PC hängt öfter und Programme stürzen ab!

Pryk1 · 17.02.2011, 18:46

Hallo Helfer,
seit einiger zeit hängt (freeze) mein pc des öfteren und programme stürzen einfach ab (reagieren nicht mehr)!
ich hoffe ich hab alles der anleitung nach richtig gemacht/gepostet. falls nicht...sorry

mahalo!!!

MBAM log

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5777

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.02.2011 23:36:11
mbam-log-2011-02-16 (23-36-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142755
Laufzeit: 8 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\RECYCLER\s-1-5-21-527237240-1645522239-839522115-1003\Dc15.exe (PUP.PWDump) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-527237240-1645522239-839522115-1003\Dc33\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\notepad.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

defogger_disable log

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:30 on 17/02/2011 (Cai)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Gmer.text

Code:

ATTFilter

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-17 08:41:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_MP0804H rev.UE100-14
Running: g2m3e4r.exe; Driver: C:\DOCUME~1\Cai\LOCALS~1\Temp\ufldyfog.sys


---- System - GMER 1.0.15 ----

SSDT            F7CD79D6                                 ZwCreateKey
SSDT            F7CD79CC                                 ZwCreateThread
SSDT            F7CD79DB                                 ZwDeleteKey
SSDT            F7CD79E5                                 ZwDeleteValueKey
SSDT            F7CD79EA                                 ZwLoadKey
SSDT            F7CD79B8                                 ZwOpenProcess
SSDT            F7CD79BD                                 ZwOpenThread
SSDT            F7CD79F4                                 ZwReplaceKey
SSDT            F7CD79EF                                 ZwRestoreKey
SSDT            F7CD79E0                                 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2D6C     80504608 4 Bytes  JMP 20F7CD79 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

OTL.text

Code:

ATTFilter

OTL logfile created on: 17.02.2011 18:06:05 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Cai\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 451,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 13,78 Gb Free Space | 18,48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 465,76 Gb Total Space | 394,84 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
 
Computer Name: KAISERSOEZE | User Name: Cai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.02.16 23:08:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cai\Desktop\MFTools\OTL.exe
PRC - [2011.01.05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.12.10 22:54:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.09 18:27:13 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.24 20:42:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.24 20:41:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.12 13:41:46 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 01:12:19 | 004,919,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2006.08.02 00:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006.08.02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006.07.29 09:04:06 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006.07.28 07:59:44 | 002,355,200 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006.03.06 17:13:56 | 000,086,016 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006.01.02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.10.18 15:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2005.04.20 05:27:44 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.02.16 23:08:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cai\Desktop\MFTools\OTL.exe
MOD - [2010.08.23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011.01.05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.12.09 18:27:13 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.24 20:42:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.12 13:41:46 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.02.12 13:41:39 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.07.15 10:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006.08.02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006.08.02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005.10.18 15:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005.04.20 05:27:44 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.12.21 17:53:29 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.24 20:42:01 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.05 22:55:12 | 000,031,704 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2008.04.13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.01.23 22:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007.08.28 16:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006.08.02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006.02.22 09:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.02.02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.01.31 18:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005.12.14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005.11.24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.11.17 03:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005.11.11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005.10.21 14:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005.10.18 15:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005.10.03 10:26:36 | 000,720,470 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)
DRV - [2005.10.03 10:26:14 | 000,008,278 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)
DRV - [2005.09.08 14:20:52 | 003,959,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005.07.12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.05.27 07:19:00 | 000,839,724 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.02.17 23:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003.08.20 11:28:50 | 000,014,220 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [1997.04.22 18:16:00 | 000,006,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.http: "137.226.138.156"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.07 18:34:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.17 21:58:36 | 000,000,000 | ---D | M]
 
[2008.11.16 06:08:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Extensions
[2011.02.16 15:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions
[2010.04.30 21:33:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.16 21:48:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.14 17:25:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.14 17:06:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.07 23:24:51 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2010.12.26 14:43:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.28 09:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008.11.25 20:43:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\moveplayer@movenetworks.com
[2011.02.07 23:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\staged-xpis
[2010.10.30 00:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\extensions\vshare@toolbar
[2011.02.15 01:38:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-1.xml
[2010.12.10 22:55:23 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-10.xml
[2010.06.23 12:09:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-2.xml
[2010.06.28 09:49:51 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-3.xml
[2010.07.21 20:00:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-4.xml
[2010.07.24 17:47:42 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-5.xml
[2010.08.09 11:45:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-6.xml
[2010.09.22 11:55:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-7.xml
[2010.10.22 17:22:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-8.xml
[2010.10.29 11:54:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin-9.xml
[2010.06.16 21:48:38 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin.gif
[2010.06.16 21:48:38 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin.src
[2008.07.10 11:19:06 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Profiles\ejm6kl8d.default\searchplugins\icqplugin.xml
[2011.02.16 15:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.05 11:22:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.27 21:48:47 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2010.10.05 11:22:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.10.05 11:22:01 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.22 17:21:55 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.06.26 14:34:30 | 000,000,932 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml
[2010.10.22 17:21:55 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 17:21:55 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 17:21:55 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 17:21:55 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.15 13:22:43 | 000,000,413 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 210.249.144.166 we9stun.winning-eleven.net
O1 - Hosts: 217.112.88.118 pes6gate-ec.winning-eleven.net
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Cai\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Cai\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Mit Mipony herunterladen - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (LogonUI.EXE) - C:\WINDOWS\System32\logonui.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cai\Application Data\Mozilla\Firefox\Desktop Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.12 13:05:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe - ()
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.16 23:43:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.02.16 23:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.02.16 23:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011.02.16 18:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cai\Application Data\Malwarebytes
[2011.02.16 18:50:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.16 18:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.16 18:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.02.16 18:50:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.16 18:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.16 18:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cai\Desktop\MFTools
[2011.02.15 15:38:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011.02.15 04:10:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.02.05 21:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cai\My Documents\Mipony
[2011.02.05 20:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cai\Application Data\Mipony
[2011.02.05 20:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cai\Start Menu\Programs\MiPony
[2011.02.05 20:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\MiPony
[2011.02.01 20:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011.02.01 20:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.01.20 19:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cai\Application Data\Leadertech
[2011.01.20 14:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011.01.19 21:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cai\Application Data\Intel
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.17 18:00:03 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.02.17 17:59:59 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.17 17:59:10 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.17 17:59:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.17 08:35:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.16 23:48:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cai\defogger_reenable
[2011.02.16 23:41:22 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Cai\Desktop\NTREGOPT.lnk
[2011.02.16 23:41:22 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Cai\Desktop\ERUNT.lnk
[2011.02.16 23:10:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.16 23:09:07 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Cai\Desktop\g2m3e4r.exe
[2011.02.16 23:09:06 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cai\Desktop\defogger.exe
[2011.02.15 03:03:15 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Cai\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.11 11:45:47 | 001,418,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.10 18:09:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.02.07 22:59:02 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Microsoft\Internet Explorer\Quick Launch\DKZ Studio (2).lnk
[2011.02.05 20:57:21 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Cai\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2011.02.05 16:55:38 | 000,000,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_tempbackup
[2011.01.19 21:28:49 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011.01.19 21:11:10 | 000,000,840 | ---- | M] () -- C:\Settings.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.16 23:48:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cai\defogger_reenable
[2011.02.16 23:41:22 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Cai\Desktop\NTREGOPT.lnk
[2011.02.16 23:41:22 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Cai\Desktop\ERUNT.lnk
[2011.02.16 18:50:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.16 18:47:19 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Cai\Desktop\g2m3e4r.exe
[2011.02.16 18:47:19 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cai\Desktop\defogger.exe
[2011.02.07 22:59:00 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Cai\Application Data\Microsoft\Internet Explorer\Quick Launch\DKZ Studio (2).lnk
[2011.02.05 20:57:21 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Cai\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2011.01.19 21:11:10 | 000,000,840 | ---- | C] () -- C:\Settings.ini
[2010.08.17 20:05:01 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.08.17 20:05:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.08.17 20:04:58 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.08.17 20:04:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.08.17 20:04:57 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.02.24 21:11:48 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Cai\Local Settings\Application Data\WebpageIcons.db
[2009.03.24 10:42:27 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.03.05 11:37:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2009.03.05 11:37:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2009.03.05 11:37:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2009.03.05 11:37:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2009.03.05 11:37:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2009.03.05 11:37:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2009.03.05 11:37:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009.03.05 11:37:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2009.03.05 11:37:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2009.02.27 22:04:46 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Cai\Local Settings\Application Data\fusioncache.dat
[2009.02.27 21:26:29 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.02.27 21:26:29 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.02.27 21:26:29 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.02.27 21:26:29 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.02.27 21:26:29 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.02.27 21:26:29 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.02.27 21:26:29 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.02.27 21:26:29 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.02.27 21:26:29 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2009.02.27 21:26:29 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.02.27 21:23:40 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\ASLM75.SYS
[2009.02.27 21:23:28 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2009.02.27 21:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.11.24 06:27:50 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Cai\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.16 07:04:55 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2008.11.16 06:25:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.11.16 05:15:17 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.12.19 15:53:30 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.09.02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1998.03.25 20:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbzlib.dll
 
========== LOP Check ==========
 
[2008.11.16 11:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010.11.27 21:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2010.08.09 11:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011.02.16 13:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.11.17 02:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.08.27 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2009.03.24 20:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.07.21 14:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.04.20 20:11:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.10.10 19:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.14 15:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.02.28 02:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\2K Sports
[2010.12.01 02:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\Any Video Converter
[2008.12.04 05:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\ArchiCrypt Rescue Master
[2010.11.15 23:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\Azureus
[2009.01.17 23:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\DeepBurner
[2011.01.09 16:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\DVDVideoSoft
[2011.01.09 16:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\DVDVideoSoftIEHelpers
[2011.02.16 23:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\Free Download Manager
[2010.08.09 01:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\ICQ
[2011.01.20 19:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\Leadertech
[2008.11.17 01:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\Lingo4u
[2011.02.14 03:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\Mipony
[2008.11.17 01:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\OpenOffice.org
[2009.08.29 21:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\pokerth
[2011.02.16 19:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\PriceGong
[2010.07.30 10:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\RayV
[2010.04.27 11:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\TS3Client
[2008.11.17 02:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\TuneUp Software
[2010.10.27 00:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\Tunngle
[2010.04.26 23:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cai\Application Data\Uniblue
[2011.02.17 18:00:03 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.08.09 14:58:58 | 000,000,000 | ---D | M] -- C:\7693a848071c56127f721ba3956fe3
[2009.02.27 20:09:35 | 000,000,000 | ---D | M] -- C:\ATI
[2009.03.31 15:15:05 | 000,000,000 | ---D | M] -- C:\c0788d48f989384fca
[2008.11.16 05:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2008.11.15 09:18:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.02.16 12:30:45 | 000,000,000 | ---D | M] -- C:\Downloads
[2008.11.26 05:16:25 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2010.02.19 12:36:54 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.02.16 23:41:21 | 000,000,000 | R--D | M] -- C:\Program Files
[2009.02.17 11:21:05 | 000,000,000 | ---D | M] -- C:\Programme
[2008.11.16 07:21:59 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2008.11.18 01:18:20 | 000,000,000 | ---D | M] -- C:\SP2
[2008.11.16 05:44:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.02.17 18:00:48 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\VCP_SAVE\explorer.exe
[2004.08.04 08:56:50 | 001,550,336 | ---- | M] (Microsoft Corporation) MD5=334C94271A45DF9E7A72525497A908BE -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.04 08:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\VistaMizer\old\explorer.exe
[2009.06.19 15:52:07 | 000,004,608 | ---- | M] () MD5=C9A563206DC63815E79875C1F8FE098F -- C:\Documents and Settings\Cai\Local Settings\Application Data\Xenocode\ApplianceCaches\GameCamV2.exe_v34275733\Native\STUBEXE\@WINDIR@\explorer.exe
[2008.04.14 01:12:19 | 004,919,296 | ---- | M] (Microsoft Corporation) MD5=DE5DAEB60BBADE63EB7A405A69DDB9CD -- C:\WINDOWS\explorer.exe
[2008.04.14 01:12:19 | 004,919,296 | ---- | M] (Microsoft Corporation) MD5=DE5DAEB60BBADE63EB7A405A69DDB9CD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 08:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 08:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\VistaMizer\old\winlogon.exe
[2004.08.04 08:56:58 | 000,541,696 | ---- | M] (Microsoft Corporation) MD5=55ACA85EB80E2155E20211AAADDD711A -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-10 17:09:56
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

Extras.text

Code:

ATTFilter

OTL Extras logfile created on: 17.02.2011 18:06:05 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Cai\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 451,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 13,78 Gb Free Space | 18,48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 465,76 Gb Total Space | 394,84 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
 
Computer Name: KAISERSOEZE | User Name: Cai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Zattoo\zattood.exe" = C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Program Files\Zattoo\Zattoo1.exe" = C:\Program Files\Zattoo\Zattoo1.exe:*:Enabled:  -- ()
"C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe:*:Enabled:pes6.exe -- (KONAMI)
"C:\Program Files\Zattoo\Zattoo2.exe" = C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:  -- ()
"C:\Program Files\Zattoo\Zattoo.exe" = C:\Program Files\Zattoo\Zattoo.exe:*:Enabled:  -- ()
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Cai\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Cai\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\VLC\vlc.exe" = C:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{05AB8EF0-F783-11DF-83AC-001279CD8240}" = Google Earth Plug-in
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{1CE7D0E0-AC02-42C3-8EAD-66F9D39E3C0E}" = ATI Catalyst Control Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90437E5F-0A9E-4B63-AD8B-D232897D18BF}" = ATI Parental Control & Encoder
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A87869D7-B133-498C-A347-D9BE109FF6C8}" = USB2.0 1.3M Web Cam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F656DC79-013A-4683-8692-B938FC00B941}" = DkZ Studio
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Any Video Converter_is1" = Any Video Converter 2.7.9
"ASUS Probe V2.11" = ASUS Probe V2.11
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Studio_is1" = Free Studio version 5.0.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Hcontrol" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiPony" = MiPony 1.2.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RocketDock_is1" = RocketDock 1.3.5
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VCP" = Remove Vista Customization Pack v3
"Veetle TV" = Veetle TV 0.9.18
"VistaMizer" = VistaMizer 2.5.2.0
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2011 09:21:49 | Computer Name = KAISERSOEZE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 13.02.2011 20:03:10 | Computer Name = KAISERSOEZE | Source = WmiAdapter | ID = 4099
Description = Open of service failed.
 
Error - 13.02.2011 22:53:30 | Computer Name = KAISERSOEZE | Source = Application Hang | ID = 1002
Description = Hanging application setup.exe, version 6.6.0.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 15.02.2011 11:30:10 | Computer Name = KAISERSOEZE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 15.02.2011 11:30:13 | Computer Name = KAISERSOEZE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 15.02.2011 14:12:27 | Computer Name = KAISERSOEZE | Source = Application Error | ID = 1000
Description = Faulting application pes6.exe, version 1.0.0.1, faulting module pes6.exe,
 version 1.0.0.1, fault address 0x004d160c.
 
Error - 15.02.2011 18:18:21 | Computer Name = KAISERSOEZE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 15.02.2011 18:36:57 | Computer Name = KAISERSOEZE | Source = Application Error | ID = 1000
Description = Faulting application pes6.exe, version 1.0.0.1, faulting module pes6.exe,
 version 1.0.0.1, fault address 0x0025c4a8.
 
Error - 16.02.2011 10:16:22 | Computer Name = KAISERSOEZE | Source = Application Error | ID = 1000
Description = Faulting application pes6.exe, version 1.0.0.1, faulting module pes6.exe,
 version 1.0.0.1, fault address 0x0070c48a.
 
Error - 16.02.2011 19:04:23 | Computer Name = KAISERSOEZE | Source = WmiAdapter | ID = 4099
Description = Open of service failed.
 
[ System Events ]
Error - 17.02.2011 13:06:23 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 17.02.2011 13:06:24 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 17.02.2011 13:06:26 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 17.02.2011 13:06:27 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 17.02.2011 13:06:29 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 17.02.2011 13:06:31 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 17.02.2011 13:06:34 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 17.02.2011 13:06:36 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 17.02.2011 13:06:37 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 17.02.2011 13:06:39 | Computer Name = KAISERSOEZE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
[ TuneUp Events ]
Error - 16.02.2011 13:50:21 | Computer Name = KAISERSOEZE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-02-16 18:50:21', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','288',0)
 
Error - 16.02.2011 13:50:42 | Computer Name = KAISERSOEZE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-02-16 18:50:42', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','2188',0)
 
Error - 16.02.2011 13:53:14 | Computer Name = KAISERSOEZE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-02-16 18:53:14', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','1340',0)
 
Error - 16.02.2011 18:10:02 | Computer Name = KAISERSOEZE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-02-16 23:10:02', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','1516',0)
 
Error - 16.02.2011 18:10:22 | Computer Name = KAISERSOEZE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-02-16 23:10:22', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','508',0)
 
 
< End of report >

cosinus · 17.02.2011, 20:56

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Pryk1 · 17.02.2011, 22:07

vollständiger scan:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5786

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.02.2011 22:04:59
mbam-log-2011-02-17 (22-04-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 268243
Laufzeit: 56 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 16

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\Cai\Desktop\cai\kf141\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\antiwpa-v3.4.6 for x64 and x86\AMD64\ANTIWPA.DLL (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\antiwpa-v3.4.6 for x64 and x86\X86\ANTIWPA.DLL (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\antiwpa-v3.4.6 for x64 and x86\AMD64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\antiwpa-v3.4.6 for x64 and x86\IA64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\antiwpa-v3.4.6 for x64 and x86\X86\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\fixed antiwpa\AMD\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\fixed antiwpa\I64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\original antiwpa\AMD64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\original antiwpa\IA64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\original antiwpa\X86\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\keygens\50614-mskey4in1.exe (Malware.Tool) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\wga-crack\wga-workaround (geht auch mit ie7 etc)\wga-fix.exe (Hacktool.WGAFix) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\kaisersoeze\Desktop\cai\kf141\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\WINDOWS\servicepackfiles\i386\notepad.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\$ntservicepackuninstall$\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

cosinus · 17.02.2011, 23:26

Zitat:

c:\dokumente und einstellungen\Cai\Desktop\Crack

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur Neuinstallation von (einem LEGALEN!!!) Windows!!

Pryk1 · 18.02.2011, 00:58

mein windows ist nicht legal???
ich hab doch schon zweimal bei euch meinen pc von trojanern befreien lassen!!!
jetzt versteh ich nichts mehr...ich bin allerdings auch ein pc noob.
mein pc ist aber ganz normal gekauft bei ebay!!!

cosinus · 18.02.2011, 01:18

Zitat:

c:\dokumente und einstellungen\Cai\Desktop\cai\kf141\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\antiwpa-v3.4.6 for x64 and x86\AMD64\ANTIWPA.DLL (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\antiwpa-v3.4.6 for x64 and x86\X86\ANTIWPA.DLL (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\antiwpa-v3.4.6 for x64 and x86\AMD64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\antiwpa-v3.4.6 for x64 and x86\IA64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\antiwpa-v3.4.6 for x64 and x86\X86\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\fixed antiwpa\AMD\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\fixed antiwpa\I64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\original antiwpa\AMD64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\original antiwpa\IA64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\aktivierungs-crack\fix für windows 64bit\original antiwpa\X86\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\keygens\50614-mskey4in1.exe (Malware.Tool) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Cai\Desktop\Crack\TOOLS\wga-crack\wga-workaround (geht auch mit ie7 etc)\wga-fix.exe (Hacktool.WGAFix) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\kaisersoeze\Desktop\cai\kf141\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Was hast du denn für eine Erklärung (Ausrede

) für die den Ordner CRACK auf deinem Desktop? Was macht der da, wie kommt der da hin? Da ist kein verwinkeltes Verzeichnis sondern ein Ordner direkt auf deinem Biildschirmhintergrund, also gibt es sowas auch nicht zu übersehen!!
Was machst du mit antiwpa, den keygens und den cracks?

Ok, eigentlich ist es der Desktop des Users "Cai" vllt weißt du wer das ist

Pryk1 · 18.02.2011, 10:49

Zitat:

Zitat von cosinus

Was hast du denn für eine Erklärung (Ausrede

) für die den Ordner CRACK auf deinem Desktop? Was macht der da, wie kommt der da hin? Da ist kein verwinkeltes Verzeichnis sondern ein Ordner direkt auf deinem Biildschirmhintergrund, also gibt es sowas auch nicht zu übersehen!!
Was machst du mit antiwpa, den keygens und den cracks?

Ok, eigentlich ist es der Desktop des Users "Cai" vllt weißt du wer das ist

ich habe keine ausreden...ich verstehe es einfach nicht!
ihr habt mir schon zweimal geholfen und das ist immer noch der selbe pc!
"Cai" bin ich! aber auf meinem desktop hab ich doch keinen ordner CRACK! das ist mein desktop:

ich versteh das nicht!!!

ich brauche echt hilfe. ich brauche meinen pc für meine diplomarbeit und für pes!

cosinus · 18.02.2011, 10:52

Joa, jetzt wo MBAM es gelöscht hat

Pryk1 · 18.02.2011, 10:59

nein auch vorher hatte ich keinen ordner auf dem desktop! das wär mir doch aufgefallen!
wenn ich jetzt MBAM die datein in der quarantäne wieder herstellen lasse müsste ich also diesen besagten ordner wieder auf meinem desktop haben?
soll ich das mal machen? weil ich verstehe es beim besten willen nicht!

cosinus · 18.02.2011, 11:43

Jop mach mal

Pryk1 · 18.02.2011, 13:08

werd ich hier nicht ernstgenommen?!?

werd wohl meinen rechner platt machen müssen was leider lange dauert da das ein kumpel für mich macht (bin halt pc noob). naja danke an die leute die mir die letzten beiden male geholfen haben!!!

cosinus · 18.02.2011, 13:44

Ja sry aber so ist das nun mal

MBAM erfindet auch keine Cracks nur um dir eins einzuwischen, die Dinger waren tatsächlich drauf

Pryk1 · 18.02.2011, 15:05

dann waren sie auf meinem rechner nur sicher nicht auf meinem desktop das hätte ich gesehen!
kannst du mir sagen ob ich noch mehr illegale sachen/tools/daten oder sonst was auf meinem pc habe? ich würde gerne alles entfernen.

immer wieder kam die meldung "autorun blockieren" mittlerweile hat mein antivir 19 trojaner (TR/Trash.Gen, TR/Agent.ezdc, TR/Dldr.Agent.CAD) auf meinem rechner gefunden

werde diese jetzt entfernen und hoffe damit hat sich die sache erledigt!

mahalo!

cosinus · 18.02.2011, 15:15

Zitat:

dann waren sie auf meinem rechner nur sicher nicht auf meinem desktop das hätte ich gesehen!

MBAM lügt nicht, das war der Desktop von Cai, und einen weiteren User mit dem selben Namen kann es nicht geben

Pryk1 · 18.02.2011, 15:19

danke für die antwort...

18.02.2011, 10:52	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PC hängt öfter und Programme stürzen ab! Joa, jetzt wo MBAM es gelöscht hat __________________ Logfiles bitte immer in CODE-Tags posten

18.02.2011, 11:43	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PC hängt öfter und Programme stürzen ab! Jop mach mal __________________ Logfiles bitte immer in CODE-Tags posten

18.02.2011, 13:44	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PC hängt öfter und Programme stürzen ab! Ja sry aber so ist das nun mal MBAM erfindet auch keine Cracks nur um dir eins einzuwischen, die Dinger waren tatsächlich drauf __________________ Logfiles bitte immer in CODE-Tags posten

PC hängt öfter und Programme stürzen ab!

Log-Analyse und Auswertung: PC hängt öfter und Programme stürzen ab!