a-b831-4870-8267-f0e6cb450fd9}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{130BB09C-7EDD-453F-AEC2-F69302E3E2A2}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{13E2D55C-0FDD-4919-8A7D-74FE102746BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{15461893-1AE7-41EA-A7FF-0575D04F7682}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{15E13B76-2D6A-4CD5-9C26-7604F2B1F9FA}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{2CEBA0B5-37D7-4164-945F-0B54B72A136D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{391DCDBF-EDCE-4167-8CCD-A38BFB747105}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4B6A4560-7D94-452E-A250-0AA72679BA58}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{50893CE7-C800-49E8-B0ED-054BED080ACD}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{55437685-4B41-4E84-82D5-855EC9D0BCDC}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{6017AB42-E0A7-4287-8389-3B0D1E1DD2EA}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{60C18565-43B9-4F49-9464-B878A6D5FEFC}" = protocol=17 | dir=in | app=c:\users\tanja\desktop\jannik\jannik pfeffer.exe | 
"{660E144B-C09F-40FE-8AAC-19B217040906}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{69BC2CFC-3284-4F2D-8685-39A1B7CE8345}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{703DE484-F3C3-4DD3-B49E-9A0BB4CC8E6B}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{723E4593-1092-48BF-BAFA-6DBBB1164C46}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{73F94202-C6A3-454D-94B7-52EF23F10513}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{7C6B8E55-F366-4227-8104-54BB06EDCECB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7CC1E877-F6DF-4B6A-8729-48542B4D9B8F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{82033FD3-7465-4F6E-A8A5-C7DB0157F0CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{898B6FB0-EAE6-4492-8AC7-87880AEEE0F3}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{899F7A91-2172-4DD5-AC62-F1CA47DC1FA6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9EAB5FDA-42AB-4B48-BA94-505A93F0FCFA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A31E6FA8-3EE4-4A29-B6D8-550F0A7DD8AD}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{AB26C248-53CB-4417-A37A-9DA2408093D1}" = protocol=17 | dir=in | app=c:\users\tanja\appdata\local\temp\{188a931a-b831-4870-8267-f0e6cb450fd9}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{ACB0F91A-C0A3-4A66-A998-FFDCE471046B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B42845C7-DCF3-4643-8468-020B8A34AA64}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B72FCCB6-29CE-428B-B730-898A30FB6FEB}" = protocol=6 | dir=in | app=c:\users\tanja\desktop\jannik\jannik pfeffer.exe | 
"{B88A7BCC-8424-4BE7-AB38-7E8B2A37CD1D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C4F71F64-081B-4846-823D-A2D0C9478472}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{C80845DB-36AA-437D-83CE-005D1511F431}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{CA5A30C4-6561-4285-A3E6-013933CA72FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CB6A3582-C4A4-4F8D-85F0-B4FEC78B450F}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{D925009C-2214-41E1-8829-33DDFF4EAB4E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{DBCC5337-547B-40D2-AA74-30FC9DB4AEAB}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{DE236213-BB83-4BE4-B07F-3F6560CB6B1F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{E0E32418-F572-410E-83F0-02B2E0576162}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{F364C985-0818-438F-9682-02B6AEA13B42}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{FB1FD8AA-AA25-413E-AF76-16B060558103}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"TCP Query User{1E10DD27-FDF9-4D62-B073-EB98D36A54CB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{242A3C8C-3904-4D2F-989E-66B6107C6513}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{2718FE26-065A-4CD5-AC4D-DB4A93DFD4C0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{90F3C394-54DA-49B9-A988-28E5E9DA57C2}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{9BAC15E2-D102-4096-97CB-0CC2E5B509F5}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{E5758709-4549-444C-AB92-9A2B25A0866C}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{1635A845-FFB0-4438-9E5A-EC068D80FA6B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{4802185C-D7C4-4FBD-849A-316F94FE0058}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{B668CE60-4645-42FE-8859-8C162A50A5E0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{CADE151E-15AA-43E2-BAC7-CE7A680F0591}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{CE0C63A4-41E1-4CE6-9379-CE1DFACAB9D8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{F29FAD18-7BE3-41F8-892C-3E56743DE498}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046B61A-99CA-3860-AF60-70B50C9A67AA}" = Catalyst Control Center Localization Spanish
"{03ECA42B-5AF3-AFE7-7AC2-DD8465A39FE5}" = ATI Catalyst Install Manager
"{04AABF6D-55C5-4779-ABF9-992016E913A2}" = Micrografx Picture Publisher 10
"{08F27D43-7DCD-D56E-23E4-E3B513A503ED}" = CCC Help Spanish
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F97342A-56FA-4E9B-9F58-87DBD9DE9D9A}" = Safely Remove Disk Drive
"{124CCA05-99DD-8507-EF84-5F3C11C9BA92}" = CCC Help Finnish
"{15D30554-5656-3121-0D49-82141BF7801B}" = CCC Help Swedish
"{18C4DFD3-96FB-6541-FF28-23AD2819EEAE}" = Catalyst Control Center Localization Hungarian
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D91B2F4-A6CA-A905-7FB8-6D0C895D612D}" = Catalyst Control Center Localization Dutch
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1FA4A5A0-410F-1322-5BCD-06E6CE80727A}" = Catalyst Control Center Localization Greek
"{21742DEC-F8EA-857D-42F5-9157C76FABE2}" = Catalyst Control Center Localization Portuguese
"{25300827-38B1-37A1-2BDE-15B2B52F0D30}" = CCC Help Russian
"{25D14314-61B6-D952-CFBF-6B327B12042F}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2992709C-9BB2-6324-7F37-A9CC507A59A1}" = CCC Help Czech
"{2BD7024F-A801-7445-AD31-FE1EFC461A10}" = Catalyst Control Center Localization Italian
"{2DB2AB2A-F023-1409-0801-87EE21AFDA77}" = CCC Help Thai
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3DF88F1C-131F-DF4E-E6B3-34E1035EDB47}" = Catalyst Control Center Graphics Full Existing
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40171099-D967-66A1-D6A3-6D9D8469684A}" = Skins
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7B4836-484A-3D1B-BB5C-853279A85360}" = CCC Help German
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{571CAC49-4871-7002-24E4-89A778BAC559}" = Catalyst Control Center Localization Polish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{577D78F6-334E-5838-1C29-B0C7339ADB77}" = Catalyst Control Center Localization Norwegian
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5D8BD889-902F-39A0-BDBB-1490447715B6}" = Catalyst Control Center Localization Turkish
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{689DA2FE-27E1-70EF-9CA4-FA7A8FA09D92}" = Catalyst Control Center Localization Danish
"{69A21F70-D6E6-9A06-3BBD-F52C742DD328}" = Catalyst Control Center Localization German
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77729170-2DA2-CC9E-C277-1AD315D02F4C}" = ccc-utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BD103AB-4485-3B04-15F3-3D384CA60AEF}" = CCC Help Hungarian
"{7E540935-7BB3-07E1-869E-43BD44CB7691}" = Catalyst Control Center Localization Swedish
"{8374C65A-02AD-2759-AD30-0FE14E14DC29}" = CCC Help Norwegian
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{85D7624E-77A3-BEA5-4AF1-23782515B67F}" = CCC Help Italian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88B3635E-519A-4653-645F-E03F29A2A09B}" = Catalyst Control Center Localization Chinese Traditional
"{890FE9F5-4737-5D3F-81EE-2B3D2C7D1F04}" = Catalyst Control Center Graphics Full New
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F271824-10F8-3468-4729-999B19CA9B37}" = Catalyst Control Center Localization Finnish
"{8F998E51-91FD-9B45-49A5-D8962F00E909}" = Catalyst Control Center Graphics Previews Vista
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC428C6-B8C9-7776-FC00-A2DD404FDC00}" = CCC Help French
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B30642B6-E4A9-5DC6-B43C-C1032CD96120}" = ccc-core-static
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5B270F6-B49B-8BC7-3C3E-5F993F9AD00A}" = CCC Help Danish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA413CE2-A6F0-3902-724B-D4632E00331E}" = Catalyst Control Center Localization Czech
"{BCB5E9F1-ACA0-7040-ED3B-BF7D5B00B154}" = CCC Help Turkish
"{BD77C639-3C98-F8DD-36E3-8C7E97CCF29C}" = Catalyst Control Center Localization Russian
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C7635E53-7E9A-9B54-BD7D-6CF6A010CF48}" = Catalyst Control Center Graphics Light
"{CA696301-6211-263B-9BC4-DAE570CCFEA0}" = CCC Help Chinese Standard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF271CB2-F047-9A43-EB2D-5B88DFD204F9}" = Catalyst Control Center Localization French
"{D3890615-AA15-F9CE-F829-D826F945748B}" = CCC Help English
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DA736F25-C022-D7CB-6807-BD9E46025572}" = CCC Help Greek
"{DBB981F7-86E5-A9ED-FB52-0F566D00C0FD}" = CCC Help Polish
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{DE77A851-54AB-9BB1-7446-4B2700CF3663}" = CCC Help Chinese Traditional
"{E08E9665-50D7-9EA6-A075-5CDD61A7C1DC}" = Catalyst Control Center Localization Japanese
"{E0C0D19E-A52A-E11F-F3CD-298E87DBC8B4}" = Catalyst Control Center Core Implementation
"{E3E6609F-1BC2-81B1-A9CB-342A1ECCC49C}" = CCC Help Dutch
"{E569FBDC-4392-DBE7-D97B-4A0F2E02BEA9}" = Catalyst Control Center Localization Chinese Standard
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E65C36C1-0015-DF24-609A-449BB1AEF6CE}" = Catalyst Control Center Localization Thai
"{E69544F1-7EC4-731C-C61D-C679F30886E2}" = Catalyst Control Center Localization Korean
"{EDE6D0A4-7AC5-5E23-B7D4-B2B3B9F03A4A}" = CCC Help Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F63BD394-8EFB-5C98-4997-F49907FF9E1F}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"InstallShield_{0F97342A-56FA-4E9B-9F58-87DBD9DE9D9A}" = Safely Remove Disk Drive
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MediacoderSE1.1" = MediacoderSE
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 29.04.2010 13:35:31 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.04.2010 14:21:30 | Computer Name = laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 29.04.2010 18:00:00 | Computer Name = laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 30.04.2010 01:33:00 | Computer Name = laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 01.05.2010 05:57:48 | Computer Name = laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 01.05.2010 11:59:09 | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2010 11:59:09 | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2010 12:00:19 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2010 09:03:08 | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.05.2010 09:03:08 | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 20.09.2011 19:50:14 | Computer Name = laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = 
 
Error - 20.09.2011 19:50:14 | Computer Name = laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 21.09.2011 12:49:51 | Computer Name = laptop | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 21.09.2011 12:55:46 | Computer Name = laptop | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 21.09.2011 13:04:35 | Computer Name = laptop | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 21.09.2011 13:08:27 | Computer Name = laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 21.09.2011 13:30:17 | Computer Name = laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 21.09.2011 18:49:27 | Computer Name = laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 21.09.2011 21:23:45 | Computer Name = laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 21.09.2011 21:28:37 | Computer Name = laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

22.09.2011, 18:24

gangren

Member

Beiträge: 420

#10 Das war die Logdatei, allerdings ist da etwas schief gegangen. Du kannst einen anderen Online-Scanner versuchen, z. B. Panda Activescan http://www.pandasecurity.com/homeusers/solutions/activescan/ (den Browser dabei vorsichtshalber mit Rechtsklick "Als Administrator starten") aber im Prinzip ist es nur noch für Resteentfernung. Das neue OTL ist sauber, Malwarebytes hat alles, was noch zu sehen war, erwischt. Wir räumen noch bisschen auf und das war's dann:

1.Starte OTL, kopiere unten in das Skript-Feld rein:

Zitat

:OTL
IE - HKCU\..\URLSearchHook: - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Commands
[emptytemp]
[emptyflash]

und klicke auf Run Fix.

2. Setze die Windows-Firewall zurück
http://scareware.de/2009/11/windows-firewall-zurucksetzen/
(für Vista)
Setze auch die Firewall von einem Drittanbieter zurück, falls Du eine benutzt.

3. Starte OTL.
Klicke auf CleanUp.
OTL entfernt sich daraufhin selbst.

4. Lese das hier durch
http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar
um zukünftige Infizierungen möglichst zu vermeiden.

Fertig

23.09.2011, 15:09

kamku

...neu hier

Themenstarter

Beiträge: 7

#11 So, habe jetzt alles abgearbeitet, bin froh, dass mein Rechner wieder "sauber" läuft ;-)

Ein riesengroßes DANKESCHÖN an gangren für die Hilfe und ein ein riesengroßes "RESPEKT" an alle, die in diesem Forum, Leien wie mir die Welt der Bits und Bytes ein wenig näher bringen (Oder uns davor bewahren) !!!

Da spendet man doch gerne!!!

Vielen Dank noch mal und auf hoffentlich nicht alzu Bald ;-)

P.S. Habe heute noch mal Post bekommen, der Trojaner nennt sich "torpig".

LG kamku

23.09.2011, 15:34

gangren

Member

Beiträge: 420

#12

Gern geschehen.
Ich würde vorschlagen, dass Du etwa eine Woche auf's Online-Banking von diesem System aus verzichtest und danach Malwarebytes erneut scannen lässt. Sollte das Programm wieder etwas finden (vor allem solche Sachen wie Sinowal), melde Dich bitte wieder hier im Thread.

Gruß,
gangren

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1