Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Battle.net Account gehackt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.07.2011, 21:02   #1
Lexore
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Huhu,

das Problem kennen wohl viele, mein Battle.net Account wurde gehackt.
Anscheinend hat jemand mein schon lange auf Eis liegenden WoW-Account wieder reaktiviert und das übliche ist passiert. Charaktere gelöscht, Items gelöscht etc.
Komisch nur, dass jemand Geld ausgibt, um den Account wieder zu aktivieren und dann alle Sachen löscht. Das muss man erstmal verstehen?!

Naja von Blizzard gibt es ja auch Tipps wie man sich vor Accountdiebstahl schützt. Nur das sind halt normale 0815 Tipps, die ich sowieso befolge.

Aber anscheinend muss ja doch jemand an das Passwort gekommen sein.
6 Monate nachdem ich mich das letzte Mal eingeloggt hatte, war erst der Übeltäter an meinem Account zu schaffen.
Komisch nach so einer langen Zeit oder?

Ich fühle mich derzeit ziemlich unsicher am PC, obwohl ich immer dachte, ich kenne mich damit schon ein wenig aus und mir wird sowas nie passieren.
Tjoa, anscheinend lag ich falsch.

Der Virenscanner hat folgendes gefunden:
vlc-0.9.9-win32.exe HEUR:Trojan.Win32.StartPage
Ich behaupte mal, dass das nur eine Fehlmeldung ist oder?

Man die Logs geben ja gut was preis
Hier nun die Logs:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:08 on 02/07/2011 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Code:
ATTFilter
OTL logfile created on: 02.07.2011 18:15:22 - Run 1
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\***\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,25% Memory free
9,87 Gb Paging File | 8,22 Gb Available in Paging File | 83,23% Paging File free
Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 61,52 Gb Total Space | 9,97 Gb Free Space | 16,21% Space Free | Partition Type: NTFS
Drive D: | 96,91 Gb Total Space | 18,01 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive E: | 74,45 Gb Total Space | 2,77 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive G: | 368,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 78,13 Gb Total Space | 28,25 Gb Free Space | 36,16% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 77,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive K: | 76,63 Gb Total Space | 75,64 Gb Free Space | 98,72% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 28,14 Gb Free Space | 3,02% Space Free | Partition Type: NTFS
Drive P: | 931,51 Gb Total Space | 745,92 Gb Free Space | 80,08% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.02 18:05:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.08.20 15:10:52 | 000,340,520 | ---- | M] (Kaspersky Lab) -- E:\Programme\Kaspersky Internet Security 2010\avp.exe
PRC - [2010.04.13 00:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2007.12.13 17:45:12 | 000,461,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
PRC - [2007.09.28 10:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- E:\Programme\Belkin\Connect.exe
PRC - [2007.01.09 09:48:58 | 000,147,456 | ---- | M] (Razer Inc.) -- E:\Programme\Razer Copperhead\razerofa.exe
PRC - [2005.11.25 10:54:32 | 000,147,456 | ---- | M] () -- E:\Programme\Razer Copperhead\razertra.exe
PRC - [2005.11.25 10:53:40 | 000,155,648 | ---- | M] () -- E:\Programme\Razer Copperhead\razerhid.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.02 18:05:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.19 00:00:54 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Programme\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.02 18:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.20 16:37:06 | 000,144,712 | ---- | M] (H+H Software GmbH) [Disabled | Stopped] -- P:\Programme\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010.08.20 15:10:52 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- E:\Programme\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010.06.16 17:38:00 | 000,395,048 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.06 18:32:00 | 003,819,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.04.10 03:32:00 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.05.21 09:14:58 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vdrv1000.sys -- (vdrv1000)
DRV:64bit: - [2009.11.27 21:20:40 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2009.10.14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2009.10.02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.09.14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009.09.01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009.07.09 11:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2007.10.03 09:42:00 | 000,078,952 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2007.01.16 11:36:20 | 000,411,648 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006.05.24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2010.06.01 20:26:21 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Programme\RivaTuner\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 4A 3E 3B 15 DB CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..extensions.enabledItems: {586bd060-22d6-11de-8c30-0800200c9a66}:3.6.6
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.06.22 21:52:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.17 11:59:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: E:\Programme\Kaspersky Internet Security 2010\THBExt [2009.11.27 21:15:57 | 000,000,000 | ---D | M]
 
[2009.07.14 11:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.29 21:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions
[2010.10.29 18:21:38 | 000,000,000 | ---D | M] (Revelation) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
[2010.10.29 18:19:36 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.10.29 18:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.10.29 18:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}\chrome\win\mozapps\extensions
[2010.10.29 18:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.10.29 18:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
File not found (No name found) -- 
[2011.02.16 01:29:07 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Programme\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Programme\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Programme\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Programme\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] D:\Programme\RivaTuner\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] E:\Programme\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Copperhead] E:\Programme\Razer Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Netzwerk USB-Hub Kontrollzentrum.lnk = E:\Programme\Belkin\Connect.exe (Belkin International, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - E:\Programme\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - E:\Programme\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Programme\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Programme\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Programme\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Programme\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\x64\sbhook64.dll) - E:\Programme\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\x64\kloehk.dll) - E:\Programme\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\mzvkbd3.dll) - E:\Programme\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\sbhook.dll) - E:\Programme\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: I:\***\Bilder\3D Design Arts\01324_newyorkcitybypaulobarcellosjr_1280x800.jpg
O24 - Desktop BackupWallPaper: I:\***\Bilder\3D Design Arts\01324_newyorkcitybypaulobarcellosjr_1280x800.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [1782.10.23 12:17:10 | 000,030,720 | R--- | M] () - G:\AUTORUN.DOC -- [ CDFS ]
O32 - AutoRun File - [1904.02.09 05:14:20 | 000,210,432 | R--- | M] () - G:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1782.08.29 12:58:58 | 000,000,042 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1782.10.26 10:21:24 | 000,006,764 | R--- | M] () - G:\AUTORUN.TXT -- [ CDFS ]
O33 - MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\Shell - "" = AutoRun
O33 - MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O33 - MountPoints2\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE -- [1904.02.09 05:14:20 | 000,210,432 | R--- | M] ()
O33 - MountPoints2\{be547361-e40f-11df-a57d-001a922b802a}\Shell - "" = AutoRun
O33 - MountPoints2\{be547361-e40f-11df-a57d-001a922b802a}\Shell\AutoRun\command - "" = F:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {83D74AF9-FED4-02D0-08FB-00842C42E680} - DirectX
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - D:\Programme\Quick Time\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: VC10Player - hkey= - key= - P:\Programme\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.02 18:05:57 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.06.28 14:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.02 18:10:35 | 000,004,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.02 18:10:35 | 000,004,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.02 18:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.02 18:10:30 | 4293,451,776 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.02 18:08:06 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.07.02 18:05:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.07.02 18:05:05 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.06.30 13:55:14 | 002,181,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.25 16:55:38 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.25 16:55:38 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.25 16:55:38 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.25 16:55:37 | 001,467,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.25 16:55:37 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.20 18:34:32 | 000,234,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.12 14:32:08 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.02 18:08:06 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.07.02 18:05:57 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2010.06.06 16:27:58 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.12.23 01:59:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009.10.30 01:12:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.10.30 01:01:56 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.10.30 01:01:56 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.09.01 15:28:45 | 000,234,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.19 09:41:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 11:50:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.13 20:50:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.13 20:50:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.13 20:49:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.13 20:49:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.13 20:12:55 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.07.13 19:38:58 | 000,001,460 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.01.14 22:35:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2009.08.05 20:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acreon
[2010.12.19 12:58:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision
[2011.05.01 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.07 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.06.08 21:47:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2010.12.17 20:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2009.10.12 20:36:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2010.05.07 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl
[2010.06.08 16:09:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian
[2011.02.20 01:26:31 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Virtual CD v10
[2011.03.02 21:24:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2011.07.02 18:08:54 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.07.13 19:39:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.13 21:07:04 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.06.28 15:08:03 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 17:41:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.13 19:36:06 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.08 19:39:57 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.13 20:38:33 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.10 15:23:00 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.03.18 03:17:26 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.05.29 15:47:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.07.13 19:36:06 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.11.24 21:17:46 | 000,000,000 | ---D | M] -- C:\symbols
[2011.03.02 21:37:18 | 000,000,000 | ---D | M] -- C:\SymCache
[2011.07.02 18:17:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.07.13 19:38:57 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.02 18:10:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2006.11.02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.01.19 00:00:16 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2006.11.02 13:16:04 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=272D4789B7BAAEDDE73E85A380A670DD -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_4e168eec974b06f9\regedit.exe
[2008.01.19 00:00:32 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.19 00:00:32 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_586b393ecbabc8f4\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 00:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 00:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 00:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 02.07.2011 18:15:22 - Run 1
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\***\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,25% Memory free
9,87 Gb Paging File | 8,22 Gb Available in Paging File | 83,23% Paging File free
Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 61,52 Gb Total Space | 9,97 Gb Free Space | 16,21% Space Free | Partition Type: NTFS
Drive D: | 96,91 Gb Total Space | 18,01 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive E: | 74,45 Gb Total Space | 2,77 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive G: | 368,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 78,13 Gb Total Space | 28,25 Gb Free Space | 36,16% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 77,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive K: | 76,63 Gb Total Space | 75,64 Gb Free Space | 98,72% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 28,14 Gb Free Space | 3,02% Space Free | Partition Type: NTFS
Drive P: | 931,51 Gb Total Space | 745,92 Gb Free Space | 80,08% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = AC E9 BF 2B EA 03 CA 01  [binary data]
"VistaSp2" = B4 56 83 31 ED 03 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{071E541C-12A9-4A2F-B84C-F0484BF7DA59}" = lport=56860 | protocol=6 | dir=in | name=pando media booster | 
"{09D10463-E666-4B74-8BBE-290E8EF754FA}" = lport=56860 | protocol=17 | dir=in | name=pando media booster | 
"{117B4038-C5A3-4ACE-8616-FE6E57C4E7F0}" = lport=56860 | protocol=17 | dir=in | name=pando media booster | 
"{191049BF-B5B3-4EA0-A05F-3044ADEDC464}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{26E8E1BF-30A2-4A77-9CCD-CC6491D1AB67}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | 
"{476DA40A-F386-41A4-92AB-496FC6930851}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | 
"{615BCA4E-C05A-4BE4-AF1A-047125BB1CB4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{75170736-DD47-4F60-A1CB-95F50BDA0786}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | 
"{7A93B032-CC00-4591-8926-0CD8E46E512C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7B71FD4D-CCC5-4CA9-933E-F4079CDE4CD6}" = lport=56860 | protocol=6 | dir=in | name=pando media booster | 
"{87A6E7C0-5E1D-494A-9C72-274D95A464BC}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{99F1AE56-860D-4C3E-9DCB-A83A8289E81F}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher | 
"{A4AA45FB-DA53-4861-93F4-6B45AB203BA9}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher | 
"{C4F857C0-4945-400F-866D-67EA4743D9E2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D086B5A0-B120-4B62-9C69-0F9A413D0F0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2863531-E32D-49EB-B244-E86F7D68CDD6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DB639650-3306-47DC-B8EE-9C1F7AAFFCB9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DD8D5265-F5ED-4A23-AB9F-8FF12489F770}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{E1534B44-DAD8-43B4-966C-BCACDCE13BA1}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | 
"{E945F315-C4B7-46AC-BDAF-6A6EBC126C8D}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{EB8C830D-FC7D-4094-9BA6-AA26FE46918B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ECEDD754-57C1-4938-9910-4B6DF1A4A645}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F5ED25AA-EDF0-41D1-BCF1-DE0DCE52F669}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{FDBAE530-009A-441F-BF5F-46A92FA416E7}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DF20F0-3EDF-4266-9B23-109E9F543CF1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0D101C9F-596D-4B3A-AB2E-550E1FD4D63D}" = protocol=17 | dir=in | app=e:\games\dragon age\bin_ship\daorigins.exe | 
"{1C11A81E-BA2D-4D63-8A39-E70F0251A7FF}" = protocol=17 | dir=in | app=p:\games\dragon age 2\bin_ship\dragonage2.exe | 
"{1D829666-752C-4455-9822-A54CC296E984}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"{23E3C83B-DF7A-42C2-8EFB-F555441AC71E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{383348E2-F961-4C7E-86EF-AE57179C2868}" = protocol=17 | dir=in | app=p:\games\dragon age 2\dragonage2launcher.exe | 
"{3BE8CBFA-9258-4DE9-AF35-6AA83FCE015E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{462CB1DC-4CD9-4BDA-8E1A-8A6C2382E0CF}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\***\counter-strike\hl.exe | 
"{5068EABF-644E-43D6-865A-2AF9723FE3D7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5CBBB0E3-9102-40FE-8B55-2916883789F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5F2A172A-81E5-4D68-A7F1-C268D1728F92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{654D57DC-8C80-448F-BECC-337DBF4AB333}" = protocol=17 | dir=in | app=p:\games\league of legends\air\lolclient.exe | 
"{67BEFE80-0347-4173-97C7-47A2201CC7C9}" = protocol=17 | dir=in | app=e:\games\dragon age\daoriginslauncher.exe |  
"{6EEC6DBE-C4F7-49D6-A58F-050AAD92994D}" = protocol=6 | dir=in | app=p:\games\league of legends\air\lolclient.exe | 
"{79ADD3D8-CA5C-4A11-826D-46F84B7832D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |  
"{8220453A-E35A-4FA3-8626-69B51F0D20E9}" = protocol=6 | dir=in | app=e:\games\dragon age\bin_ship\daorigins.exe | 
"{91EBF717-6C3F-46DE-B7C8-ED185A2D8347}" = protocol=6 | dir=in | app=p:\games\dragon age 2\bin_ship\dragonage2.exe |  
"{A8B3F0DB-7BB3-48A7-B509-0CDEA49E3C80}" = protocol=6 | dir=in | app=p:\games\league of legends\game\league of legends.exe | 
"{A9D79B2C-76E2-4A5D-8360-EB1D1F800DA9}" = protocol=6 | dir=in | app=e:\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{CA1A1045-6898-4CA8-B343-392379CF5CE6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D199D4B0-48E9-44C0-8F1E-BF5138E4167D}" = protocol=17 | dir=in | app=p:\games\league of legends\game\league of legends.exe | 
"{D32EFF28-6F59-4A60-97FC-64B1BBBDF334}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"{D7CC842B-5D5C-4304-93AB-FE92753F84F7}" = protocol=17 | dir=in | app=e:\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{DAC0392D-2CFC-450A-9A12-6DC94345A8FB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F09CEE49-0A14-483E-B1E6-C25EE69712BE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F197FE8E-A402-4168-AABC-61626F4215D5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F2265A06-C606-4499-B510-E3AD3F11B9C1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\***\counter-strike\hl.exe | 
"{F4AA3E8F-0E72-498F-8949-0D61908FED41}" = protocol=6 | dir=in | app=e:\games\dragon age\daoriginslauncher.exe | 
"{FD21FFCB-6E6A-4628-ABC4-6012F20F3316}" = protocol=6 | dir=in | app=p:\games\dragon age 2\dragonage2launcher.exe | 
"TCP Query User{84161CFB-2EE8-4B37-AAA2-EA9EC049C5C0}E:\programme\belkin\connect.exe" = protocol=6 | dir=in | app=e:\programme\belkin\connect.exe | 
"UDP Query User{C2DDFDFE-39B6-4AFA-A0FF-192362691EBC}E:\programme\belkin\connect.exe" = protocol=17 | dir=in | app=e:\programme\belkin\connect.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{906BDDA8-9E8F-45B7-8520-36F7961FD65D}" = Logitech GamePanel Software 2.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Belkin Network USB Hub Control Center" = Belkin Netzwerk USB-Hub Kontrollzentrum
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsofts for Windows - LIVE
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"DivX Setup.divx.com" = DivX-Setup
"Fraps" = Fraps
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RouterControl" = RouterControl 2.0
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Trillian" = Trillian
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 03.07.2011, 08:50   #2
kira
/// Helfer-Team
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 03.07.2011, 13:31   #3
Lexore
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Moin,

erstmal danke fürs Willkommen heißen

Alle Logs sind fertig, nur noch Mbam läuft noch und das könnte noch etwas dauern. Ich poste dann nachher alles zusammen.

Eigentlich wollte ich das noch nicht sagen, aber ich mache es nun einfach mal.
Ich habe auch den Verdacht, dass mein Passwort evtl. zu leicht war.
Vielleicht waren die/der Übeltäter schon länger daran meinen Account zu hacken und haben es nun halt einfach geschafft.
Naja das alles könnte man nun noch viel weiter ausspannen, aber das lassen wir mal.
Passwort hatte 12 Zeichen mit Buchstaben und Zahlen.

Ich hoffe, dass das nun keine Auswirkung auf die Suche des Problems hat und nun trotzdem zusammen intensiv danach gesucht wird.

Nicht das so eine Meinung aufkommt à la: "Ok, das Passwort hatte nur 3 Zeichen. Ist klar, dass es daran liegt. Dann beenden wir die weitere Analyse nun."

Und wie schaut es denn mit diversen Passwort-Managern aus?
Habe mich damit noch gar nicht beschäftigt, da sie mir nicht wirklich sicher scheinen.
Sind die überhaupt sicher? Gibt es irgendwelche Empfehlungen?
Oder sollte man lieber Zettel und Stift nehmen und alle langen Passwörter aufschreiben, auch wenn es sehr umständlich ist?
Durch Keylogger könnte man ja auch an das Masterpasswort kommen und schon hat man auf alles Zugriff. Aber ich denke, das könnte man mit einer virtuellen Tastatur weitesgehend unterbinden.
__________________

Alt 03.07.2011, 14:43   #4
Lexore
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



EDIT: Hier nun die Logs

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6995

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

01.07.2011 23:34:31
mbam-log-2011-07-01 (23-34-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|M:\|N:\|P:\|)
Durchsuchte Objekte: 773445
Laufzeit: 3 Stunde(n), 46 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Neue Mbam-Version. Suchlauf ging schneller und etwas weniger Objekte wurden untersucht, obwohl ich nichts am System gemacht hatte. Sind die Abweichungen normal? Habe ich bis jetzt noch nicht drauf geachtet.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7010

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

03.07.2011 14:25:02
mbam-log-2011-07-03 (14-24-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|M:\|N:\|P:\|)
Durchsuchte Objekte: 772882
Laufzeit: 2 Stunde(n), 31 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
OTL logfile created on: 03.07.2011 11:55:37 - Run 2
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\***\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 42,21% Memory free
9,91 Gb Paging File | 7,80 Gb Available in Paging File | 78,68% Paging File free
Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 61,52 Gb Total Space | 9,92 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
Drive D: | 96,91 Gb Total Space | 18,01 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive E: | 74,45 Gb Total Space | 2,77 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive G: | 368,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 78,13 Gb Total Space | 28,25 Gb Free Space | 36,16% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 77,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive K: | 76,63 Gb Total Space | 75,64 Gb Free Space | 98,72% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 28,22 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
Drive P: | 931,51 Gb Total Space | 745,92 Gb Free Space | 80,08% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.02 18:05:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.06.22 21:52:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.10.29 15:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.08.20 15:10:52 | 000,340,520 | ---- | M] (Kaspersky Lab) -- E:\Programme\Kaspersky Internet Security 2010\avp.exe
PRC - [2010.04.13 00:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2007.12.13 17:45:12 | 000,461,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
PRC - [2007.09.28 10:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- E:\Programme\Belkin\Connect.exe
PRC - [2007.01.09 09:48:58 | 000,147,456 | ---- | M] (Razer Inc.) -- E:\Programme\Razer Copperhead\razerofa.exe
PRC - [2005.11.25 10:54:32 | 000,147,456 | ---- | M] () -- E:\Programme\Razer Copperhead\razertra.exe
PRC - [2005.11.25 10:53:40 | 000,155,648 | ---- | M] () -- E:\Programme\Razer Copperhead\razerhid.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.02 18:05:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.19 00:00:54 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Programme\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.02 18:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.20 16:37:06 | 000,144,712 | ---- | M] (H+H Software GmbH) [Disabled | Stopped] -- P:\Programme\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010.08.20 15:10:52 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- E:\Programme\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010.06.16 17:38:00 | 000,395,048 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.06 18:32:00 | 003,819,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.04.10 03:32:00 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.05.21 09:14:58 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vdrv1000.sys -- (vdrv1000)
DRV:64bit: - [2009.11.27 21:20:40 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2009.10.14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2009.10.02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.09.14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009.09.01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009.07.09 11:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2007.10.03 09:42:00 | 000,078,952 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2007.01.16 11:36:20 | 000,411,648 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006.05.24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2010.06.01 20:26:21 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Programme\RivaTuner\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 4A 3E 3B 15 DB CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..extensions.enabledItems: {586bd060-22d6-11de-8c30-0800200c9a66}:3.6.6
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.06.22 21:52:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.17 11:59:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: E:\Programme\Kaspersky Internet Security 2010\THBExt [2009.11.27 21:15:57 | 000,000,000 | ---D | M]
 
[2009.07.14 11:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.29 21:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions
[2010.10.29 18:21:38 | 000,000,000 | ---D | M] (Revelation) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
[2010.10.29 18:19:36 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.10.29 18:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.10.29 18:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}\chrome\win\mozapps\extensions
[2010.10.29 18:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.10.29 18:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
File not found (No name found) -- 
[2011.02.16 01:29:07 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Programme\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Programme\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Programme\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Programme\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] D:\Programme\RivaTuner\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] E:\Programme\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Copperhead] E:\Programme\Razer Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Netzwerk USB-Hub Kontrollzentrum.lnk = E:\Programme\Belkin\Connect.exe (Belkin International, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - E:\Programme\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - E:\Programme\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Programme\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Programme\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Programme\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Programme\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\x64\sbhook64.dll) - E:\Programme\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\x64\kloehk.dll) - E:\Programme\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\mzvkbd3.dll) - E:\Programme\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\sbhook.dll) - E:\Programme\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: I:\***\Bilder\3D Design Arts\01324_newyorkcitybypaulobarcellosjr_1280x800.jpg
O24 - Desktop BackupWallPaper: I:\***\Bilder\3D Design Arts\01324_newyorkcitybypaulobarcellosjr_1280x800.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [1782.10.23 12:17:10 | 000,030,720 | R--- | M] () - G:\AUTORUN.DOC -- [ CDFS ]
O32 - AutoRun File - [1904.02.09 05:14:20 | 000,210,432 | R--- | M] () - G:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1782.08.29 12:58:58 | 000,000,042 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1782.10.26 10:21:24 | 000,006,764 | R--- | M] () - G:\AUTORUN.TXT -- [ CDFS ]
O33 - MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\Shell - "" = AutoRun
O33 - MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O33 - MountPoints2\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE -- [1904.02.09 05:14:20 | 000,210,432 | R--- | M] ()
O33 - MountPoints2\{be547361-e40f-11df-a57d-001a922b802a}\Shell - "" = AutoRun
O33 - MountPoints2\{be547361-e40f-11df-a57d-001a922b802a}\Shell\AutoRun\command - "" = F:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.03 11:55:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\otl
[2011.07.02 18:05:57 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.06.28 14:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.06.16 20:02:29 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.06.16 20:02:28 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.06.16 20:02:28 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.06.16 20:02:28 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.06.16 20:02:28 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.06.16 20:02:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.06.16 20:02:28 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.06.16 20:02:28 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.06.16 20:02:28 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.06.16 20:02:28 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.06.16 20:02:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.06.16 20:02:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.06.16 20:02:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.06.16 20:02:28 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.06.16 20:02:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.06.16 20:02:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.06.16 20:02:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.06.16 20:02:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.06.16 20:02:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.06.16 20:02:28 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.06.16 20:02:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.06.16 20:02:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.06.16 20:02:28 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.06.16 20:02:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.06.16 20:02:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.06.16 20:02:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.06.16 20:02:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.06.16 20:02:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.06.16 20:02:24 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.03 10:57:51 | 000,004,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.03 10:57:51 | 000,004,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.03 10:57:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.03 10:57:45 | 4293,451,776 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.02 18:08:06 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.07.02 18:05:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.07.02 18:05:05 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.06.30 13:55:14 | 002,181,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.25 16:55:38 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.25 16:55:38 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.25 16:55:38 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.25 16:55:37 | 001,467,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.25 16:55:37 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.20 18:34:32 | 000,234,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.19 08:17:28 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.12 14:32:08 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.03 11:57:59 | 000,030,259 | ---- | C] () -- C:\Users\***\Desktop\hjtscanlist.bat
[2011.07.02 18:08:06 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.07.02 18:05:57 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2010.06.06 16:27:58 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.12.23 01:59:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009.10.30 01:12:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.10.30 01:01:56 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.10.30 01:01:56 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.09.01 15:28:45 | 000,234,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.19 09:41:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 11:50:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.13 20:50:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.13 20:50:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.13 20:49:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.13 20:49:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.13 20:12:55 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.07.13 19:38:58 | 000,001,460 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.01.14 22:35:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2009.08.05 20:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acreon
[2010.12.19 12:58:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision
[2011.05.01 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.07 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.06.08 21:47:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2010.12.17 20:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2009.10.12 20:36:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2010.05.07 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl
[2010.06.08 16:09:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian
[2011.02.20 01:26:31 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Virtual CD v10
[2011.03.02 21:24:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2011.07.03 03:06:18 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 03.07.2011 11:55:37 - Run 2
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\***\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 42,21% Memory free
9,91 Gb Paging File | 7,80 Gb Available in Paging File | 78,68% Paging File free
Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 61,52 Gb Total Space | 9,92 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
Drive D: | 96,91 Gb Total Space | 18,01 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive E: | 74,45 Gb Total Space | 2,77 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive G: | 368,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 78,13 Gb Total Space | 28,25 Gb Free Space | 36,16% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 77,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive K: | 76,63 Gb Total Space | 75,64 Gb Free Space | 98,72% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 28,22 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
Drive P: | 931,51 Gb Total Space | 745,92 Gb Free Space | 80,08% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = AC E9 BF 2B EA 03 CA 01  [binary data]
"VistaSp2" = B4 56 83 31 ED 03 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{071E541C-12A9-4A2F-B84C-F0484BF7DA59}" = lport=56860 | protocol=6 | dir=in | name=pando media booster | 
"{09D10463-E666-4B74-8BBE-290E8EF754FA}" = lport=56860 | protocol=17 | dir=in | name=pando media booster | 
"{117B4038-C5A3-4ACE-8616-FE6E57C4E7F0}" = lport=56860 | protocol=17 | dir=in | name=pando media booster | 
"{191049BF-B5B3-4EA0-A05F-3044ADEDC464}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{26E8E1BF-30A2-4A77-9CCD-CC6491D1AB67}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | 
"{476DA40A-F386-41A4-92AB-496FC6930851}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | 
"{615BCA4E-C05A-4BE4-AF1A-047125BB1CB4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{75170736-DD47-4F60-A1CB-95F50BDA0786}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | 
"{7A93B032-CC00-4591-8926-0CD8E46E512C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7B71FD4D-CCC5-4CA9-933E-F4079CDE4CD6}" = lport=56860 | protocol=6 | dir=in | name=pando media booster | 
"{87A6E7C0-5E1D-494A-9C72-274D95A464BC}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{99F1AE56-860D-4C3E-9DCB-A83A8289E81F}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher | 
"{A4AA45FB-DA53-4861-93F4-6B45AB203BA9}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher | 
"{C4F857C0-4945-400F-866D-67EA4743D9E2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D086B5A0-B120-4B62-9C69-0F9A413D0F0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2863531-E32D-49EB-B244-E86F7D68CDD6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DB639650-3306-47DC-B8EE-9C1F7AAFFCB9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DD8D5265-F5ED-4A23-AB9F-8FF12489F770}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{E1534B44-DAD8-43B4-966C-BCACDCE13BA1}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | 
"{E945F315-C4B7-46AC-BDAF-6A6EBC126C8D}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{EB8C830D-FC7D-4094-9BA6-AA26FE46918B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ECEDD754-57C1-4938-9910-4B6DF1A4A645}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F5ED25AA-EDF0-41D1-BCF1-DE0DCE52F669}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{FDBAE530-009A-441F-BF5F-46A92FA416E7}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] 
"{08DF20F0-3EDF-4266-9B23-109E9F543CF1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |  
"{0D101C9F-596D-4B3A-AB2E-550E1FD4D63D}" = protocol=17 | dir=in | app=e:\games\dragon age\bin_ship\daorigins.exe | 
"{1C11A81E-BA2D-4D63-8A39-E70F0251A7FF}" = protocol=17 | dir=in | app=p:\games\dragon age 2\bin_ship\dragonage2.exe | 
"{1D829666-752C-4455-9822-A54CC296E984}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"{23E3C83B-DF7A-42C2-8EFB-F555441AC71E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{383348E2-F961-4C7E-86EF-AE57179C2868}" = protocol=17 | dir=in | app=p:\games\dragon age 2\dragonage2launcher.exe | 
"{3BE8CBFA-9258-4DE9-AF35-6AA83FCE015E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{462CB1DC-4CD9-4BDA-8E1A-8A6C2382E0CF}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\***\counter-strike\hl.exe | 
"{5068EABF-644E-43D6-865A-2AF9723FE3D7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5CBBB0E3-9102-40FE-8B55-2916883789F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5F2A172A-81E5-4D68-A7F1-C268D1728F92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{654D57DC-8C80-448F-BECC-337DBF4AB333}" = protocol=17 | dir=in | app=p:\games\league of legends\air\lolclient.exe | 
"{67BEFE80-0347-4173-97C7-47A2201CC7C9}" = protocol=17 | dir=in | app=e:\games\dragon age\daoriginslauncher.exe | 
"{6EEC6DBE-C4F7-49D6-A58F-050AAD92994D}" = protocol=6 | dir=in | app=p:\games\league of legends\air\lolclient.exe | 
"{79ADD3D8-CA5C-4A11-826D-46F84B7832D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8220453A-E35A-4FA3-8626-69B51F0D20E9}" = protocol=6 | dir=in | app=e:\games\dragon age\bin_ship\daorigins.exe | 
"{91EBF717-6C3F-46DE-B7C8-ED185A2D8347}" = protocol=6 | dir=in | app=p:\games\dragon age 2\bin_ship\dragonage2.exe | 
"{A8B3F0DB-7BB3-48A7-B509-0CDEA49E3C80}" = protocol=6 | dir=in | app=p:\games\league of legends\game\league of legends.exe | 
"{A9D79B2C-76E2-4A5D-8360-EB1D1F800DA9}" = protocol=6 | dir=in | app=e:\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{CA1A1045-6898-4CA8-B343-392379CF5CE6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D199D4B0-48E9-44C0-8F1E-BF5138E4167D}" = protocol=17 | dir=in | app=p:\games\league of legends\game\league of legends.exe | 
"{D32EFF28-6F59-4A60-97FC-64B1BBBDF334}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"{D7CC842B-5D5C-4304-93AB-FE92753F84F7}" = protocol=17 | dir=in | app=e:\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{DAC0392D-2CFC-450A-9A12-6DC94345A8FB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F09CEE49-0A14-483E-B1E6-C25EE69712BE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F197FE8E-A402-4168-AABC-61626F4215D5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F2265A06-C606-4499-B510-E3AD3F11B9C1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\***\counter-strike\hl.exe | 
"{F4AA3E8F-0E72-498F-8949-0D61908FED41}" = protocol=6 | dir=in | app=e:\games\dragon age\daoriginslauncher.exe | 
"{FD21FFCB-6E6A-4628-ABC4-6012F20F3316}" = protocol=6 | dir=in | app=p:\games\dragon age 2\dragonage2launcher.exe | 
"TCP Query User{84161CFB-2EE8-4B37-AAA2-EA9EC049C5C0}E:\programme\belkin\connect.exe" = protocol=6 | dir=in | app=e:\programme\belkin\connect.exe | 
"UDP Query User{C2DDFDFE-39B6-4AFA-A0FF-192362691EBC}E:\programme\belkin\connect.exe" = protocol=17 | dir=in | app=e:\programme\belkin\connect.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{906BDDA8-9E8F-45B7-8520-36F7961FD65D}" = Logitech GamePanel Software 2.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Belkin Network USB Hub Control Center" = Belkin Netzwerk USB-Hub Kontrollzentrum
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"DivX Setup.divx.com" = DivX-Setup
"Fraps" = Fraps
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RouterControl" = RouterControl 2.0
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Trillian" = Trillian
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Code:
ATTFilter
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated
Adobe Photoshop CS3	Adobe Systems Incorporated
Adobe Reader X (10.1.0) - Deutsch	Adobe Systems Incorporated
Adobe Shockwave Player 11.6	Adobe Systems, Inc.
Apple Application Support	Apple Inc.
Apple Software Update	Apple Inc.
Belkin Netzwerk USB-Hub Kontrollzentrum	Belkin International, Inc.
Canon MP610 series	
Canon MP610 series Benutzerregistrierung	
Counter-Strike 1.6	
DivX-Setup	DivX, Inc. 
Dragon Age II	Electronic Arts, Inc.
Dragon Age: Origins	Electronic Arts, Inc.
Fraps	
GUILD WARS	
HijackThis 2.0.2	TrendMicro	
HP USB Disk Storage Format Tool	
IrfanView (remove only)	Irfan Skiljan
Java(TM) 6 Update 24	Sun Microsystems, Inc.
Kaspersky Internet Security 2010	Kaspersky Lab
League of Legends	Riot Games
Logitech GamePanel Software 2.02	Logitech
LogMeIn Hamachi	LogMeIn, Inc.
Malwarebytes' Anti-Malware Version 1.51.0.1200	Malwarebytes Corporation
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation
Microsoft Document Explorer 2008	Microsoft Corporation
Microsoft Games for Windows - LIVE	Microsoft Corporation
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation
Microsoft Office Professional Edition 2003	Microsoft Corporation
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729	Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411	Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation
Microsoft Windows Performance Toolkit	
Microsoft Windows SDK for Windows 7 (7.0)	Microsoft Corporation
Mozilla Firefox 5.0 (x86 de)	Mozilla
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation
NVIDIA 3D Vision Treiber 266.58	NVIDIA Corporation
NVIDIA Grafiktreiber 266.58	NVIDIA Corporation
NVIDIA PhysX-Systemsoftware 9.10.0514	NVIDIA Corporation
Pando Media Booster	Pando Networks Inc.	
QuickTime	Apple Inc.
Razer Copperhead	 Razer USA Ltd.
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition	Alexey Nicolaychuk
RouterControl 2.0		
SoundMAX	Analog Devices
SpeedFan (remove only)	
SUPER © Version 2009.bld.36 (June 10, 2009)	eRightSoft
TeamSpeak 3 Client	TeamSpeak Systems GmbH
Trillian	Cerulean Studios, LLC
Ubisoft Game Launcher	UBISOFT
Virtual CD v10	H+H Software GmbH
World of Warcraft	Blizzard Entertainment
Xfire (remove only)
         

Alt 04.07.2011, 07:28   #5
kira
/// Helfer-Team
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Zitat:
Zitat von Lexore Beitrag anzeigen
Und wie schaut es denn mit diversen Passwort-Managern aus?
Oder sollte man lieber Zettel und Stift nehmen und alle langen Passwörter aufschreiben, auch wenn es sehr umständlich ist?
Klingt konservativ, aber ich vertraue nur mir selbst
Selbst erstellen, beliebige Kombination aus Zahlen, Groß- und Kleinbuchstaben und Sonderzeichen
- Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [1782.10.23 12:17:10 | 000,030,720 | R--- | M] () - G:\AUTORUN.DOC -- [ CDFS ]
O32 - AutoRun File - [1904.02.09 05:14:20 | 000,210,432 | R--- | M] () - G:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1782.08.29 12:58:58 | 000,000,042 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1782.10.26 10:21:24 | 000,006,764 | R--- | M] () - G:\AUTORUN.TXT -- [ CDFS ]
O33 - MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\Shell - "" = AutoRun
O33 - MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O33 - MountPoints2\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE -- [1904.02.09 05:14:20 | 000,210,432 | R--- | M] ()
O33 - MountPoints2\{be547361-e40f-11df-a57d-001a922b802a}\Shell - "" = AutoRun
O33 - MountPoints2\{be547361-e40f-11df-a57d-001a922b802a}\Shell\AutoRun\command - "" = F:\autorun.exe -auto
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Der Temp Ordner, ist für temporäre Dateien, also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar.
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
  • `Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
  • `Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
  • für jedes Benutzerkonto bitte durchführen
  • anschließend den Papierkorb leeren

5.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

** sonst noch Probleme?

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (04.07.2011 um 07:47 Uhr)

Alt 04.07.2011, 21:40   #6
Lexore
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Bevor ich loslege möchte ich gerne etwas wissen/sagen

Passwörter mit Zahlen, Groß- und Kleinbuchstaben und Sonderzeichen werden von mir generell benutzt. Das Dumme ist nur, dass diese Kombinationen nicht überall erlaubt sind. Eigentlich ja ein großer Sicherheitsmangel.
Früher hätte es mit solchen wirren Zeichen bestimmt Probleme gegeben, doch in der heutigen Zeit wohl kaum. Nur leider werden die Systeme dafür nicht geupdatet.

Was genau macht der Fix mit dem OTL oder was fixe ich da?
Irgendwas bedenkliches? Genaue Erläuterung wäre nicht schlecht. Möchte gerne verstehen was ich mache/sehe.

Tjoa, mein Java meckert auch schon die ganze Zeit es möchte geupdatet werden. Ich lass ihn immer etwas zappeln
Sollte ich in Zukunft wohl sofort updaten, wenn es draußen ist oder?
Und du meinst Update 26 oder nicht?
Zitat:
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Warum sollte man die Offlineversion benutzen? Ist doch das selbe wie "Online" nur in grau oder nicht? Bestehen bei der Onlineinstallation wieder Sicherheitslücken?

Den Tempordner entleere ich ab und zu. Sollte ich dieses auch öfters machen?

CCleaner hatte ich auch mal öfters die Registry reinigen lassen, als ich das Programm neu hatte, aber nun mache ich das nicht mehr. Die wird immer wieder zugemüllt. Sollte ich CCleaner auch öfters benutzen?

Welchen Vorteil/Sinn hat es Temp und Registry zu säubern/löschen?
Bezogen auf Systemsicherheit.

Diese ganzen Analyse/Antivirenprogramme lassen schon meine Augen verdrehen. Viel zu viel "Müll"

Schon mal ein großes für deine Mühe und den Zeitaufwand, obwohl ich ja gar nicht weiß wie schnell du arbeitest.

Alt 05.07.2011, 08:25   #7
kira
/// Helfer-Team
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Was genau macht der Fix mit dem OTL oder was fixe ich da?
Irgendwas bedenkliches?

in deinem Fall nicht "bedenkliches", einfach nur abgestellt so zu sagen
Tipp & Rat:
Anleitung

Sollte ich in Zukunft wohl sofort updaten, wenn es draußen ist oder?
Und du meinst Update 26 oder nicht?

natürlich schon 26 aktuell

Warum sollte man die Offlineversion benutzen?

-> http://www.java.com/de/download/help...e_download.xml

Sollte ich dieses auch öfters machen?

ab und zu mal empfohlen

Sollte ich CCleaner auch öfters benutzen?
ab und zu mal empfohlen

Welchen Vorteil/Sinn hat es Temp und Registry zu säubern/löschen?
Bezogen auf Systemsicherheit.

Wachtmeister Windows protokolliert einiges und in der Registry sammelt sich unnötiger Ballast an wie Deinstallationsreste usw. Kann eine Verlangsamung des Systems verursachen und auch eventuell können unerwünschte Stoffe enthalten
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 06.07.2011, 19:18   #8
Lexore
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Der Fix ist also doch nur Autorunkram, so wie es da steht.
Hmm, habe es so eingestellt, dass immer die Aktion erfragt wird. Also ein Autorun im eingentlichen Sinne ist es nicht.
Dennoch habe ich den Fix durchlaufen lassen.

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. G:\AUTORUN.DOC scheduled to be moved on reboot.
File move failed. G:\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. G:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. G:\AUTORUN.TXT scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fefb851-6312-11e0-ad05-001a922b802a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fefb851-6312-11e0-ad05-001a922b802a}\ not found.
File F:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fefb851-6312-11e0-ad05-001a922b802a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fefb851-6312-11e0-ad05-001a922b802a}\ not found.
File F:\Directx\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b116ffdb-6fd1-11de-9bd8-806e6f6e6963}\ not found.
File move failed. G:\AUTORUN.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be547361-e40f-11df-a57d-001a922b802a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be547361-e40f-11df-a57d-001a922b802a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be547361-e40f-11df-a57d-001a922b802a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be547361-e40f-11df-a57d-001a922b802a}\ not found.
File F:\autorun.exe -auto not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 3170619711 bytes
->Temporary Internet Files folder emptied: 2443141 bytes
->Java cache emptied: 38944824 bytes
->FireFox cache emptied: 169377512 bytes
->Flash cache emptied: 183894 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 195701 bytes
%systemroot% .tmp files removed: 802816 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34070955 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.258,00 mb
 
 
OTL by OldTimer - Version 3.2.25.0 log created on 07052011_194826

Files\Folders moved on Reboot...
File move failed. G:\AUTORUN.DOC scheduled to be moved on reboot.
File move failed. G:\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. G:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. G:\AUTORUN.TXT scheduled to be moved on reboot.
File\Folder C:\Users\***\AppData\Local\Temp\Alle Figuren  not found!
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Code:
ATTFilter
OTL logfile created on: 05.07.2011 20:00:29 - Run 3
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\***\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 53,08% Memory free
9,91 Gb Paging File | 7,91 Gb Available in Paging File | 79,82% Paging File free
Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 61,52 Gb Total Space | 13,62 Gb Free Space | 22,14% Space Free | Partition Type: NTFS
Drive D: | 96,91 Gb Total Space | 18,01 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive E: | 74,45 Gb Total Space | 2,77 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive G: | 368,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 78,13 Gb Total Space | 28,27 Gb Free Space | 36,19% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 77,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive K: | 76,63 Gb Total Space | 75,64 Gb Free Space | 98,72% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 28,22 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
Drive P: | 931,51 Gb Total Space | 745,92 Gb Free Space | 80,08% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.02 18:05:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.06.22 21:52:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.08.20 15:10:52 | 000,340,520 | ---- | M] (Kaspersky Lab) -- E:\Programme\Kaspersky Internet Security 2010\avp.exe
PRC - [2010.04.13 00:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2007.12.13 17:45:12 | 000,461,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
PRC - [2007.09.28 10:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- E:\Programme\Belkin\Connect.exe
PRC - [2007.01.09 09:48:58 | 000,147,456 | ---- | M] (Razer Inc.) -- E:\Programme\Razer Copperhead\razerofa.exe
PRC - [2005.11.25 10:54:32 | 000,147,456 | ---- | M] () -- E:\Programme\Razer Copperhead\razertra.exe
PRC - [2005.11.25 10:53:40 | 000,155,648 | ---- | M] () -- E:\Programme\Razer Copperhead\razerhid.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.02 18:05:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.19 00:00:54 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Programme\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.02 18:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.20 16:37:06 | 000,144,712 | ---- | M] (H+H Software GmbH) [Disabled | Stopped] -- P:\Programme\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010.08.20 15:10:52 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- E:\Programme\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010.06.16 17:38:00 | 000,395,048 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.06 18:32:00 | 003,819,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.04.10 03:32:00 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.05.21 09:14:58 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vdrv1000.sys -- (vdrv1000)
DRV:64bit: - [2009.11.27 21:20:40 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2009.10.14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2009.10.02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.09.14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009.09.01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009.07.09 11:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2007.10.03 09:42:00 | 000,078,952 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2007.01.16 11:36:20 | 000,411,648 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006.05.24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2010.06.01 20:26:21 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Programme\RivaTuner\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 4A 3E 3B 15 DB CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..extensions.enabledItems: {586bd060-22d6-11de-8c30-0800200c9a66}:3.6.6
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.06.22 21:52:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.17 11:59:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: E:\Programme\Kaspersky Internet Security 2010\THBExt [2009.11.27 21:15:57 | 000,000,000 | ---D | M]
 
[2009.07.14 11:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.29 21:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions
[2010.10.29 18:21:38 | 000,000,000 | ---D | M] (Revelation) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
[2010.10.29 18:19:36 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.10.29 18:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.10.29 18:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}\chrome\win\mozapps\extensions
[2010.10.29 18:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.10.29 18:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cusdngif.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
File not found (No name found) -- 
[2011.02.16 01:29:07 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Programme\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Programme\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Programme\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Programme\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] D:\Programme\RivaTuner\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] E:\Programme\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Copperhead] E:\Programme\Razer Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Netzwerk USB-Hub Kontrollzentrum.lnk = E:\Programme\Belkin\Connect.exe (Belkin International, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - E:\Programme\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - E:\Programme\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Programme\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Programme\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Programme\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Programme\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\x64\sbhook64.dll) - E:\Programme\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\x64\kloehk.dll) - E:\Programme\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\mzvkbd3.dll) - E:\Programme\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\sbhook.dll) - E:\Programme\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: I:\***\Bilder\3D Design Arts\01324_newyorkcitybypaulobarcellosjr_1280x800.jpg
O24 - Desktop BackupWallPaper: I:\***\Bilder\3D Design Arts\01324_newyorkcitybypaulobarcellosjr_1280x800.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1782.10.23 12:17:10 | 000,030,720 | R--- | M] () - G:\AUTORUN.DOC -- [ CDFS ]
O32 - AutoRun File - [1904.02.09 05:14:20 | 000,210,432 | R--- | M] () - G:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1782.08.29 12:58:58 | 000,000,042 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1782.10.26 10:21:24 | 000,006,764 | R--- | M] () - G:\AUTORUN.TXT -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.05 19:48:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.05 19:47:54 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.06.28 14:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.06.16 20:02:29 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.06.16 20:02:28 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.06.16 20:02:28 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.06.16 20:02:28 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.06.16 20:02:28 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.06.16 20:02:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.06.16 20:02:28 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.06.16 20:02:28 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.06.16 20:02:28 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.06.16 20:02:28 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.06.16 20:02:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.06.16 20:02:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.06.16 20:02:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.06.16 20:02:28 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.06.16 20:02:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.06.16 20:02:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.06.16 20:02:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.06.16 20:02:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.06.16 20:02:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.06.16 20:02:28 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.06.16 20:02:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.06.16 20:02:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.06.16 20:02:28 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.06.16 20:02:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.06.16 20:02:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.06.16 20:02:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.06.16 20:02:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.06.16 20:02:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.06.16 20:02:24 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.05 19:52:10 | 000,004,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.05 19:52:10 | 000,004,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.05 19:52:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.05 19:52:05 | 4293,451,776 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.03 19:05:33 | 000,004,096 | -H-- | M] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011.07.02 18:08:06 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.07.02 18:05:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.06.30 13:55:14 | 002,181,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.25 16:55:38 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.25 16:55:38 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.25 16:55:38 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.25 16:55:37 | 001,467,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.25 16:55:37 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.20 18:34:32 | 000,234,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.19 08:17:28 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.12 14:32:08 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
 
========== Files Created - No Company Name ==========
 
[2011.07.03 19:05:33 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011.07.02 18:08:06 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2010.06.06 16:27:58 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.12.23 01:59:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009.10.30 01:12:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.10.30 01:01:56 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.10.30 01:01:56 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.09.01 15:28:45 | 000,234,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.19 09:41:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 11:50:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.13 20:50:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.13 20:50:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.13 20:49:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.13 20:49:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.13 20:12:55 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.07.13 19:38:58 | 000,001,460 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.01.14 22:35:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2009.08.05 20:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acreon
[2010.12.19 12:58:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision
[2011.05.01 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.07 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.06.08 21:47:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2010.12.17 20:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2009.10.12 20:36:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2010.05.07 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl
[2010.06.08 16:09:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian
[2011.02.20 01:26:31 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Virtual CD v10
[2011.03.02 21:24:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2011.07.05 19:50:35 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 05.07.2011 20:00:29 - Run 3
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\***\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 53,08% Memory free
9,91 Gb Paging File | 7,91 Gb Available in Paging File | 79,82% Paging File free
Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 61,52 Gb Total Space | 13,62 Gb Free Space | 22,14% Space Free | Partition Type: NTFS
Drive D: | 96,91 Gb Total Space | 18,01 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive E: | 74,45 Gb Total Space | 2,77 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive G: | 368,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 78,13 Gb Total Space | 28,27 Gb Free Space | 36,19% Space Free | Partition Type: NTFS
Drive J: | 78,13 Gb Total Space | 77,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive K: | 76,63 Gb Total Space | 75,64 Gb Free Space | 98,72% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 28,22 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
Drive P: | 931,51 Gb Total Space | 745,92 Gb Free Space | 80,08% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = AC E9 BF 2B EA 03 CA 01  [binary data]
"VistaSp2" = B4 56 83 31 ED 03 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{071E541C-12A9-4A2F-B84C-F0484BF7DA59}" = lport=56860 | protocol=6 | dir=in | name=pando media booster | 
"{09D10463-E666-4B74-8BBE-290E8EF754FA}" = lport=56860 | protocol=17 | dir=in | name=pando media booster | 
"{117B4038-C5A3-4ACE-8616-FE6E57C4E7F0}" = lport=56860 | protocol=17 | dir=in | name=pando media booster | 
"{191049BF-B5B3-4EA0-A05F-3044ADEDC464}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{26E8E1BF-30A2-4A77-9CCD-CC6491D1AB67}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | 
"{476DA40A-F386-41A4-92AB-496FC6930851}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | 
"{615BCA4E-C05A-4BE4-AF1A-047125BB1CB4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{75170736-DD47-4F60-A1CB-95F50BDA0786}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | 
"{7A93B032-CC00-4591-8926-0CD8E46E512C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7B71FD4D-CCC5-4CA9-933E-F4079CDE4CD6}" = lport=56860 | protocol=6 | dir=in | name=pando media booster | 
"{87A6E7C0-5E1D-494A-9C72-274D95A464BC}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{99F1AE56-860D-4C3E-9DCB-A83A8289E81F}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher | 
"{A4AA45FB-DA53-4861-93F4-6B45AB203BA9}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher | 
"{C4F857C0-4945-400F-866D-67EA4743D9E2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D086B5A0-B120-4B62-9C69-0F9A413D0F0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2863531-E32D-49EB-B244-E86F7D68CDD6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DB639650-3306-47DC-B8EE-9C1F7AAFFCB9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DD8D5265-F5ED-4A23-AB9F-8FF12489F770}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{E1534B44-DAD8-43B4-966C-BCACDCE13BA1}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | 
"{E945F315-C4B7-46AC-BDAF-6A6EBC126C8D}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{EB8C830D-FC7D-4094-9BA6-AA26FE46918B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ECEDD754-57C1-4938-9910-4B6DF1A4A645}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F5ED25AA-EDF0-41D1-BCF1-DE0DCE52F669}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{FDBAE530-009A-441F-BF5F-46A92FA416E7}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DF20F0-3EDF-4266-9B23-109E9F543CF1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0D101C9F-596D-4B3A-AB2E-550E1FD4D63D}" = protocol=17 | dir=in | app=e:\games\dragon age\bin_ship\daorigins.exe | 
"{1C11A81E-BA2D-4D63-8A39-E70F0251A7FF}" = protocol=17 | dir=in | app=p:\games\dragon age 2\bin_ship\dragonage2.exe | 
"{1D829666-752C-4455-9822-A54CC296E984}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"{23E3C83B-DF7A-42C2-8EFB-F555441AC71E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{383348E2-F961-4C7E-86EF-AE57179C2868}" = protocol=17 | dir=in | app=p:\games\dragon age 2\dragonage2launcher.exe | 
"{3BE8CBFA-9258-4DE9-AF35-6AA83FCE015E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{462CB1DC-4CD9-4BDA-8E1A-8A6C2382E0CF}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\***\counter-strike\hl.exe | 
"{5068EABF-644E-43D6-865A-2AF9723FE3D7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5CBBB0E3-9102-40FE-8B55-2916883789F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5F2A172A-81E5-4D68-A7F1-C268D1728F92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{654D57DC-8C80-448F-BECC-337DBF4AB333}" = protocol=17 | dir=in | app=p:\games\league of legends\air\lolclient.exe | 
"{67BEFE80-0347-4173-97C7-47A2201CC7C9}" = protocol=17 | dir=in | app=e:\games\dragon age\daoriginslauncher.exe |  
"{6EEC6DBE-C4F7-49D6-A58F-050AAD92994D}" = protocol=6 | dir=in | app=p:\games\league of legends\air\lolclient.exe | 
"{79ADD3D8-CA5C-4A11-826D-46F84B7832D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8220453A-E35A-4FA3-8626-69B51F0D20E9}" = protocol=6 | dir=in | app=e:\games\dragon age\bin_ship\daorigins.exe |  
"{91EBF717-6C3F-46DE-B7C8-ED185A2D8347}" = protocol=6 | dir=in | app=p:\games\dragon age 2\bin_ship\dragonage2.exe | 
"{A8B3F0DB-7BB3-48A7-B509-0CDEA49E3C80}" = protocol=6 | dir=in | app=p:\games\league of legends\game\league of legends.exe | 
"{A9D79B2C-76E2-4A5D-8360-EB1D1F800DA9}" = protocol=6 | dir=in | app=e:\games\dragon age\bin_ship\daupdatersvc.service.exe |  
"{CA1A1045-6898-4CA8-B343-392379CF5CE6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D199D4B0-48E9-44C0-8F1E-BF5138E4167D}" = protocol=17 | dir=in | app=p:\games\league of legends\game\league of legends.exe | 
"{D32EFF28-6F59-4A60-97FC-64B1BBBDF334}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"{D7CC842B-5D5C-4304-93AB-FE92753F84F7}" = protocol=17 | dir=in | app=e:\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{DAC0392D-2CFC-450A-9A12-6DC94345A8FB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F09CEE49-0A14-483E-B1E6-C25EE69712BE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F197FE8E-A402-4168-AABC-61626F4215D5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F2265A06-C606-4499-B510-E3AD3F11B9C1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\***\counter-strike\hl.exe |  
"{F4AA3E8F-0E72-498F-8949-0D61908FED41}" = protocol=6 | dir=in | app=e:\games\dragon age\daoriginslauncher.exe |  
"{FD21FFCB-6E6A-4628-ABC4-6012F20F3316}" = protocol=6 | dir=in | app=p:\games\dragon age 2\dragonage2launcher.exe | 
"TCP Query User{84161CFB-2EE8-4B37-AAA2-EA9EC049C5C0}E:\programme\belkin\connect.exe" = protocol=6 | dir=in | app=e:\programme\belkin\connect.exe | 
"UDP Query User{C2DDFDFE-39B6-4AFA-A0FF-192362691EBC}E:\programme\belkin\connect.exe" = protocol=17 | dir=in | app=e:\programme\belkin\connect.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{906BDDA8-9E8F-45B7-8520-36F7961FD65D}" = Logitech GamePanel Software 2.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Belkin Network USB Hub Control Center" = Belkin Netzwerk USB-Hub Kontrollzentrum
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"DivX Setup.divx.com" = DivX-Setup
"Fraps" = Fraps
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RouterControl" = RouterControl 2.0
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Trillian" = Trillian
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Auf der Seite zur angeblichen Offlineversionserklärung war ich auch schon. Leider steht da nur nonsense.

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/05/2011 at 10:46 PM

Application Version : 4.55.1000

Core Rules Database Version : 7373
Trace Rules Database Version: 5185

Scan type       : Complete Scan
Total Scan Time : 02:00:08

Memory items scanned      : 518
Memory threats detected   : 0
Registry items scanned    : 45907
Registry threats detected : 0
File items scanned        : 69348
File threats detected     : 0
         
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=38a411df6545ed468f1296a3b0bc208f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-06 03:28:25
# local_time=2011-07-06 05:28:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 56 10013 147417686 0 0
# compatibility_mode=8192 67108863 100 0 150 150 0 0
# scanned=618248
# found=0
# cleaned=0
# scan_time=29218
         

Alt 07.07.2011, 07:12   #9
kira
/// Helfer-Team
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Empfehlung:
Windows Defender:
Parallel zu avira nicht Empfehlenswert aktiv laufen lassen, weil dadurch kommen sich die Beiden in die Quere. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender

** hast Du sonst Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 07.07.2011, 19:13   #10
Lexore
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Ok der Defender ist aus.
Aber wo steht, dass ich Avira habe? Wenn das irgendwo stehen sollte, dann wäre ich verblüfft.

Probleme habe ich nicht. Das Einzige war halt der Account-Hack und daraufhin wurde ich misstrauisch.
Ansonsten läuft alles wie gewohnt. Schnurrt wie ein Kätzchen

Hmmm, System scheint sauber zu sein. 100% sicher kann man ja nie sein.
Aber irgendwie müssen die ja an das Passwort gekommen sein?!?
Irgendeine Erklärung oder weitere Tipps?

Alt 08.07.2011, 06:02   #11
kira
/// Helfer-Team
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Ich habe mich verschrieben..., hast Du ja Kaspersky drauf! aber egal welches Antiviren-Programm Du bereits installiert hast, Bitdefender sollte abgeschaltet werden!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner -> Zeitweise laufen lassen:-> Anleitung
         
2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes:
Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung

5.
Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus
- Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern (► am besten von einem anderen, nicht-infizierten Rechner aus! )
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

6.
Download den Internet Explorer 9! Wenn auch Du ihn nicht verwenden möchtest, gehört Quasi zur Standard-Ausstattung unter Windows...
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 08.07.2011, 16:00   #12
Lexore
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Ach die Tools behalte ich doch mal. Das meiste davon hatte ich eh schon auf dem Rechner.

Habe ja schon auf die IE9 Meldung von dir gewartet
Hatte ich gerade gestern installiert und gleich wieder sperren lassen.

Das war es dann wohl? Schade, dass man den Grund nun nicht herausfindet.
Ist mir noch son Dorn im Auge.

Und nochmals

Alt 09.07.2011, 09:06   #13
kira
/// Helfer-Team
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Wenn Du keine Probleme mehr hast, können wir damit dann Deinen Thread schließen?

Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 09.07.2011, 15:02   #14
Lexore
 
Battle.net Account gehackt - Standard

Battle.net Account gehackt



Joa, der Thread kann geschlossen werden.

Antwort

Themen zu Battle.net Account gehackt
0x00000001, alternate, battle.net, benutzerregistrierung, bho, c:\windows\system32\rundll32.exe, error, excel, excel.exe, firefox, format, geld, heur, heur:, hijack, hijackthis, install.exe, kaspersky, langs, launch, league of legends, logfile, mozilla, netzwerk, pando media booster, performance, plug-in, problem, registry, required, rundll, scan, security, server, shortcut, software, sptd.sys, start menu, super, syswow64, tastatur, teamspeak, udp, vista



Ähnliche Themen: Battle.net Account gehackt


  1. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  2. WoW Account gehackt
    Log-Analyse und Auswertung - 08.10.2014 (5)
  3. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  4. Battle.net Account gehackt; Wurm eingefangen?
    Log-Analyse und Auswertung - 24.08.2012 (5)
  5. Battle.net-Acc wurde gehackt nach Echtgeldeinkauf
    Log-Analyse und Auswertung - 21.08.2012 (21)
  6. GMX-Account gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  7. Account gehackt!
    Log-Analyse und Auswertung - 08.08.2011 (19)
  8. Battle.net Account Gehackt-> Pc infiziert?
    Log-Analyse und Auswertung - 01.07.2011 (4)
  9. battle.net/WoW Account gehackt, Trojaner
    Log-Analyse und Auswertung - 18.02.2011 (5)
  10. Battle.net (wow) Account gehackt - Trotzdem nichts zu finden
    Log-Analyse und Auswertung - 17.01.2011 (9)
  11. verdächtiges verhalten im battle-net account
    Log-Analyse und Auswertung - 16.01.2011 (2)
  12. Account gehackt
    Log-Analyse und Auswertung - 30.03.2010 (13)
  13. wow-account gehackt
    Log-Analyse und Auswertung - 14.12.2009 (5)
  14. WoW - Account gehackt und nun
    Log-Analyse und Auswertung - 01.09.2009 (27)
  15. MSN account gehackt
    Plagegeister aller Art und deren Bekämpfung - 01.02.2009 (4)
  16. Account gehackt
    Log-Analyse und Auswertung - 24.06.2008 (1)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema Battle.net Account gehackt - Huhu, das Problem kennen wohl viele, mein Battle.net Account wurde gehackt. Anscheinend hat jemand mein schon lange auf Eis liegenden WoW-Account wieder reaktiviert und das übliche ist passiert. Charaktere gelöscht, - Battle.net Account gehackt...
Archiv
Du betrachtest: Battle.net Account gehackt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.