Internet verbindet nicht mehr nach malwarebytes anti-malware Bereinigung

Agent_UG8 · 03.04.2011, 16:26

Hallo zusammen.
Ich hatte ein kleines Problem mit ein paar Viren und Malware.
Nachdem ich malwarebytes Anti-Malware quickscan durchgeführt und die funde entfernt habe, ging nach dem neustart das internet nicht mehr.

laut IE diagnose :
"Überprüfen Sie die Firewalleinstellungen für den HTTP-Port (80), den HTTPS-Port (443) und den FTP-Port (21)."
was mir persönlich nichts sagt, denn mit sowas kenne ich mich leider nicht aus

Ich habe euch hier mal das Log-File von Malwarebytes anti-malware

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6255

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.04.2011 16:51:27
mbam-log-2011-04-03 (16-51-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181471
Laufzeit: 7 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 11
Infizierte Dateien: 23

Infizierte Speicherprozesse:
c:\dokumente und einstellungen\***\anwendungsdaten\dwm.exe (Trojan.Downloader) -> 1740 -> Unloaded process successfully.
c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent) -> 2304 -> Unloaded process successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\spacequery\spacequery167.exe (Adware.SpaceQuery) -> 1448 -> Unloaded process successfully.
c:\programme\spacequery\spacequery.exe (Adware.SpaceQuery) -> 1396 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\programme\spacequery\spacequery.dll (Adware.Agent.Gen) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B2C7C9D-716D-4E9E-9358-B9C80A81B7ED} (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpaceQuery (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpaceQuery (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPACEQUERY_SERVICE (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWANGIE_SERVICE (PUP.Zwangi) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpaceQuery Service (Adware.SpaceQuery) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOKUME~1\UMUTGC~1\LOKALE~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://home.adbsearch.com/) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\all users\anwendungsdaten\spacequery (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9} (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\chrome (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\defaults (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\defaults\preferences (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c} (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults\preferences (PUP.Zwangi) -> Not selected for removal.
c:\programme\spacequery (Adware.SpaceQuery) -> Delete on reboot.
c:\moonxxxxxx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programme\spacequery\spacequery.dll (Adware.Agent.Gen) -> Delete on reboot.
c:\dokumente und einstellungen\***\anwendungsdaten\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot.
c:\dokumente und einstellungen\***\anwendungsdaten\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-2279412749-2558116402-30164335-1006\Dc78.exe (Adware.Mirar) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\lokale einstellungen\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\lokale einstellungen\Temp\39C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SPA12.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\spacequery\spacequery167.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\chrome\spacequery.jar (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\defaults\preferences\prefs.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome.manifest (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\install.rdf (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome\zwangie.jar (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults\preferences\prefs.js (PUP.Zwangi) -> Not selected for removal.
c:\programme\spacequery\spacequery.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\programme\spacequery\uninstall.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\moonxxxxxx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Ich hoffe Ihr könnt mir weiterhelfen

Falls Ihr noch irgendwelche Informationen benötigt einfach melden

cosinus · 03.04.2011, 17:25

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Agent_UG8 · 03.04.2011, 17:54

Okay vielen Dank bin bereits dabei.

Kurze Frage vorweg: Sollen Funde auch direkt entfernt werden?

cosinus · 03.04.2011, 18:00

Anleitung lesen und all Fragen sollten sich erübrigen

Agent_UG8 · 03.04.2011, 19:35

Also hier die Log-files vom Quickscan VOR diesem Thread:
(nicht aktualisierte Version)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6255

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.04.2011 16:51:27
mbam-log-2011-04-03 (16-51-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181471
Laufzeit: 7 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 11
Infizierte Dateien: 23

Infizierte Speicherprozesse:
c:\dokumente und einstellungen\***\anwendungsdaten\dwm.exe (Trojan.Downloader) -> 1740 -> Unloaded process successfully.
c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent) -> 2304 -> Unloaded process successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\spacequery\spacequery167.exe (Adware.SpaceQuery) -> 1448 -> Unloaded process successfully.
c:\programme\spacequery\spacequery.exe (Adware.SpaceQuery) -> 1396 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\programme\spacequery\spacequery.dll (Adware.Agent.Gen) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B2C7C9D-716D-4E9E-9358-B9C80A81B7ED} (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpaceQuery (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpaceQuery (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPACEQUERY_SERVICE (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWANGIE_SERVICE (PUP.Zwangi) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpaceQuery Service (Adware.SpaceQuery) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOKUME~1\UMUTGC~1\LOKALE~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (Mirar) Good: (Google) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (Mirar) Good: (Google) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (Mirar) Good: (Google) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\all users\anwendungsdaten\spacequery (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9} (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\chrome (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\defaults (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\defaults\preferences (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c} (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults\preferences (PUP.Zwangi) -> Not selected for removal.
c:\programme\spacequery (Adware.SpaceQuery) -> Delete on reboot.
c:\moonxxxxxx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programme\spacequery\spacequery.dll (Adware.Agent.Gen) -> Delete on reboot.
c:\dokumente und einstellungen\***\anwendungsdaten\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot.
c:\dokumente und einstellungen\***\anwendungsdaten\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-2279412749-2558116402-30164335-1006\Dc78.exe (Adware.Mirar) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\lokale einstellungen\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\lokale einstellungen\Temp\39C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SPA12.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\spacequery\spacequery167.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\chrome\spacequery.jar (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\defaults\preferences\prefs.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome.manifest (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\install.rdf (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome\zwangie.jar (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults\preferences\prefs.js (PUP.Zwangi) -> Not selected for removal.
c:\programme\spacequery\spacequery.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\programme\spacequery\uninstall.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\moonxxxxxx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6255

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.04.2011 18:07:28
mbam-log-2011-04-03 (18-07-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 180897
Laufzeit: 7 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWANGIE_SERVICE (PUP.Zwangi) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c} (PUP.Zwangi) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome (PUP.Zwangi) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults (PUP.Zwangi) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults\preferences (PUP.Zwangi) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome.manifest (PUP.Zwangi) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\install.rdf (PUP.Zwangi) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome\zwangie.jar (PUP.Zwangi) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults\preferences\prefs.js (PUP.Zwangi) -> Quarantined and deleted successfully.

Hier der Vollscan von gerade eben:
(aktualisierte Version)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6256

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.04.2011 20:08:40
mbam-log-2011-04-03 (20-08-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 321179
Laufzeit: 1 Stunde(n), 29 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 22

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\oxin's style!\3d sexvilla 2\Binaries\fc3dsexvilla.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP368\A0090805.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP368\A0090816.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP328\A0071693.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP333\A0072119.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP333\A0072120.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP408\A0115083.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP416\A0128520.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP416\A0127363.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP416\A0128452.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP416\A0128453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP416\A0128456.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP416\A0128457.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP416\A0128508.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP417\A0128571.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP417\A0128621.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP417\A0128643.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP417\A0128663.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP417\A0128749.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP417\A0128757.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6000105b-10b3-4128-a756-63811b21e500}\RP417\A0128783.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\temp289\sound32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

OTL Scan:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.04.2011 20:24:14 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,00 Mb Total Physical Memory | 622,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 89,47 Gb Free Space | 38,42% Space Free | Partition Type: NTFS
Drive E: | 15,03 Gb Total Space | 5,70 Gb Free Space | 37,90% Space Free | Partition Type: FAT32
Drive L: | 465,76 Gb Total Space | 343,99 Gb Free Space | 73,86% Space Free | Partition Type: NTFS
 
Computer Name: HEIM-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.)
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (P1370VID) -- C:\WINDOWS\system32\drivers\P1370Vid.sys (Creative Technology Ltd.)
DRV - (P1370Aul) -- C:\WINDOWS\system32\drivers\P1370Aul.sys (Creative Technology Ltd.)
DRV - (P1370Aud) -- C:\WINDOWS\system32\drivers\P1370Aud.sys (Creative Technology Ltd.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (mapledxp) -- C:\WINDOWS\System32\drivers\mapledxp.SYS (Jeff Hurchalla and Marble Sound)
DRV - (Amps2prt) Trust Ami PS/2 Port Mouse Driver (6) -- C:\WINDOWS\system32\drivers\Amps2prt.sys ((Standard Mouse Types))
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (sfvmr) -- C:\WINDOWS\System32\drivers\sfvmr.SYS (Sonic Foundry, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 26 54 03 B0 84 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57152
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.6
FF - prefs.js..extensions.enabledItems: {FD47CF56-E0F7-42FB-91D5-03E50A5CBE8C}:1.0
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {0A328249-98DF-476C-9D25-3853C961DAB9}:1.0
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.6
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.67
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57152
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010.06.11 10:39:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.07.09 14:51:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.21 16:06:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.01.21 16:06:48 | 000,000,000 | ---D | M]
 
[2009.02.11 16:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.12.27 23:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\extensions
[2010.04.28 13:10:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.16 18:31:53 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2010.12.16 18:32:11 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.05.03 00:09:07 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.23 19:34:36 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\extensions\redshift_V2@shift-themes.com
[2010.12.16 18:32:13 | 000,000,000 | ---D | M] (Silvermel) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\extensions\silvermel@pardal.de
[2010.12.16 18:32:13 | 000,000,000 | ---D | M] (Silvermel and Charamel XT) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\extensions\silvermelxt@pardal.de
[2009.12.23 22:20:42 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\searchplugins\bing.xml
[2010.12.30 10:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.09.07 21:50:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\UMUT GÃ¶CEK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0J430VOU.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\UMUT GÃ¶CEK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0J430VOU.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\UMUT GÃ¶CEK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0J430VOU.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\UMUT GÃ¶CEK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0J430VOU.DEFAULT\EXTENSIONS\SILVERMELXT@PARDAL.DE
[2010.06.11 10:39:17 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAMME\GOOGLE\GOOGLE GEARS\FIREFOX
[2009.01.09 15:55:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{0A328249-98DF-476C-9D25-3853C961DAB9}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{FD47CF56-E0F7-42FB-91D5-03E50A5CBE8C}
[2010.11.01 20:37:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.01 20:37:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.01 20:37:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.01 20:37:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.01 20:37:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
[2010.01.05 17:33:04 | 000,002,386 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\zwangie123.xml
 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (FlashGet(??)-Best Download Manager)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {AF5F56C9-F3E5-4061-95FA-CAC2286DF326} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - {E27A7DD9-571A-3ACC-8391-5E70A6EF2738} - No CLSID value found.
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (FlashGet(??)-Best Download Manager)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {E62C495C-3880-46E9-89AE-87F47E71B280} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Programme\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Programme\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Programme\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: team-ulm.de ([www] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147879372515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147880351031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (hbyvad.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll -  File not found
O20 - Winlogon\Notify\qoMgHBsQ: DllName - qoMgHBsQ.dll -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\byXOgGWn) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.07 23:06:17 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.03 18:56:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.04.03 16:42:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.03 16:42:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.03 16:42:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.03 16:42:18 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.03 16:03:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2011.03.30 21:04:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 6
[2011.03.28 19:39:46 | 000,019,968 | R--- | C] (Sonic Foundry, Inc.) -- C:\WINDOWS\System32\sfvmr.dll
[2011.03.28 19:39:46 | 000,011,584 | R--- | C] (Sonic Foundry, Inc.) -- C:\WINDOWS\System32\drivers\sfvmr.sys
[2011.03.28 19:28:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Bome's Mouse Keyboard
[2011.03.28 19:28:19 | 000,000,000 | ---D | C] -- C:\Programme\Bome's Mouse Keyboard
[2011.03.28 19:28:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Bome's Mouse Keyboard
[2011.03.28 18:19:57 | 000,061,440 | ---- | C] ( Jeff Hurchalla) -- C:\WINDOWS\System32\marblaxp.dll
[2011.03.28 18:19:57 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\mapleapi.dll
[2011.03.28 18:19:57 | 000,024,720 | ---- | C] (Jeff Hurchalla and Marble Sound) -- C:\WINDOWS\System32\drivers\mapledxp.sys
[2011.03.28 18:19:56 | 000,053,248 | ---- | C] ( Marble Sound) -- C:\WINDOWS\System32\drivers\maplevmd000.exe
[2011.03.28 18:19:56 | 000,031,624 | ---- | C] (Jeff Hurchalla and Marble Sound) -- C:\WINDOWS\System32\mapledxp.dll
[2011.03.25 00:45:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2009.05.09 14:49:33 | 109,378,686 | ---- | C] (Oxin's Style!®                                              ) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\3D Sexvilla 2.058.002 OxS!®.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.03 20:18:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.03 20:12:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.03 20:12:12 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.03 18:47:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.04.03 16:38:32 | 000,033,183 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\D9F2.CF0
[2011.03.29 19:34:36 | 000,020,199 | ---- | M] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2011.03.29 15:59:05 | 000,162,304 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.28 18:19:57 | 000,007,455 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2011.03.28 18:19:52 | 000,673,546 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2011.03.28 14:32:13 | 000,455,780 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.28 14:32:13 | 000,438,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.28 14:32:13 | 000,084,172 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.28 14:32:13 | 000,070,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.25 00:01:43 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.03.25 00:01:43 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.03.13 21:53:47 | 000,297,291 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.29 19:34:36 | 000,020,199 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2011.03.28 18:19:56 | 000,673,546 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011.03.28 18:19:56 | 000,007,455 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011.03.07 02:38:23 | 000,033,183 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\D9F2.CF0
[2011.02.25 22:57:51 | 000,297,291 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011.01.26 22:43:04 | 000,041,800 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.12.29 01:40:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\avitoiPodconverter.ini
[2010.12.29 01:16:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysAVItoiPod.dat
[2010.10.23 14:43:11 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd
[2010.09.20 22:07:45 | 008,913,920 | ---- | C] () -- C:\WINDOWS\System32\mp22.dll
[2010.09.19 19:34:28 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2009.11.11 16:43:00 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.11.11 16:43:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.07.20 00:37:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2009.06.22 14:11:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.05.09 16:14:54 | 000,178,686 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2009.05.09 16:14:54 | 000,000,888 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.01.21 00:00:34 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.12.11 20:23:11 | 001,646,522 | -HS- | C] () -- C:\WINDOWS\System32\sqaplici.ini
[2008.12.11 20:20:08 | 000,544,700 | -HS- | C] () -- C:\WINDOWS\System32\nWGgOXyb.ini2
[2008.12.11 20:20:08 | 000,544,411 | -HS- | C] () -- C:\WINDOWS\System32\nWGgOXyb.ini
[2008.11.13 18:48:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.10.21 16:10:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2008.10.12 00:48:17 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.10.02 15:54:09 | 000,001,733 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2008.09.30 21:50:12 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008.09.30 21:50:12 | 000,020,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2008.09.28 01:23:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008.09.15 23:54:35 | 000,000,345 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2008.09.13 02:48:35 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.09.13 02:48:35 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PnkBstrK.sys
[2008.09.13 02:48:15 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008.09.13 02:48:14 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2008.09.13 02:48:14 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008.09.11 01:16:26 | 000,000,084 | ---- | C] () -- C:\WINDOWS\hiphopmaker.INI
[2008.09.10 16:20:42 | 000,005,358 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.09.09 22:29:16 | 000,103,152 | ---- | C] () -- C:\WINDOWS\3D Animated Images.ini
[2008.09.09 20:52:14 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.09.09 20:52:14 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008.09.09 20:52:13 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008.09.09 20:52:13 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008.09.09 20:52:13 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008.09.09 20:52:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.09.09 20:51:21 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.09.07 23:07:41 | 000,003,708 | R--- | C] () -- C:\WINDOWS\System32\drivers\CamH1370.bin
[2008.09.07 23:07:41 | 000,003,708 | R--- | C] () -- C:\WINDOWS\System32\drivers\CamF1370.bin
[2008.09.07 22:22:32 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\Netlog24Uninstaller.exe
[2008.09.07 21:21:03 | 000,010,223 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2008.09.07 21:15:34 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.09.07 20:47:12 | 000,162,304 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.07 20:47:12 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.03.13 07:58:52 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007.03.13 07:58:50 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.03.13 07:58:50 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.03.13 07:58:50 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.03.13 07:58:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.03.13 07:58:48 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.03.13 07:58:48 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007.03.13 07:58:48 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007.03.13 07:58:48 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007.03.13 07:58:44 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006.08.16 12:24:59 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.08.16 10:59:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006.06.19 13:43:45 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.05.18 17:54:11 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006.05.18 17:54:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006.05.18 16:04:10 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.05.18 13:37:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.05.18 13:37:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2006.05.17 15:48:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.05.17 15:47:56 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.05.17 14:07:06 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.05.17 14:06:25 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.05.17 13:37:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.05.17 13:24:17 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.05.17 13:15:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.05.17 13:11:54 | 000,053,472 | ---- | C] () -- C:\WINDOWS\System32\wuauclt.exe
[2006.05.17 13:11:46 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.05.17 12:58:24 | 000,455,780 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.05.17 12:58:24 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.05.17 12:58:24 | 000,084,172 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.05.17 12:58:24 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.05.17 12:58:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\mssocklh.dll
[2006.05.17 12:58:19 | 000,006,353 | ---- | C] () -- C:\WINDOWS\System32\wntnrnt.dll
[2006.05.17 12:58:15 | 000,438,046 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.05.17 12:58:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.05.17 12:58:15 | 000,070,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.05.17 12:58:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.05.17 12:58:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.05.17 12:58:14 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.05.17 12:58:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.05.17 12:58:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.05.17 12:58:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.05.17 12:58:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.05.17 12:58:06 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.05.17 12:58:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.03.17 15:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004.03.17 15:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001.11.15 14:07:30 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Amoucplx.dll
[2001.11.15 13:45:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Amuninst.exe
[2001.11.15 13:45:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\Amsample.dll
[2001.06.14 17:40:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Amhooker.dll
[2000.12.13 16:10:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Amoures.dll
 
========== LOP Check ==========
 
[2011.02.25 16:31:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.02.25 16:32:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter
[2011.03.04 20:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
[2009.02.17 16:44:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.02.15 01:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.05.14 17:27:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2008.09.07 23:05:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2009.11.15 02:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments
[2010.08.29 18:01:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2011.02.15 01:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2009.06.21 03:25:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008.09.07 21:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Propellerhead Software
[2010.12.30 11:23:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sincell
[2010.03.30 23:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2008.12.21 15:45:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006.08.16 15:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010.05.02 16:35:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.02.22 01:40:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.06.26 22:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.11.15 02:57:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
[2009.11.15 02:55:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}
[2009.11.15 02:54:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2009.02.17 16:45:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2009.02.17 16:48:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2009.02.17 16:45:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Pro
[2010.05.03 00:09:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.02.13 17:01:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FMZilla
[2010.09.14 18:50:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FreeFLVConverter
[2010.01.05 04:05:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FrostWire
[2009.06.13 01:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FVZilla
[2010.12.29 01:16:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GetRightToGo
[2009.02.13 16:53:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GrabPro
[2011.03.29 19:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2009.11.20 23:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2011.02.16 21:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LimeWire
[2010.02.28 03:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Miranda
[2009.06.23 21:02:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mp3tag
[2009.01.23 13:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller
[2010.09.01 16:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\NCH Swift Sound
[2010.07.09 14:57:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia
[2009.12.24 19:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nseries
[2010.04.17 15:28:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera
[2009.09.06 05:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Orbit
[2009.12.24 20:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Suite
[2011.04.03 18:05:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong
[2008.09.09 22:09:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Propellerhead Software
[2008.10.02 14:55:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Samsung
[2010.12.30 11:23:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sincell
[2010.07.13 08:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SoftGrid Client
[2011.03.30 21:27:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TeamViewer
[2010.07.13 00:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TP
[2011.04.02 01:27:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TUMessenger
[2011.04.03 16:31:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vghd
[2010.02.19 18:00:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\ipsphaco.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C980DA7D

< End of report >

--- --- ---

OTL Extra:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 03.04.2011 20:24:14 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,00 Mb Total Physical Memory | 622,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 89,47 Gb Free Space | 38,42% Space Free | Partition Type: NTFS
Drive E: | 15,03 Gb Total Space | 5,70 Gb Free Space | 37,90% Space Free | Partition Type: FAT32
Drive L: | 465,76 Gb Total Space | 343,99 Gb Free Space | 73,86% Space Free | Partition Type: NTFS
 
Computer Name: HEIM-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:FlashGet -- (FlashGet.com)
"C:\Programme\Free Music Zilla\FMZilla.exe" = C:\Programme\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Programme\MessengerDiscovery\MessengerDiscovery Live.exe" = C:\Programme\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon -- (MessengerDiscovery)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library
"C:\Programme\Electronic Arts\Dead Space\Dead Space.exe" = C:\Programme\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™
"C:\Programme\Steam\steamapps\common\fear2spdemo\FEAR2SPDemo.exe" = C:\Programme\Steam\steamapps\common\fear2spdemo\FEAR2SPDemo.exe:*:Enabled:F.E.A.R. 2: Project Origin Single-player Demo -- (Monolith Productions, Inc.)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process  -- (Nokia Corporation)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\Sierra\FEAR\FEARMP.exe" = C:\Programme\Sierra\FEAR\FEARMP.exe:*:Enabled:F.E.A.R. -- (Monolith Productions, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Sierra\FEAR\FEARServer.exe" = C:\Programme\Sierra\FEAR\FEARServer.exe:*:Enabled:F.E.A.R. - Stand-Alone Server -- (Monolith Productions, Inc.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\Free Video Zilla\FVZilla.exe" = C:\Programme\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Unreal Tournament 3\Binaries\UT3.exe" = C:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:UT3 -- ()
"C:\Programme\RelevantKnowledge\rlvknlg.exe" = C:\Programme\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Programme\Miranda IM\miranda32.exe" = C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = Oxin's Style! 3D Sexvilla 2.058.002
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}" = Nokia Nseries Video Manager
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{309A4810-C1A1-4BAC-888A-5BB93BC707F4}" = Nokia NSeries One Touch Access
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37D33EA0-A902-4925-8081-9AF88CB86EE1}" = Nokia NSeries Content Copier
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4B6E7269-2948-4E5B-9C82-3B4803AEDD37}" = Nokia NSeries Application Installer
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}" = Nokia PC Suite
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{649CB8E9-4A54-409C-B0D8-7D6865329D26}" = Nokia Download!
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2220_Help
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}" = FEAR Perseus Mandate
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9BB873FA-4907-4BF5-829D-8C18BD68F3A5}" = Nokia Nseries PC Suite
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5DB5FBF-F037-4BEE-A110-257E89EDD8BB}" = Microsoft Word in Works Suite-Add-In
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD64CA10-B597-4C84-869F-1903013E3697}" = Nokia Photos
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF3BAA39-989D-4EC4-9224-44D578494B5B}" = Nokia NSeries System Utilities
"{D0AC6844-79D4-11D4-AFEE-00C04F443448}" = Microsoft Works 6.0
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E62C495C-3880-46E9-89AE-87F47E71B280}" = Mirar
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2220_ProductContext
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F659CCC7-63C8-49CC-8A76-34131CE5D3A8}" = Tube Toolbox
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Video FX Utility" = Erweitertes Video FX
"ArtMoney SE_is1" = ArtMoney SE v7.26
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bome's Mouse Keyboard_is1" = Bome's Mouse Keyboard 2.00
"Canon MP490 series Benutzerregistrierung" = Canon MP490 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine 
"Creative Live! Cam Voice" = Creative Live! Cam Voice (1.00.08.0206)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative WebCam Center" = Creative WebCam Center
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.3)
"FlashGet" = FlashGet 1.9.6.1073
"FLV Player" = FLV Player 2.0 (build 25)
"FLV Player2.0 " = FLV Player
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"Free Music Zilla_is1" = Free Music Zilla
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video Zilla_is1" = Free Video Zilla
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.30
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple Virtual Midi Cable_is1" = Hurchalla Maple VMidi Cable v3.56
"Messenger Plus! Live" = Messenger Plus! Live
"MessengerDiscovery Live_is1" = MessengerDiscovery Live 1.3.0322
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mp3tag" = Mp3tag v2.43
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Netlog 24" = Netlog 24
"Netlog Music Tool" = Netlog Music Tool
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia NSeries Application Installer" = Nokia NSeries Application Installer 6.84.2114
"Nokia NSeries Content Copier" = Nokia NSeries Content Copier 6.84.2114
"Nokia NSeries One Touch Access" = Nokia NSeries One Touch Access 6.84.2114
"Nokia NSeries System Utilities" = Nokia NSeries System Utilities 6.84.2114
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.01.1190" = Opera 11.01
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"PKR" = PKR
"PremElem70" = Adobe Premiere Elements 7.0
"Product" = Savage 2.00e
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 16475" = F.E.A.R. 2: Project Origin Single-player Demo
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"SysInfo" = Creative-Systeminformationen
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"TUMessenger" = TUMessenger
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"vghd" = VirtuaGirl HD
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"VideoGet_is1" = Nuclear Coffee - VideoGet
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WheelMouse" = Trust Ami Mouse 250S Cordless
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001-Setup-Start
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Netlog Uploader" = Netlog Uploader
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.01.2010 19:57:22 | Computer Name = HEIM-PC | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 17.01.2010 18:59:26 | Computer Name = HEIM-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 11.0.5721.5145, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.02.2010 18:18:04 | Computer Name = HEIM-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung script-fu.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.02.2010 18:18:05 | Computer Name = HEIM-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung script-fu.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.02.2010 18:18:50 | Computer Name = HEIM-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung gimp-2.6.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.02.2010 20:56:25 | Computer Name = HEIM-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung blur-motion.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.02.2010 21:00:22 | Computer Name = HEIM-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung blur-gauss-selective.exe, Version 0.0.0.0,
 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.02.2010 21:00:25 | Computer Name = HEIM-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung blur-gauss-selective.exe, Version 0.0.0.0,
 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.02.2010 11:29:37 | Computer Name = HEIM-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 11.0.5721.5145, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 18.02.2010 19:55:36 | Computer Name = HEIM-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msnmsgr.exe, Version 14.0.8089.726, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x02359610.
 
[ System Events ]
Error - 15.02.2010 09:13:04 | Computer Name = HEIM-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 18.02.2010 19:01:57 | Computer Name = HEIM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "HTTP-SSL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.02.2010 19:03:23 | Computer Name = HEIM-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 18.02.2010 21:59:16 | Computer Name = HEIM-PC | Source = EFS | ID = 333682
Description = Es können keine Datenträgernamen vom Plug & Play-Dienst ermittelt 
werden. Der EFS-Server wird nicht versuchen, unterbrochene  Ver-/Entschlüsselungsvorgänge
 zu ermitteln.
 
Error - 18.02.2010 21:59:34 | Computer Name = HEIM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "HTTP-SSL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.02.2010 22:00:56 | Computer Name = HEIM-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 19.02.2010 08:00:57 | Computer Name = HEIM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "HTTP-SSL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 19.02.2010 08:02:19 | Computer Name = HEIM-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 19.02.2010 11:28:10 | Computer Name = HEIM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "HTTP-SSL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 19.02.2010 11:29:34 | Computer Name = HEIM-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
 
< End of report >

--- --- ---

cosinus · 03.04.2011, 19:53

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C980DA7D
[2011.04.03 16:31:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vghd
[2011.04.03 18:05:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong
[2010.05.02 16:35:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.02.22 01:40:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.06.26 22:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.11.15 02:57:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
[2009.11.15 02:55:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}
[2009.11.15 02:54:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2008.12.11 20:23:11 | 001,646,522 | -HS- | C] () -- C:\WINDOWS\System32\sqaplici.ini
[2008.12.11 20:20:08 | 000,544,700 | -HS- | C] () -- C:\WINDOWS\System32\nWGgOXyb.ini2
[2008.12.11 20:20:08 | 000,544,411 | -HS- | C] () -- C:\WINDOWS\System32\nWGgOXyb.ini
[2011.03.07 02:38:23 | 000,033,183 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\D9F2.CF0
[2011.03.28 18:19:57 | 000,061,440 | ---- | C] ( Jeff Hurchalla) -- C:\WINDOWS\System32\marblaxp.dll
[2011.03.28 18:19:57 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\mapleapi.dll
[2011.03.28 18:19:57 | 000,024,720 | ---- | C] (Jeff Hurchalla and Marble Sound) -- C:\WINDOWS\System32\drivers\mapledxp.sys
[2011.03.28 18:19:56 | 000,053,248 | ---- | C] ( Marble Sound) -- C:\WINDOWS\System32\drivers\maplevmd000.exe
[2011.03.28 18:19:56 | 000,031,624 | ---- | C] (Jeff Hurchalla and Marble Sound) -- C:\WINDOWS\System32\mapledxp.dll
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.07 23:06:17 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\byXOgGWn) -  File not found
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll -  File not found
O20 - Winlogon\Notify\qoMgHBsQ: DllName - qoMgHBsQ.dll -  File not found
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (FlashGet(??)-Best Download Manager)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AF5F56C9-F3E5-4061-95FA-CAC2286DF326} - No CLSID value found.
O2 - BHO: (no name) - {E27A7DD9-571A-3ACC-8391-5E70A6EF2738} - No CLSID value found.
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (FlashGet(??)-Best Download Manager)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {E62C495C-3880-46E9-89AE-87F47E71B280} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57152
FF - prefs.js..network.proxy.type: 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
:Files
C:\Dokumente und Einstellungen\***\Anwendungsdaten\3D Sexvilla 2.058.002 OxS!®.exe
C:\WINDOWS\Tasks\*.job
C:\WINDOWS\system32\byXOgGWn
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Agent_UG8 · 03.04.2011, 20:27

Okay hier die Logfile:

Zitat:

All processes killed
========== OTL ==========
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

FC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C980DA7D deleted successfully.
Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\vghd\ not found.
Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong\ not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C59C4281-5384-43B2-9E48-2FA6F8967AB1} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} folder moved successfully.
C:\WINDOWS\system32\sqaplici.ini moved successfully.
C:\WINDOWS\system32\nWGgOXyb.ini2 moved successfully.
C:\WINDOWS\system32\nWGgOXyb.ini moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\D9F2.CF0 moved successfully.
C:\WINDOWS\system32\marblaxp.dll moved successfully.
C:\WINDOWS\system32\mapleapi.dll moved successfully.
C:\WINDOWS\system32\drivers\mapledxp.sys moved successfully.
C:\WINDOWS\system32\drivers\maplevmd000.exe moved successfully.
C:\WINDOWS\system32\mapledxp.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\byXOgGWn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMgHBsQ\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Programme\Freecorder\prxtbFre0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ deleted successfully.
C:\Programme\FlashGet\jccatch.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF5F56C9-F3E5-4061-95FA-CAC2286DF326}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF5F56C9-F3E5-4061-95FA-CAC2286DF326}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E27A7DD9-571A-3ACC-8391-5E70A6EF2738}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E27A7DD9-571A-3ACC-8391-5E70A6EF2738}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F156768E-81EF-470C-9057-481BA8380DBA}\ deleted successfully.
C:\Programme\FlashGet\getflash.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E62C495C-3880-46E9-89AE-87F47E71B280} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E62C495C-3880-46E9-89AE-87F47E71B280}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 57152 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
========== FILES ==========
C:\Dokumente und Einstellungen\***\Anwendungsdaten\3D Sexvilla 2.058.002 OxS!®.exe moved successfully.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job moved successfully.
C:\WINDOWS\Tasks\Google Software Updater.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cb0d94d69206ea.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2279412749-2558116402-30164335-1006Core.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2279412749-2558116402-30164335-1006UA.job moved successfully.
C:\WINDOWS\Tasks\ipsphaco.job moved successfully.
File\Folder C:\WINDOWS\system32\byXOgGWn not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 141771 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 348 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 14968659 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2554104 bytes

User: ***

User: ***
->Temp folder emptied: 186220350 bytes
->Temporary Internet Files folder emptied: 3354974 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89351064 bytes
->Opera cache emptied: 7964569 bytes
->Flash cache emptied: 4725 bytes

User: Zeynep
->Temp folder emptied: 24226750 bytes
->Temporary Internet Files folder emptied: 123784843 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79041470 bytes
->Opera cache emptied: 21034244 bytes
->Flash cache emptied: 14832 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2775943 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5065849 bytes
RecycleBin emptied: 5831810112 bytes

Total Files Cleaned = 6.096,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04032011_210934

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\Z5T5NULH\default;sz=300x250;kl=N;klg=de;kt=K;kga=-1;kr=F;kw=clownin+out;kgg=-1;kcr=de;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=784995398905672[1].9 not found!
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\Z5T5NULH\music_urbanhiphop;sz=300x250;kl=N;klg=de;kt=K;kga=-1;kr=F;kw=candy+snoop+dogg;kgg=-1;kcr=de;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=1240242996530899[1].2 not found!
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\Z5T5NULH\thYRn5E;kpu=HottieSarah12;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=XRKgthYRn5E%7C6;kgg=-1;kcr=de;custp=mC5W7t0YZcqG0xLWj4k6LQ;dc_dedup=1;ptile=1;dcopt=ist;ord=8315560[1].htm not found!
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\Y3K56JXJ\dUdUpTwT9LsOEnVHWAADTbg%2FB%3Dby0uANkMBas-%2FJ%3D1238703456868002%2FK%3D2QXkmVNwYhkpvf9R4N1y8w%2FA%3D200805651%2FR%3D0%2F%2A%24,http%3A%2F%2Fde.netlog[1].com%2F,;ord=1238703457 not found!
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\MU3HY3YL\music_urbanhiphop;sz=300x250;kl=N;klg=de;kt=K;kga=-1;kr=F;kw=lil+mama+shawty+get+loose;kgg=-1;kcr=de;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=124628969307219[1].45 not found!
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\LS4YOZ14\music_lyricstabs;sz=300x250;kl=N;klg=de;kt=K;kga=-1;kr=F;kw=tell+me+when+to+go;kgg=-1;kcr=de;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=8109088167135003[1] not found!

Registry entries deleted on Reboot...

an einigen Stellen lässt sich "not found" auffinden. Ich habe meinen Nutzernamen in den Logfiles durch *** ersetzt. Könnte das daran liegen? und wirkt sich das negativ auf das Ergebnis aus?

Agent_UG8 · 03.04.2011, 20:57

der Smiley in der 3. Zeile ist natürlich ein doppelpunkt gefolgt von einem großen D

cosinus · 04.04.2011, 10:10

Zitat:

Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\vghd\ not found.
Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong\ not found.

Hast du das ausgesternte VORHER wieder in den richtigen Namen zurückgeschrieben? Musst du machen, ist ja klar.

Wenn nicht, nachholen und das Script namenskorrigiert nochmal ausführen!

Agent_UG8 · 04.04.2011, 22:15

erledigt

Zitat:

All processes killed
========== OTL ==========
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

FC5A2B2 .
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C980DA7D .
C:\Dokumente und Einstellungen\***\Anwendungsdaten\vghd\Data\skins\VirtuaGirlHD\classic skin folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\vghd\Data\skins\VirtuaGirlHD folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\vghd\Data\skins folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\vghd\Data folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\vghd folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong folder moved successfully.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\ not found.
File C:\WINDOWS\System32\sqaplici.ini not found.
File C:\WINDOWS\System32\nWGgOXyb.ini2 not found.
File C:\WINDOWS\System32\nWGgOXyb.ini not found.
File C:\Dokumente und Einstellungen\***\Anwendungsdaten\D9F2.CF0 not found.
File C:\WINDOWS\System32\marblaxp.dll not found.
File C:\WINDOWS\System32\mapleapi.dll not found.
File C:\WINDOWS\System32\drivers\mapledxp.sys not found.
File C:\WINDOWS\System32\drivers\maplevmd000.exe not found.
File C:\WINDOWS\System32\mapledxp.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\byXOgGWn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMgHBsQ\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ not found.
File C:\Programme\FlashGet\jccatch.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF5F56C9-F3E5-4061-95FA-CAC2286DF326}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF5F56C9-F3E5-4061-95FA-CAC2286DF326}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E27A7DD9-571A-3ACC-8391-5E70A6EF2738}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E27A7DD9-571A-3ACC-8391-5E70A6EF2738}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F156768E-81EF-470C-9057-481BA8380DBA}\ not found.
File C:\Programme\FlashGet\getflash.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E62C495C-3880-46E9-89AE-87F47E71B280} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E62C495C-3880-46E9-89AE-87F47E71B280}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 57152 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\prxtbFre0.dll not found.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\3D Sexvilla 2.058.002 OxS!®.exe not found.
File\Folder C:\WINDOWS\Tasks\*.job not found.
File\Folder C:\WINDOWS\system32\byXOgGWn not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ***

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 71344 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 0 bytes

User: Zeynep
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10788 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04042011_230659

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 05.04.2011, 10:47

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Agent_UG8 · 06.04.2011, 16:11

kommt sofort

cosinus · 06.04.2011, 16:17

Was und nun? Posting überlesen?

Agent_UG8 · 06.04.2011, 19:52

so hier die Logfile von ComboFix

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-04-05.02 - *** 06.04.2011  20:46:01.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.958.562 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\***\WINDOWS
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\PriceGong\Data\z.xml
c:\windows\system32\shimg.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-06 bis 2011-04-06  ))))))))))))))))))))))))))))))
.
.
2011-04-03 19:09 . 2011-04-03 19:09	--------	d-----w-	C:\_OTL
2011-04-03 14:42 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 14:42 . 2011-04-03 14:42	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-04-03 14:42 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-28 17:39 . 1998-06-30 12:28	19968	----a-r-	c:\windows\system32\sfvmr.dll
2011-03-28 17:39 . 1998-06-30 12:28	11584	----a-r-	c:\windows\system32\drivers\sfvmr.sys
2011-03-28 17:28 . 2011-03-28 17:49	--------	d-----w-	c:\programme\Bome's Mouse Keyboard
2011-03-28 16:19 . 2011-03-28 16:19	673546	----a-w-	c:\windows\unins000.exe
2011-03-28 13:00 . 2011-03-28 13:00	173	----a-w-	c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\Microsoft\gb_1996046.bat
2011-03-28 12:28 . 2011-03-28 12:28	173	----a-w-	c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\Microsoft\gb_104453.bat
2011-03-24 22:45 . 2011-03-24 22:45	--------	d-----r-	c:\dokumente und einstellungen\LocalService\Favoriten
2011-03-13 22:57 . 2011-03-13 22:57	--------	d-----w-	c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\FVZilla
2011-03-08 13:31 . 2011-03-08 13:31	--------	d-----w-	c:\dokumente und einstellungen\Zeynep\Lokale Einstellungen\Anwendungsdaten\Conduit
2011-03-08 13:31 . 2011-03-13 23:00	--------	d-----w-	c:\dokumente und einstellungen\Zeynep\Lokale Einstellungen\Anwendungsdaten\Freecorder
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 22:01 . 2009-03-18 18:26	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-03-24 22:01 . 2009-03-18 18:26	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-09 13:53 . 2006-05-17 10:58	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-05-17 10:58	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2006-05-17 11:10	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-05-17 11:10	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-05-17 10:58	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-05-17 10:58	290048	----a-w-	c:\windows\system32\atmfd.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\system32\msfDX.dll
2007-12-17 13:43	27648	--sh--w-	c:\windows\system32\Smab0.dll
.
.
------- Sigcheck -------
.
[-] 2009-08-06 18:24 . 218214BAB31F290DF0EDB5EF59408E78 . 53472 . . [------] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-04-14 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\programme\Microsoft Works\WkDetect.exe" [2000-07-21 28739]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-03-24 281768]
"hpqSRMon"="c:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Freecorder FLV Service"="c:\programme\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi5"=mapledxp.dll
"midi6"=sfvmr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Erinnerungen in Microsoft Works-Kalender.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen in Microsoft Works-Kalender.lnk
backup=c:\windows\pss\Erinnerungen in Microsoft Works-Kalender.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Nokia Nseries PC Suite.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Smart Wizard Wireless Settings.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Smart Wizard Wireless Settings.lnk
backup=c:\windows\pss\Smart Wizard Wireless Settings.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^DesktopVideoPlayer.LNK]
path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^TUMessenger.lnk]
path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\TUMessenger.lnk
backup=c:\windows\pss\TUMessenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programme
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\programme\Free Video Zilla
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07	932288	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47	35760	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10	1983816	----a-w-	c:\programme\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00	299008	------w-	c:\programme\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39	1164584	----a-w-	c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 18:09	167936	----a-w-	c:\programme\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-13 20:21	133104	----atw-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 06:38	241664	----a-w-	c:\programme\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24	54840	----a-w-	c:\programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46	172032	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08	421160	----a-w-	c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2000-07-12 20:30	311350	----a-w-	c:\programme\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-21 22:55	28739	----a-w-	c:\programme\Microsoft Works\WkDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12	3872080	----a-w-	c:\programme\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog 24]
2008-09-07 21:06	1380352	----a-w-	c:\programme\Netlog 24\Notifier\Netlog24Notifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog Music Tool]
2010-03-29 21:27	1728456	----a-w-	c:\programme\Netlog Music Tool\NetlogMusicTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-07 12:33	13574144	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 12:33	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 12:33	1630208	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 10:34	1414144	----a-w-	c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-01 14:22	577536	----a-w-	c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 03:19	148888	----a-w-	c:\programme\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-07 22:23	39408	----a-w-	c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 01:33	53248	----a-w-	c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-11-01 02:15	163840	----a-w-	c:\windows\system32\VTTrayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-24 18:05	204288	------w-	c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-07-12 19:15	24576	----a-w-	c:\programme\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9129af1c66286"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"HTTPFilter"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)
"Zwangie Service"=2 (0x2)
"ServiceLayer"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"NVSvc"=2 (0x2)
"WZCSVC"=2 (0x2)
"TapiSrv"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\FlashGet\\flashget.exe"=
"c:\\Programme\\Free Music Zilla\\FMZilla.exe"=
"c:\\Programme\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Programme\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\LimeWire\\LimeWire.exe"=
"c:\\Programme\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Sierra\\FEAR\\FEARServer.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\Lager\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\Lager\\hpqkygrp.exe"=
"c:\\Programme\\Free Video Zilla\\FVZilla.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Programme\\Messenger\\Msmsgs.exe"=
"c:\\Programme\\Miranda IM\\miranda32.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.02.2009 16:41 717296]
R1 sfvmr;sfvmr;c:\windows\system32\drivers\sfvmr.sys [28.03.2011 19:39 11584]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 20:26 135336]
R3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (6);c:\windows\system32\drivers\Amps2prt.sys [19.10.2001 14:57 9056]
R3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [07.09.2008 23:07 93056]
R3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [07.09.2008 23:07 4992]
R3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [07.09.2008 23:07 179040]
S1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.SYS --> c:\windows\system32\drivers\mapledxp.SYS [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.02.2011 01:40 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.02.2011 01:40 8320]
S4 gupdate1c9129af1c66286;Google Update Service (gupdate1c9129af1c66286);c:\programme\Google\Update\GoogleUpdate.exe [09.09.2008 18:41 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57152
IE: &Alles mit FlashGet laden - c:\programme\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\programme\FlashGet\jc_link.htm
IE: Free YouTube Download - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: team-ulm.de\www
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.http - 
FF - prefs.js: network.proxy.http_port - 
FF - prefs.js: network.proxy.type - 
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: RedShift V3.6: redshift_V2@shift-themes.com - %profile%\extensions\redshift_V2@shift-themes.com
FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de
FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\programme\Google\Google Gears\Firefox
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E62C495C-3880-46E9-89AE-87F47E71B280} - (no file)
MSConfigStartUp-AOLMIcon - c:\programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
MSConfigStartUp-conhost - c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\conhost.exe
MSConfigStartUp-GabPath - c:\dokumente und einstellungen\***\Anwendungsdaten\GabPath\gabpath.exe
MSConfigStartUp-Generic Host - wauclt.exe
MSConfigStartUp-ISTray - c:\programme\Spyware Doctor\pctsTray.exe
MSConfigStartUp-SfKg6wIPuSp - c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Windows\jnipmo.exe
MSConfigStartUp-WheelMouse - Amoumain.exe
MSConfigStartUp-WinampAgent - c:\programme\Winamp\winampa.exe
AddRemove-Native Instruments Audio 8 DJ Driver - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}\Audio 8 DJ Driver Setup.exe
AddRemove-Native Instruments Service Center - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe
AddRemove-Native Instruments Traktor - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}\Traktor Setup.exe
AddRemove-vghd - c:\dokumente und einstellungen\***\Startmenü\Programme\VirtuaGirl HD\uninstall.lnk
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}\Traktor Setup.exe
AddRemove-{470BB39A-7231-4077-AD3D-86067AD04604} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}\Audio 8 DJ Driver Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-06 20:51
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2279412749-2558116402-30164335-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,d5,62,a8,8a,bf,2f,e0,6e,61,47,a4,06,aa,0b,85,76,14,4c,65,12,75,4d,
   a3,5d,56,06,50,7a,6b,07,b8,32,63,45,28,24,f3,d4,a2,24,e8,37,7e,c0,25,ca,d7,\
"??"=hex:67,12,4c,e4,78,16,da,a1,45,e0,30,ca,8f,fa,38,ec
.
[HKEY_USERS\S-1-5-21-2279412749-2558116402-30164335-1006\Software\SecuROM\License information*]
"datasecu"=hex:24,80,6f,8a,1e,4d,e2,0a,ba,23,36,d0,1c,81,d8,2a,aa,71,7c,64,3c,
   d0,c7,c8,5a,9b,45,3c,c6,38,65,23,62,7f,4a,17,d8,15,b9,e8,13,42,84,dc,ae,cb,\
"rkeysecu"=hex:f2,a0,aa,fb,a5,02,4a,07,03,a4,74,97,68,7d,14,7c
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Zeit der Fertigstellung: 2011-04-06  20:53:45
ComboFix-quarantined-files.txt  2011-04-06 18:53
.
Vor Suchlauf: 18 Verzeichnis(se), 110.921.981.952 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 110.961.999.872 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 228596368FADCC7465E547843C7651F3

--- --- ---

cosinus · 06.04.2011, 21:41

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

FCopy::
c:\windows\system32\dllcache\wuauclt.exe | c:\windows\system32\wuauclt.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-

File::
c:\windows\system32\drivers\mapledxp.SYS

Driver::
mapledxp

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

03.04.2011, 18:00	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Internet verbindet nicht mehr nach malwarebytes anti-malware Bereinigung Anleitung lesen und all Fragen sollten sich erübrigen __________________ Logfiles bitte immer in CODE-Tags posten

06.04.2011, 16:17	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Internet verbindet nicht mehr nach malwarebytes anti-malware Bereinigung Was und nun? Posting überlesen? __________________ Logfiles bitte immer in CODE-Tags posten

Internet verbindet nicht mehr nach malwarebytes anti-malware Bereinigung

Plagegeister aller Art und deren Bekämpfung: Internet verbindet nicht mehr nach malwarebytes anti-malware Bereinigung