Hallo zusammen,

habe mir heute Kaspersky AntiVir heruntergeladen und einen Vollständigen Sytemcheck gemacht bei dem mehrfach
Exploit.Java.CVE-2012-4681.b C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\ auftachte und jeweils einmalig

Exploit.Java.CVE-2012-0507.ou C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\

HEUR:Exploit.Java.CVE-2012-4681.gen Gefunden; nicht verarbeitet C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\cache

Schädlicher Link Inaktiv hxxp://preved.bandoo.com/

auftachte.

Daraufhin habe ich mir das Programm "Malewarebytes Anti Maleware" heruntergeladen, und mit ihm einen weiteren Systemcheck durchgeführt, bei dem ein sogenannter "Trojana-Agent" File C://Windows/Temap/exe.
gefunden wurde.

Bitte helft mir, mein System zu bereinigen.

Danke schon mal vor ab

Hier die Ergebnisse von OTL:

OTL.TxtOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 22.09.2012 19:58:31 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Alex\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale:  | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,71% Memory free
4,00 Gb Paging File | 1,91 Gb Available in Paging File | 47,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 43,54 Gb Free Space | 29,75% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 256,07 Gb Free Space | 80,20% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.22 19:55:31 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\OTL.exe
PRC - [2012.09.22 19:52:44 | 000,050,477 | ---- | M] () -- C:\Users\Alex\Downloads\Defogger.exe
PRC - [2012.09.21 14:08:28 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
PRC - [2012.09.08 17:54:41 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2012.05.15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.09 20:29:52 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Programme\Bandoo\Bandoo.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011.05.09 19:10:50 | 002,480,048 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009.11.12 05:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.11.12 05:42:50 | 000,661,072 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.11.12 05:42:20 | 005,140,960 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.22 19:52:44 | 000,050,477 | ---- | M] () -- C:\Users\Alex\Downloads\Defogger.exe
MOD - [2012.09.21 14:08:27 | 009,813,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll
MOD - [2012.09.08 17:54:41 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.08.17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.02.09 02:56:38 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.21 14:09:28 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.08 17:54:41 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.10 09:09:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.11.09 14:16:12 | 000,196,376 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.08.09 20:29:52 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Programme\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.09 19:10:50 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.11.12 05:42:50 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Disabled | Stop_Pending] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.22 12:44:43 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.09.22 12:44:42 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.09.22 12:44:41 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.08.13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.08.02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012.06.08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.09 19:10:51 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.05.09 19:10:48 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm258.sys -- (tdrpman258)
DRV - [2011.05.09 19:10:43 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.05.09 19:10:36 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.22 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.04.09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.11.11 15:47:16 | 000,295,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008.07.26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0DE40A0A-2BF9-4608-82E9-41188640181E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=CF57CF53-34B7-4C3E-84DE-B7FAF30B8F55&apn_sauid=BDEFE8F4-E7D1-46EF-B9EA-C8442290DD61&
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=100581&tt=110911_startpage
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_&q={searchTerms}&mntrId=fc3e830a000000000000001f3f04e995&tlver=1.4.35.10&"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Alex\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.07 21:10:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\o813l87k.default\extensions\ffox@bandoo.com [2011.11.01 14:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.10 19:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.09.22 12:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.09.22 12:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.09.22 12:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:54:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.07 21:10:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\o813l87k.default\extensions\ffox@bandoo.com [2011.11.01 14:16:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:54:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:54:39 | 000,000,000 | ---D | M]
 
[2011.09.13 14:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2012.09.16 12:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\o813l87k.default\extensions
[2012.09.16 12:43:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\o813l87k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.01 14:16:25 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\o813l87k.default\extensions\ffox@bandoo.com
[2011.09.13 14:49:53 | 000,002,506 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\o813l87k.default\searchplugins\SearchResults.xml
[2012.09.22 12:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:54:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.08 17:54:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.08 17:54:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.08 17:54:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.26 22:34:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.30 22:17:45 | 000,002,227 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 11:18:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.26 22:34:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 22:34:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.13 14:49:53 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.06.26 22:34:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 22:34:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DriverMax]  File not found
O4 - HKCU..\Run: [DriverMax_RESTART]  File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Alex\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Alex\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90FE7AB9-B7BD-42AE-BA25-872BD0A55E65}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\datamngr.dll) - c:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\iebho.dll) - c:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Programme\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{15ccfd4a-782d-11e0-81f1-001d605abdc2}\Shell - "" = AutoRun
O33 - MountPoints2\{15ccfd4a-782d-11e0-81f1-001d605abdc2}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.22 16:00:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2012.09.22 15:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.22 15:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.22 15:59:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.22 15:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.22 12:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2012.09.22 12:23:56 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012.09.22 12:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.09.22 12:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.09.22 12:23:33 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.09.22 12:23:33 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klflt.sys
[2012.09.22 11:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2012.09.16 05:17:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Meine empfangenen Dateien
[2012.09.15 21:29:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\- MADK Sampler -
[2012.09.08 17:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.05 20:05:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Neuer Ordner
[2012.08.31 12:14:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\zukünftige tests cubase
[2012.08.30 18:30:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\cubase1
[2012.08.29 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2012.08.26 01:42:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\sortieren
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.22 19:53:20 | 000,000,000 | ---- | M] () -- C:\Users\Alex\defogger_reenable
[2012.09.22 19:13:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.22 19:13:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.22 19:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.22 15:59:26 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.22 12:44:43 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys
[2012.09.22 12:44:42 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys
[2012.09.22 12:44:41 | 000,587,096 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.09.22 12:29:41 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 12:29:41 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 12:29:27 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.22 12:29:27 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.22 12:29:27 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.22 12:29:27 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.22 12:22:38 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.09.22 12:22:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.22 12:22:18 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.22 12:09:36 | 329,846,634 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.22 12:08:12 | 000,017,408 | ---- | M] () -- C:\Users\Alex\AppData\Local\WebpageIcons.db
[2012.09.22 09:06:05 | 000,000,396 | ---- | M] () -- C:\Users\Alex\Desktop\music.lnk
[2012.09.21 20:33:17 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.09.21 20:33:07 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.09.21 20:32:40 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.09.16 02:58:13 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\Tim_Taylor_-_Der_G_rtner_HQ.failed-conv.mp4
[2012.09.16 02:57:51 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\Tim_Taylor_-_Der_G_rtner_HQ.failed-conv.flv
[2012.09.15 20:46:25 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\13_Randgruppe_-_RG_Family_prod._Magic_Hands.failed-conv.mp4
[2012.09.15 20:33:44 | 001,781,747 | ---- | M] () -- C:\Users\Alex\Desktop\16_Johnny_Dim_-_Hurt_prod_Johnny.failed-conv.flv
[2012.09.15 20:32:23 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\16_Johnny_Dim_-_Hurt_prod._Johnny.failed-conv.flv
[2012.09.15 20:30:04 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\311_Johnny_Dim_Randgruppe_-_Hurt_prod._by_Johnny.failed-conv.mp4
[2012.09.15 20:06:02 | 001,781,747 | ---- | M] () -- C:\Users\Alex\Desktop\311_Johnny_Dim_Randgruppe_-_Hurt_prod_by_Johnny.failed-conv.flv
[2012.09.15 18:42:54 | 002,770,579 | ---- | M] () -- C:\Users\Alex\Desktop\RAG Underground_Beat_-_Battle_Instrumental.flv.MP3
[2012.09.15 18:41:45 | 004,601,240 | ---- | M] () -- C:\Users\Alex\Desktop\Eko_Fresh_feat._Bushido_Gheddo_Instrumental.flv.MP3
[2012.09.08 18:41:18 | 000,011,215 | ---- | M] () -- C:\Users\Alex\Desktop\so.odt
[2012.09.08 16:50:02 | 000,013,468 | ---- | M] () -- C:\Users\Alex\Desktop\mehrtränenanne.odt
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 19:52:17 | 004,837,767 | ---- | M] () -- C:\Users\Alex\Desktop\RAG Underground_Beat_-_Battle_Instrumental.flv
[2012.09.04 20:05:24 | 009,207,201 | ---- | M] () -- C:\Users\Alex\Desktop\Kinder_des_Zorns_-_Separate_-_Schlechtes_Gewissen.flv
[2012.09.01 19:01:34 | 006,035,616 | ---- | M] () -- C:\Users\Alex\Desktop\Eko_Fresh_feat._Bushido_Gheddo_Instrumental.flv
 
========== Files Created - No Company Name ==========
 
[2012.09.22 19:53:20 | 000,000,000 | ---- | C] () -- C:\Users\Alex\defogger_reenable
[2012.09.22 15:59:26 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.22 12:08:11 | 000,017,408 | ---- | C] () -- C:\Users\Alex\AppData\Local\WebpageIcons.db
[2012.09.16 02:58:11 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\Tim_Taylor_-_Der_G_rtner_HQ.failed-conv.mp4
[2012.09.16 02:57:51 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\Tim_Taylor_-_Der_G_rtner_HQ.failed-conv.flv
[2012.09.15 20:46:25 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\13_Randgruppe_-_RG_Family_prod._Magic_Hands.failed-conv.mp4
[2012.09.15 20:33:41 | 001,781,747 | ---- | C] () -- C:\Users\Alex\Desktop\16_Johnny_Dim_-_Hurt_prod_Johnny.failed-conv.flv
[2012.09.15 20:32:23 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\16_Johnny_Dim_-_Hurt_prod._Johnny.failed-conv.flv
[2012.09.15 20:30:04 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\311_Johnny_Dim_Randgruppe_-_Hurt_prod._by_Johnny.failed-conv.mp4
[2012.09.15 20:05:59 | 001,781,747 | ---- | C] () -- C:\Users\Alex\Desktop\311_Johnny_Dim_Randgruppe_-_Hurt_prod_by_Johnny.failed-conv.flv
[2012.09.15 18:42:54 | 002,770,579 | ---- | C] () -- C:\Users\Alex\Desktop\RAG Underground_Beat_-_Battle_Instrumental.flv.MP3
[2012.09.15 18:41:45 | 004,601,240 | ---- | C] () -- C:\Users\Alex\Desktop\Eko_Fresh_feat._Bushido_Gheddo_Instrumental.flv.MP3
[2012.09.08 18:41:16 | 000,011,215 | ---- | C] () -- C:\Users\Alex\Desktop\so.odt
[2012.09.05 19:50:53 | 004,837,767 | ---- | C] () -- C:\Users\Alex\Desktop\RAG Underground_Beat_-_Battle_Instrumental.flv
[2012.09.04 20:02:25 | 009,207,201 | ---- | C] () -- C:\Users\Alex\Desktop\Kinder_des_Zorns_-_Separate_-_Schlechtes_Gewissen.flv
[2012.09.02 07:50:47 | 000,013,468 | ---- | C] () -- C:\Users\Alex\Desktop\mehrtränenanne.odt
[2012.09.01 18:58:51 | 006,035,616 | ---- | C] () -- C:\Users\Alex\Desktop\Eko_Fresh_feat._Bushido_Gheddo_Instrumental.flv
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.03.29 14:16:31 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.01.28 18:39:36 | 000,149,939 | ---- | C] () -- C:\Users\Alex\raps1-03.bak
[2012.01.28 18:39:36 | 000,123,203 | ---- | C] () -- C:\Users\Alex\raps1-02.bak
[2012.01.28 18:39:36 | 000,123,203 | ---- | C] () -- C:\Users\Alex\raps1.bak
[2012.01.28 18:39:36 | 000,102,458 | ---- | C] () -- C:\Users\Alex\raps1-05.bak
[2012.01.28 18:39:36 | 000,102,458 | ---- | C] () -- C:\Users\Alex\raps1-04.bak
[2012.01.28 18:39:36 | 000,086,357 | ---- | C] () -- C:\Users\Alex\raps1-06.bak
[2012.01.28 18:39:36 | 000,086,337 | ---- | C] () -- C:\Users\Alex\raps1-07.bak
[2012.01.28 18:39:36 | 000,083,927 | ---- | C] () -- C:\Users\Alex\raps1-08.bak
[2012.01.28 18:39:36 | 000,066,264 | ---- | C] () -- C:\Users\Alex\raps1-09.bak
[2012.01.28 18:39:36 | 000,061,662 | ---- | C] () -- C:\Users\Alex\raps1-10.bak
[2012.01.28 18:16:08 | 000,110,781 | ---- | C] () -- C:\Users\Alex\raps.bak
[2012.01.28 18:16:08 | 000,094,408 | ---- | C] () -- C:\Users\Alex\raps-02.bak
[2012.01.25 22:02:50 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.01.25 22:02:17 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.01.25 22:02:14 | 000,840,264 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.01.14 20:08:22 | 000,000,000 | ---- | C] () -- C:\Users\Alex\DSplit.exe
[2012.01.13 02:44:47 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.10.30 22:18:02 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.07.07 21:06:22 | 000,245,496 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.07.07 21:06:22 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.06.03 19:52:50 | 000,138,056 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\PnkBstrK.sys
[2011.06.03 19:52:17 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011.06.03 19:52:17 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.05.14 15:10:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.09 19:23:18 | 000,009,548 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.05.07 01:53:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.07 01:52:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.07 00:08:03 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
 
========== ZeroAccess Check ==========
 
[2011.12.16 15:00:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\LocalLow\Microsoft\Silverlight\is\uxgsy2rf.w4w\h1203iqf.5o5\1\l
[2012.04.06 22:02:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZEZQGG7K\cdn1.e5.mydirtyhobby.com\u
[2012.05.22 22:22:03 | 000,000,082 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZEZQGG7K\t.cxt.ms\lso.swf\u.sol
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.04.16 01:09:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ableton
[2011.05.09 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acronis
[2011.09.13 14:53:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bandoo
[2012.01.20 02:17:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BitTorrent
[2011.09.13 15:59:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2012.09.08 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2011.09.25 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2011.05.12 15:37:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2011.06.21 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenCandy
[2012.01.09 17:10:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2012.09.02 18:49:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin
[2012.01.20 02:43:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\sim
[2011.08.21 18:37:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Steinberg
[2011.10.04 04:03:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TS3Client
[2011.06.21 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Uniblue
[2012.01.25 23:32:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Wireshark
[2011.12.22 05:27:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\XBMC
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---
Extras.TxtOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 22.09.2012 19:58:31 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Alex\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,71% Memory free
4,00 Gb Paging File | 1,91 Gb Available in Paging File | 47,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 43,54 Gb Free Space | 29,75% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 256,07 Gb Free Space | 80,20% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA47925-7AAF-40A8-A07C-15CD6AB56EB5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{13711291-381B-4ABA-8EA2-F3A68E81C35C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1C5F6E65-0F23-4CED-B859-32AAA2D08743}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1CFE9BE8-741B-4DB6-95A4-2447F23D34CA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{20844349-73A8-4A29-8332-472D224CB05C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30A54F32-B01C-4240-9439-712733909CFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55C2310F-0608-40F0-B4D6-808ECB2AC61C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5C68F965-A774-4F32-BBA9-D578E700B0BC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6E8757F1-374D-4542-85B7-4FDE32FEA880}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F9CE69C-0B22-43A6-8DAF-63B46868B50E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{705B24DC-C058-42D6-A9BC-1EFCE9B6B186}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{767ABBBF-4C7C-4B59-B382-B602F68F5563}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7759430D-5129-4C6B-AF0C-B33F3DE06AD4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8414F17F-8768-4DB5-99E8-E853DCD88433}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{98266EEE-2B19-4D4C-9B84-F6E733D8EA6C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AFADF97D-1F84-41A0-9815-8F1C20E9DC29}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C996BEB5-EE8C-4B6B-8EAE-63762A5D7C9D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DE98F5BD-F2DB-4B11-9211-B2C41DA39F43}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E06807C9-986A-4428-AC44-09B57B018C5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3B156C1-9150-4CE3-A7D4-6233D945BE97}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E62A7B3C-FA6C-43D6-921A-143C26025620}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB773B9B-8802-4E43-9C03-3DD9434CA279}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F8AEDEBF-B543-480F-9FA7-0CFD8B8A242C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01830D6C-459A-48EB-9697-8DABC894C6CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{0AF4FE2B-AB65-4C27-9046-5AD42A937338}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{0EC162CF-FFDF-440D-991E-B0820DC775C9}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{0FAD47BE-BD34-4F39-833C-3875FB118287}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{10872C4C-775D-4C8E-A9F1-55047316E186}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{19C1B1F7-3230-47C9-8CFA-5F1E4570EED7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{1B21F455-0B12-4288-90A7-16C18B59802F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23494EBA-5C99-4DCB-9008-730FAD5023BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{24CA2252-DA80-40B8-8283-1686F2E86874}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{25029BA9-4836-463C-8DA7-A7BC6BCF5BC5}" = protocol=6 | dir=out | app=system | 
"{2FC17FEA-0CE3-4C6D-9D52-09501FEFD32E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{332E3289-F58D-499C-A2FE-2049D7E7F087}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{365E5D84-45FE-4386-A0C7-D5BD512D71FB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{37CA3CF8-A163-4AA6-85A2-C15F7E1A5F87}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{3F00DDAC-D8BC-488B-9F8C-3CFF74803005}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{43639F16-A571-4F7D-A499-995C50276D94}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{4583CD09-6795-410B-A079-2802A22440C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{47FE3E50-C22A-4DF9-915B-E61E75635AAD}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{499E970E-3840-40E8-A9CD-1B0E4A8A6825}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EC72229-14F5-4FE4-8527-E843D7F6FEB3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{4FF73CF4-EA7E-4B54-8DAF-30AD5DB2C96A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{52ED8096-F1F8-433C-A3AD-6895C7B03CEA}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{56F6AAD3-6CD9-44F4-A697-66FC4962EE7B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{594F3999-0917-48A5-82D4-3A5B2468B78A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5986FA2D-D035-4757-94C1-4730CB056CAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{5DBA44B1-2C3E-48B6-A156-24DB47C279BF}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{5DF866AC-FF78-4146-B7A2-5AE08C1DBC31}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{61308B46-EAD7-4CE9-9053-304D787D85D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6436AE50-E189-431B-A3D8-D114EFBC38FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67432FF3-273E-4A8A-A1EB-E8C2E1FF193B}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{67B685E7-7D40-4F00-9472-1DBC6C0ED545}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{74180B67-EEFC-4D39-BB96-FBF2132AFE5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{741F24E1-9AEA-48E5-8CE6-36F5EB0E9282}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{74C9A914-6D5E-48AE-B3A2-E1E58744E21F}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{76352FBC-9576-4BA3-A827-141A2EA4D047}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{7DED304D-5024-4605-B1F8-6D69D600A97C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{7EAC48EF-F03E-4F07-AE63-68D91F2571A7}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{8150707E-63B9-4BB8-B1D8-EC5530F8CBE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{8181740F-8106-49AB-ACDE-D1AF46A57A63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{873C40AC-28E1-43CD-8631-D1DD58C9126F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{88435DF1-326D-4ADB-940F-8F73914FE51C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{8AAA3822-8EB6-4B5C-9364-816309850805}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8B5B2ACA-1C65-4842-8BFD-18B91A571515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F14A1B4-DE86-49C0-85DD-FA8BD59ED6EE}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{93FDAE93-123D-457B-B404-BCD1DEBC6FE6}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{948FFEA2-44AE-4D3F-B195-EA873D985763}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9C0F10D9-9FC4-43B6-9BCB-01C5D937550E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{9F83B2A9-4479-4143-9DBC-05D711315B78}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | 
"{A10F8521-8733-4062-BDEC-19E652AA3C3A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{A1BAEB51-7A18-4503-9EBA-0AFDE20FCCE9}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{A32D6A6F-F6CB-4ABF-8CAB-C04D49692EE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{A8E07672-7602-4608-A02C-11414A3EDA5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ABFE58AC-9776-4F61-9C7D-1A4F42CDD38C}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{BA134585-C61B-40AF-A919-72E9D81F07E6}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{BB5615DB-DFB6-4463-B377-9ACC2293E9BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{BBFC69C5-E1E5-46CC-9396-E4DFF52A4110}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C01A7FDD-E9C0-4AF3-814D-86E7A256EBD6}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{C05143AE-906C-480D-A993-2FAB4F30EFF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB74CA3E-6D1B-4709-9AA6-72984983B425}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{CC141D20-49DE-4821-A3A4-6407907352E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{CDAA54C8-6774-4EBE-8CE6-ACCCB915A2B9}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{D42601F3-C3EC-4095-B29E-1BA20A08590D}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{D6FF7771-0AA1-4661-BC09-6D51324CD088}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{D8580F97-252C-4C58-898A-AF67AA35B272}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{D8763C6F-F39B-46CE-B152-47FDA1076C2F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{E04445AF-F71F-483D-BCB5-203CFD3AAB41}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E4EA39E3-5382-445C-82EC-7059618BBD3E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{E9EDE559-BD7B-4652-B767-5FC24A3C5C61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{EA78F398-2B0F-4519-B6AC-D4BBB9CBB2A8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EB6119C9-9254-4647-8B3B-74F8ADE25E5E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{EB8E0570-4347-4814-94B4-6F6DD70FF8CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{EBD90776-9855-45B1-A1C8-B258762DD1AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{ECB13C71-7B4A-4B02-95FE-7DB017CF7BE3}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | 
"{EEA28028-9C89-4B85-B539-CC898635DF2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F093332A-23D4-40F2-9885-D983C6C7446B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{F173B982-4CDF-4783-8E58-ECDBB597462D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F2D67474-B819-4E0A-A6D3-C94D8BF8B566}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{F6C1A307-CFC8-404D-AD8B-F687820E0BD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F85770A8-2C93-4C6A-832E-0A86875E9B74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{057F5995-DBBB-4279-8BFD-37FB81767A62}C:\users\alex\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\mediaget2\mediaget.exe | 
"TCP Query User{1826EE6A-3424-4C36-B2DA-84D3C3FBB5F8}C:\users\alex\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\mediaget2\mediaget.exe | 
"TCP Query User{44BDF6E8-0D0D-4BCF-917E-2085EB4ED374}C:\program files\sim\sim.exe" = protocol=6 | dir=in | app=c:\program files\sim\sim.exe | 
"TCP Query User{52C06594-F42C-4568-9CF6-784403D06D54}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{841EE2BE-F75B-4F9F-93D4-DCE7616A332D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{8A153B90-098C-4D37-BB6C-6774E4BC8360}D:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"TCP Query User{972CC192-3FD0-48AC-98F4-A942727D15D5}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{9CDCEA85-8646-4A50-AAA2-9344971687C2}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{B2A97A88-04BB-491F-8D41-582386211627}C:\program files\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"TCP Query User{CD0B4B8E-E084-47CA-B1D4-C521E065E85E}C:\users\alex\desktop\bittorrent-7.2build_25273.exe" = protocol=6 | dir=in | app=c:\users\alex\desktop\bittorrent-7.2build_25273.exe | 
"TCP Query User{F5C0B5D3-923D-4CB8-B094-2CEE6A168669}C:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"UDP Query User{004726A5-84BF-4F94-BAE9-410E0933E0E3}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{0395275A-59F9-43E7-92D5-5A4AF51189F3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{5425E9DE-6CE2-43B4-9AB6-7BA2EF8FB0FF}C:\program files\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"UDP Query User{64A3728D-486D-4AE5-8E61-F5B6FA8E9F11}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{7CF1E112-1CCC-448E-8DE4-DFE5C55518E1}C:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"UDP Query User{9C674537-4FEB-44D4-898C-BD3632E3B6E9}C:\program files\sim\sim.exe" = protocol=17 | dir=in | app=c:\program files\sim\sim.exe | 
"UDP Query User{A2BFB204-AB32-4968-99CF-1EA63D4CDF05}D:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"UDP Query User{EB01B4FD-EC9B-4228-B0D4-4B38643C953F}C:\users\alex\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{F489D701-A95B-4CF4-A512-297BC31EA52B}C:\users\alex\desktop\bittorrent-7.2build_25273.exe" = protocol=17 | dir=in | app=c:\users\alex\desktop\bittorrent-7.2build_25273.exe | 
"UDP Query User{F97D58C9-D01D-49E0-858A-DE19AAF20224}C:\users\alex\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{FD857550-5553-45AF-9F96-E40ADA39DEF2}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{040FF9BD-17BE-427B-85DD-67694FB8F786}" = Badoo Desktop
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{35AA3D58-7EF4-4DCD-BEA7-18A6CCFC1AD9}" = JUNO-Di Editor
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5B96BF29-1CC0-42FB-AB2C-1E12E3226E7A}" = Bing Bar
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A037DE27-45D9-455F-B8E0-D33690E45DF9}" = Windows Live MIME IFilter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"AccessDiver v4.402_is1" = AccessDiver v4.402
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"AVMWLANCLI" = AVM FRITZ!WLAN
"Bandoo" = Bandoo
"Battlelog Web Plugins" = Battlelog Web Plugins
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX-Setup
"DMX5_is1" = DriverMax 5
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"iLivid" = iLivid
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Live 8.2.1" = Live 8.2.1
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PartyPoker" = PartyPoker
"PHP Editor_is1" = PHP Editor 2.22
"PokerStars" = PokerStars
"Prism" = Prism Video File Converter
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 7940" = Call of Duty 4: Modern Warfare
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VideoPad" = VideoPad Video Editor
"WebCracker 4.0" = WebCracker 4.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Wireshark" = Wireshark 1.6.5
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
"XBMC" = XBMC
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.04.2012 19:38:33 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.04.2012 13:03:29 | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f6d0e10  Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f6d0e10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00682ae0  ID des fehlerhaften Prozesses:
 0x175c  Startzeit der fehlerhaften Anwendung: 0x01cd12849a1dc630  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Berichtskennung: 19a0c740-7e78-11e1-a54a-001f3f04e995
 
Error - 06.04.2012 13:58:48 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\amd64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.04.2012 13:58:48 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.04.2012 10:01:13 | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f6d0e10  Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f6d0e10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002b2190  ID des fehlerhaften Prozesses:
 0xa08  Startzeit der fehlerhaften Anwendung: 0x01cd14c4ad0e2f90  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Berichtskennung: 2228a150-80ba-11e1-9acc-001f3f04e995
 
Error - 08.04.2012 13:20:59 | Computer Name = Alex-PC | Source = Application Hang | ID = 1002
Description = Programm nvcplui.exe, Version 4.3.790.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1484    Startzeit:
 01cd15a35fe78790    Endzeit: 70    Anwendungspfad: C:\Program Files\NVIDIA Corporation\Control
 Panel Client\nvcplui.exe    Berichts-ID: 280f0e21-819f-11e1-9718-001f3f04e995  
 
Error - 12.04.2012 11:34:06 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\amd64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.04.2012 11:34:06 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.04.2012 08:52:50 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\amd64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.04.2012 08:52:50 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.04.2012 20:37:32 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\amd64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.04.2012 20:37:32 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 22.09.2012 06:09:44 | Computer Name = ALEX-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 22.09.2012 06:10:27 | Computer Name = Alex-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.09.2012 06:11:51 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 22.09.2012 06:11:51 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 22.09.2012 06:21:35 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 22.09.2012 06:24:37 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 22.09.2012 06:24:37 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 22.09.2012 06:39:21 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 22.09.2012 06:39:21 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 22.09.2012 07:03:21 | Computer Name = Alex-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
 
< End of report >
         

--- --- ---
Defogger:
Defogger is a tool to disableCD Emulator Drivers that interfere with Anti-Rookit programs and other Anti-Maware tools.

If you are using this in conjuction with assistance from a Malware Removal professional, pleasw wait until they have finishes assisting you before clicking "Re-enable".


Eine Fehlermeldung kam nicht. Also kann ich den Button klicken?

Hier noch die Auswertung von Gmer:
GMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-22 20:49:13
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000064 ST350041 rev.CV15
Running: 5r1o74i7.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAdjustPrivilegesToken [0xAB09B008]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcConnectPort [0xAB04ECAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcCreatePort [0xAB04EFF6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcSendWaitReceivePort [0xAB04F43C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwClose [0xAB037712]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwConnectPort [0xAB04E988]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateEvent [0xAB037C8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateMutant [0xAB037B70]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreatePort [0xAB04EE5A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateSection [0xAB09DE72]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateSemaphore [0xAB037DAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateThread [0xAB09D30A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateThreadEx [0xAB09D54A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateUserProcess [0xAB09CFAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateWaitablePort [0xAB04EF28]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDebugActiveProcess [0xAB09CE54]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDeviceIoControlFile [0xAB037756]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDuplicateObject [0xAB09B14A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwLoadDriver [0xAB09ADB2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwMapViewOfSection [0xAB09DC6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwNotifyChangeKey [0xAB04D118]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenEvent [0xAB037D20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenMutant [0xAB037C00]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenProcess [0xAB09C9FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenSection [0xAB09E11E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenSemaphore [0xAB037E40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenThread [0xAB09D066]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueryDirectoryObject [0xAB037ECA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueryObject [0xAB04D326]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueueApcThread [0xAB09DB20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyPort [0xAB04F220]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyWaitReceivePort [0xAB04F0AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyWaitReceivePortEx [0xAB04F164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwRequestWaitReplyPort [0xAB04F290]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwResumeThread [0xAB09D84C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSecureConnectPort [0xAB04EB16]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetContextThread [0xAB09D9A8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetInformationToken [0xAB037F6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetSystemInformation [0xAB09AEBC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSuspendProcess [0xAB09CB9C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSuspendThread [0xAB09D6F4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSystemDebugControl [0xAB037F7E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwTerminateProcess [0xAB09CCFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwTerminateThread [0xAB09D206]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwUnmapViewOfSection [0xAB09E286]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwWriteVirtualMemory [0xAB09DFB0]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                 82E823C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82EBBD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                      82EC2D8C 4 Bytes  [08, B0, 09, AB]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                      82EC2DB4 8 Bytes  [AE, EC, 04, AB, F6, EF, 04, ...] {SCASB ; IN AL, DX ; ADD AL, 0xab; IMUL BH; ADD AL, 0xab}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                      82EC2DF8 4 Bytes  [3C, F4, 04, AB] {CMP AL, 0xf4; ADD AL, 0xab}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                      82EC2E24 4 Bytes  [12, 77, 03, AB] {ADC DH, [EDI+0x3]; STOSD }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                      82EC2E48 4 Bytes  JMP E088D951 
.text           ...                                                                                                      

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [744024CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                     [743E562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [743E56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                           [74402546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                 [743F85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                   [743F4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [743F5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                 [743F51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]        [743F6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [743F8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]             [743F8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]           [743F90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                 [743FE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                     [743F4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                   Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                           tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device                                                                                                                   fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device                                                                                                                   pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                  kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice                                                                                                           fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                  kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                kltdi.sys (Network filtering component/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----
         

--- --- ---

Hier noch die Auswertung von Gmer:

GMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-22 20:49:13
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000064 ST350041 rev.CV15
Running: 5r1o74i7.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAdjustPrivilegesToken [0xAB09B008]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcConnectPort [0xAB04ECAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcCreatePort [0xAB04EFF6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcSendWaitReceivePort [0xAB04F43C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwClose [0xAB037712]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwConnectPort [0xAB04E988]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateEvent [0xAB037C8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateMutant [0xAB037B70]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreatePort [0xAB04EE5A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateSection [0xAB09DE72]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateSemaphore [0xAB037DAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateThread [0xAB09D30A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateThreadEx [0xAB09D54A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateUserProcess [0xAB09CFAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateWaitablePort [0xAB04EF28]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDebugActiveProcess [0xAB09CE54]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDeviceIoControlFile [0xAB037756]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDuplicateObject [0xAB09B14A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwLoadDriver [0xAB09ADB2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwMapViewOfSection [0xAB09DC6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwNotifyChangeKey [0xAB04D118]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenEvent [0xAB037D20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenMutant [0xAB037C00]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenProcess [0xAB09C9FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenSection [0xAB09E11E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenSemaphore [0xAB037E40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenThread [0xAB09D066]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueryDirectoryObject [0xAB037ECA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueryObject [0xAB04D326]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueueApcThread [0xAB09DB20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyPort [0xAB04F220]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyWaitReceivePort [0xAB04F0AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyWaitReceivePortEx [0xAB04F164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwRequestWaitReplyPort [0xAB04F290]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwResumeThread [0xAB09D84C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSecureConnectPort [0xAB04EB16]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetContextThread [0xAB09D9A8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetInformationToken [0xAB037F6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetSystemInformation [0xAB09AEBC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSuspendProcess [0xAB09CB9C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSuspendThread [0xAB09D6F4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSystemDebugControl [0xAB037F7E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwTerminateProcess [0xAB09CCFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwTerminateThread [0xAB09D206]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwUnmapViewOfSection [0xAB09E286]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwWriteVirtualMemory [0xAB09DFB0]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                 82E823C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82EBBD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                      82EC2D8C 4 Bytes  [08, B0, 09, AB]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                      82EC2DB4 8 Bytes  [AE, EC, 04, AB, F6, EF, 04, ...] {SCASB ; IN AL, DX ; ADD AL, 0xab; IMUL BH; ADD AL, 0xab}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                      82EC2DF8 4 Bytes  [3C, F4, 04, AB] {CMP AL, 0xf4; ADD AL, 0xab}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                      82EC2E24 4 Bytes  [12, 77, 03, AB] {ADC DH, [EDI+0x3]; STOSD }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                      82EC2E48 4 Bytes  JMP E088D951 
.text           ...                                                                                                      

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [744024CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                     [743E562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [743E56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                           [74402546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                 [743F85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                   [743F4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [743F5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                 [743F51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]        [743F6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [743F8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]             [743F8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]           [743F90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                 [743FE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                     [743F4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                   Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                           tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device                                                                                                                   fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device                                                                                                                   pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                  kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice                                                                                                           fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                  kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                kltdi.sys (Network filtering component/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----
         

--- --- ---

Leider hast du durch deine Antwort dein Thema vergraben.
Ist das Problem noch aktuell?

Ja, das Thema ist weiterhin aktuell und das Problem akut!

Zitat:

Daraufhin habe ich mir das Programm "Malewarebytes Anti Maleware" heruntergeladen, und mit ihm einen weiteren Systemcheck durchgeführt, bei dem ein sogenannter "Trojana-Agent" File C://Windows/Temap/exe.
gefunden wurde.

Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

Zitat:

Zitat von t'john

Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

wo finde ich diese?
die automatische speicherrung war bzw. ist aktiviert, die logdateien aber nicht unter entsprechendem menüpunkt zu finden.

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

• Windows XP (nur 32-bit)
• Windows Vista (32-bit/64-bit)
• Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

• Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
• Liste der zu deaktivierenden Programme.
  Bei Unklarheiten bitte fragen.

• ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
• Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
• Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
• Teile uns das mit und warte auf unsere Anweisungen.

• Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
• Während des Laufs von Combofix nichts anderes am Computer machen!
• Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

• Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
• Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
• Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
• Bitte nicht in dieses Combofix-Fenster klicken.
• Das könnte Dein System einfrieren oder hängen bleiben lassen.
• Es wird ein Backup Deiner Registry erstellt.
• Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

• Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
• Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
• Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

• Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
• Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Hier die Codetags vom ComboFix Editor:
Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-09-27.03 - Alex 29.09.2012  14:35:12.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2046.1028 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\wpcap.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
Infizierte Kopie von c:\windows\system32\imm32.dll wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-28 bis 2012-09-29  ))))))))))))))))))))))))))))))
.
.
2012-09-29 12:21 . 2012-09-29 12:21	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BEB053F-956B-481E-9D24-3798BB3DB149}\offreg.dll
2012-09-28 18:16 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BEB053F-956B-481E-9D24-3798BB3DB149}\mpengine.dll
2012-09-26 15:26 . 2012-08-21 20:12	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-22 14:00 . 2012-09-22 14:00	--------	d-----w-	c:\users\Alex\AppData\Roaming\Malwarebytes
2012-09-22 13:59 . 2012-09-22 13:59	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-22 13:59 . 2012-09-22 13:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-22 13:59 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-22 10:23 . 2012-09-22 10:23	--------	d-----w-	c:\windows\ELAMBKUP
2012-09-22 10:23 . 2012-09-29 12:46	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-09-22 10:23 . 2012-09-22 10:23	--------	d-----w-	c:\program files\Kaspersky Lab
2012-09-22 10:23 . 2012-08-13 16:24	75096	----a-w-	c:\windows\system32\drivers\klflt.sys
2012-09-12 16:37 . 2012-08-22 17:16	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 16:37 . 2012-08-22 17:16	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:37 . 2012-07-04 19:45	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:37 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 16:37 . 2012-08-22 17:16	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 16:37 . 2012-08-02 16:57	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-30 16:30 . 2012-08-30 19:00	--------	d-----w-	c:\users\Alex\cubase1
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 18:17 . 2012-01-25 20:02	139328	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-09-27 18:17 . 2012-01-25 20:05	281520	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-09-27 18:17 . 2012-01-25 20:02	281520	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-09-27 18:17 . 2012-01-25 20:02	280904	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-09-22 10:44 . 2012-07-25 12:53	25944	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2012-09-22 10:44 . 2012-05-25 17:38	25944	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2012-09-21 12:08 . 2012-05-28 14:36	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-21 12:08 . 2011-05-23 21:32	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-13 14:49 . 2012-08-13 14:49	144344	----a-w-	c:\windows\system32\drivers\kneps.sys
2012-08-02 13:09 . 2012-08-02 13:09	24408	----a-w-	c:\windows\system32\drivers\klim6.sys
2012-07-28 01:09 . 2012-07-28 01:09	57792	----a-w-	c:\windows\system32\sirenacm.dll
2012-07-28 00:54 . 2012-07-28 00:54	321472	----a-w-	c:\windows\WLXPGSS.SCR
2012-07-26 17:08 . 2012-07-26 17:08	862664	----a-w-	c:\windows\system32\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08	534480	----a-w-	c:\windows\system32\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08	251864	----a-w-	c:\windows\system32\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08	153536	----a-w-	c:\windows\system32\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08	115656	----a-w-	c:\windows\system32\vcomp110.dll
2012-07-18 17:47 . 2012-08-15 14:38	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-17 12:49 . 2012-07-17 12:49	209648	----a-w-	c:\windows\system32\LIVESSP.DLL
2012-07-17 12:37 . 2012-07-17 12:37	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-11 15:09 . 2012-07-11 15:09	58712	----a-w-	c:\windows\system32\klfphc.dll
2012-07-04 21:14 . 2012-08-15 14:38	41984	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 14:38	102912	----a-w-	c:\windows\system32\browser.dll
2012-09-08 15:54 . 2012-09-08 15:54	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 12:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 14:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5140960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 362032]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-17 218880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2012-02-23 09:38	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Badoo Desktop]
2011-10-05 18:18	1051760	----a-w-	c:\programdata\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 16:33	150528	----a-w-	c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-03 20:50	1246544	----a-w-	c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36	2793304	----a-w-	c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2010-04-09 00:42	163944	----a-w-	c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 12:09]
.
2012-09-29 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-06-21 09:22]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 12:36]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 12:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\o813l87k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_&q={searchTerms}&mntrId=fc3e830a000000000000001f3f04e995&tlver=1.4.35.10&
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
MSConfigStartUp-MediaGet2 - c:\users\Alex\AppData\Local\MediaGet2\mediaget.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3218921893-2830402096-2579966274-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3218921893-2830402096-2579966274-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4084)
d:\program files\RocketDock\RocketDock.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Bandoo\Bandoo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-29  14:50:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-29 12:50
.
Vor Suchlauf: 9 Verzeichnis(se), 52.340.150.272 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 66.889.486.336 Bytes frei
.
- - End Of File - - CBF7FE1A174BA4CA07A116D9DAE9AE00
         

--- --- ---


und hier Qoobox:

1400
1400_Help
1400Trb
32 Bit HP CIO Components Installer
AccessDiver v4.402
Acronis*True*Image*Home
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) - Deutsch
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVM FRITZ!WLAN
Badoo Desktop
Bandoo
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Bing Bar
Bonjour
BufferChm
Call of Duty 4: Modern Warfare
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
CamStudio OSS Desktop Recorder
ConvertHelper 2.2
Copy
D3DX10
Debut Video Capture Software
Destinations
DeviceDiscovery
DivX-Setup
DocProc
DriverMax 5
ESN Sonar
Fax
Fotogalerie
Google Earth
Google Update Helper
GPBaseService2
Grand Theft Auto San Andreas
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iCloud
ICQ7.5
iLivid
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 33
Junk Mail filter update
JUNO-Di Editor
Kaspersky Anti-Virus 2013
Live 8.2.1
Logitech Vid HD
Logitech Webcam Software
Malwarebytes Anti-Malware Version 1.65.0.1400
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Movie Maker
Mozilla Firefox 15.0 (x86 de)
Mozilla Firefox 15.0.1 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Notepad++
NVIDIA 3D Vision Controller-Treiber 301.42
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Treiber 301.42
NVIDIA Drivers
NVIDIA Grafiktreiber 301.42
NVIDIA HD-Audiotreiber 1.3.16.0
NVIDIA Install Application
NVIDIA MediaShield
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 301.42
NVIDIA Update 1.8.15
NVIDIA Update Components
OCR Software by I.R.I.S. 13.0
OpenOffice.org 3.3
Origin
PartyPoker
Photo Common
Photo Gallery
PHP Editor 2.22
PokerStars
Prism Video File Converter
PunkBuster Services
QuickTime
RocketDock 1.3.5
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
Snagit 10.0.2
SolutionCenter
SoundMAX
Status
Steam
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
TeamSpeak 3 Client
Toolbox
TrayApp
Uniblue DriverScanner
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
WebCracker 4.0
WebReg
Winamp
Winamp Erkennungs-Plug-in
Windows iLivid Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinRAR 4.01 (32-Bit)
Wireshark 1.6.5
XBMC
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Toolbar

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

ACHTUNG bei dem fund Poision Ivy im D verzeichnes handelt es sich um keine eingeschleuste Backdoor Bedrohung!

Bitte um handlungs Instruktion zur bekämpfung bereits auswenig gemachter und unerwünschten viren/backddors/malware !!!

Emisoft auswertung:
Emsisoft Anti-Malware - Version 7.0
Letztes Update: N/A

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 02.10.2012 18:55:41

C:\Program Files\accessdiver gefunden: Trace.File.AccessDiver (A)
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebCracker 3.0 gefunden: Trace.File.WebCracker 3.0 (A)
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk gefunden: Trace.File.PartyPoker (A)
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebCracker 3.0\webcrack ReadMe.lnk gefunden: Trace.File.WebCracker 3.0 (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> 1 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> 10 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> 2 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> 4 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> 5 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> 6 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> 7 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> 9 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> AdsLastKnownState gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> AppPath gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> BlackjackSounds gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> EnableSounds gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> id gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> InitialPort gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> InstallState gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> SL gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> TableType gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming\partypoker -> useCount gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming -> CFDialogShown gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3218921893-2830402096-2579966274-1000\software\partygaming -> FreshInstall gefunden: Trace.Registry.PartyPoker (A)
C:\ProgramData\Kaspersky Lab\AVP13\QB\d1b5b0ad452d704b.klq -> (Quarantine-6) -> b4a/b4a.class gefunden: Exploit.Java.CVE-2012-1723.M (B)
C:\ProgramData\Kaspersky Lab\AVP13\QB\d1b5b0ad452d704b.klq -> (Quarantine-6) -> b4a/b4f.class gefunden: Exploit.Java.CVE-2012-1723.M (B)
C:\ProgramData\Kaspersky Lab\AVP13\QB\d1b5b0ad452d704b.klq -> (Quarantine-6) -> b4a/b4b.class gefunden: Exploit.Java.CVE-2012-1723.M (B)
C:\ProgramData\Kaspersky Lab\AVP13\QB\d1b5b0ad452d704b.klq -> (Quarantine-6) -> b4a/b4c.class gefunden: Exploit.Java.CVE-2012-1723.M (B)
C:\ProgramData\Kaspersky Lab\AVP13\QB\d1b5b0ad452d704b.klq -> (Quarantine-6) -> b4a/b4d.class gefunden: Exploit.Java.CVE-2012-1723.M (B)
C:\ProgramData\Kaspersky Lab\AVP13\QB\d1b5b0ad452d704b.klq -> (Quarantine-6) -> b4a/b4e.class gefunden: Exploit.Java.CVE-2012-1723.M (B)
D:\poisen ivy\PI2.3.2.rar -> PILib.dll gefunden: Backdoor.Poisonivy.Q (B)

Gescannt 507980
Gefunden 31

Scan Ende: 02.10.2012 20:16:42
Scan Zeit: 1:21:01

OK

Lasse die Funde in Quarantaene verschieben, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

• Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
• Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
• Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

• Lade und starte Eset Smartinstaller
• Haken setzen bei YES, I accept the Terms of Use.
• Klick auf Start.
• Haken setzen bei Remove found threads und Scan archives.
• Klick auf Start.
• Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Finish drücken.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.