Hallo und guten Morgen Forum !

Habe mir heute Nacht den Ukash Trojaner eingefangen und mit Malwarebytes
http://www.trojaner-board.de/51187-a...i-malware.html einen Schädling gefunden und entfernt . Leider habe ich von diesem Scan nicht die Log Datei gespeichert . Nach einem erneuten Scan fand er diesen nicht mehr aber das Problem mit Ukash ist im normalen Modus immer noch vorhanden
Ich hoffe mir kann hier geholfen werden !

hier die Log-Dateien von Malware und OTL :

Malware :

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.07.13

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Mineor :: MINEOR-PC [Administrator]

26.09.2012 01:11:24
mbam-log-2012-09-26 (01-11-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442306
Laufzeit: 57 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

OTL Extra :

Code: Alles auswählenAufklappen

ATTFilter

 OTL Extras logfile created on: 26.09.2012 07:03:13 - Run 1
OTL by OldTimer - Version 3.2.68.0     Folder = C:\Users\Mineor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 68,76% Memory free
6,74 Gb Paging File | 5,88 Gb Available in Paging File | 87,22% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,28 Gb Total Space | 77,58 Gb Free Space | 66,15% Space Free | Partition Type: NTFS
Drive D: | 83,01 Gb Total Space | 31,99 Gb Free Space | 38,54% Space Free | Partition Type: NTFS
Drive E: | 32,59 Gb Total Space | 6,53 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
 
Computer Name: MINEOR-PC | User Name: Mineor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05109B9B-7879-4142-A692-158D9758D221}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0D347DBD-D291-4989-97C0-D917FA59366E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17402E63-10DC-4BF3-9FD1-742198730AFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BFFD5F6-8B1C-4A27-BB30-880F24E05FEC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\rpcagentsrv.exe | 
"{5CF2D844-F0BE-4B96-AF91-BBDA616A409C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe | 
"{9CFE1779-7FDE-4554-AD5E-5BAE0784172D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AC90B5E7-C3B9-4C97-853E-C62498AF14F2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe | 
"{C73B1063-5F64-4DA4-B96E-6BCA4FA3E324}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CDC7FA6D-4471-4F26-BCCF-9E3DF346F05D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe | 
"{D0458AEA-82FF-4AD9-9AB5-5D6FB98A6951}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E1078FB2-CC13-4429-8EEB-FE51F57D20B8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E610EB80-A34A-41D0-8300-61B56D8F0170}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06029946-16DD-4093-ADFF-2A88E632B1D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1CC91CF0-83D2-44C3-81BA-99B708C19F7A}" = protocol=17 | dir=in | app=d:\i am alive\iamalive_launcher.exe | 
"{1D1D3080-AA5B-46D8-8A1F-797BEFE5DD3A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{22128179-6D7E-4E3C-BBDD-144C6CCC3625}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{246ACB19-080B-4431-8C6F-51A182E990E0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2D903187-E066-4B17-AACA-0D2D4FF03796}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{38B5E6C7-C627-4A81-84F8-59A391A96A92}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{3F53132E-E215-4088-A87A-0054A9ADF7B2}" = protocol=17 | dir=in | app=d:\i am alive\src\system\iamalive_game.exe | 
"{438646BD-C86E-45C6-A418-30A9195F7DE8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{478FB532-3B3C-4D68-BEE6-5AD2A394BADB}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{4AF9C0F2-FAA0-42A1-BB20-8065F2C088A6}" = protocol=6 | dir=in | app=d:\i am alive\iamalive_launcher.exe | 
"{4D5A7FCA-D0C8-4640-AF15-EE23FEA05430}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{556E5CAF-0859-4357-9505-5CCCD50D3177}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{5DEF4EF5-74D8-479E-B3D2-A5080B7F7502}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{62DD8354-B398-4573-A06D-2D5C7307CE9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{694E2716-75D9-407A-83D4-AC792CD80615}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{6D5ACBAE-EF15-4F07-BDF4-1B0EADE3D2D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6E3398BD-C3D2-4A4F-B792-56933AC0A0C8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{71B95B0A-909B-4250-8A20-89B10D895322}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{728BFFFE-E7CE-49EA-9864-4BA6C9713ECA}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{735EC965-A275-4124-828B-836EDC386774}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{739B7C80-8326-4ECB-900B-C91FDEFD8409}" = protocol=6 | dir=in | app=d:\i am alive\src\system\iamalive_game.exe | 
"{86990445-D24E-445C-8381-DC855EFF7CE5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{97B4A9F1-B5C5-4D31-B677-E9714AA6A8BD}" = protocol=17 | dir=in | app=d:\civ4\civilization4.exe | 
"{9CDAB533-713F-4514-9086-BE3BE4914EB9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{9E28A74C-C65E-46E9-8937-7943F6103279}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{A4985047-8D83-4283-9DE0-F6547D6D20EC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A4E49996-68E7-4F78-BF42-3600CB5E677B}" = protocol=17 | dir=in | app=d:\civ4\warlords\civ4warlords.exe | 
"{AA3E9C29-AC77-4191-A0F0-18424E72809A}" = protocol=17 | dir=in | app=d:\civ4\beyond the sword\civ4beyondsword.exe | 
"{AB8244F0-7A46-4DD4-A618-95FBE33FFF8A}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B2F2904F-E5A8-4A60-812F-8D89091582E6}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{B36FEDC3-B095-4BAB-BCCC-E7ADA1A04C77}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B5663D08-3FD1-4E25-A049-A99782D9BB31}" = protocol=6 | dir=in | app=d:\civ4\warlords\civ4warlords.exe | 
"{BEB2DECB-27BB-4FA6-8314-466EE5371B8E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D1B4ED40-7CBA-438D-9970-93D48A7B889B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D8702C19-8F75-4371-8238-1C62647EF617}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EAFF23C6-6383-4426-BAD1-927B0754E4BB}" = protocol=6 | dir=in | app=d:\civ4\civilization4.exe | 
"{F452CF2C-6BEC-4769-8942-A8EECB6E3BD1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{F5871539-3CB1-4695-AC03-C917DB25EB67}" = protocol=6 | dir=in | app=d:\civ4\beyond the sword\civ4beyondsword.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1DEEB744-7F1F-4473-993D-13DE2F989577}" = Logitech CallCentral
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.4
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54F5EAE1-2B88-4F4A-8706-12787E1E34BF}" = calibre
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80B917EF-75C7-46F0-87D9-DE90A309ACB5}" = Fate of the World
"{83C9E961-1A33-444E-B3A9-5CE3B941888A}" = Six Updater
"{8635EC47-3ED6-44B3-8394-A22C8EB01FC2}" = Fate of the World DLC: Denial
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{999A2E61-63EE-61BF-26E4-0C7B8B2A0BE2}" = Media Go Video Playback Engine 1.8.108.02120
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BC97E7F-8E26-44B8-841A-C5262754FC89}" = LG United Mobile Drivers
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}" = WOT Statistics
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B54313C5-B581-434E-84BB-D87BBE5AB08A}" = Fate of the World DLC: Migration
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8FA4B2B-67A0-18D0-77DD-F08405016F37}" = ATI Catalyst Install Manager
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C221B517-EC02-4DD3-95A6-958C02DD86F2}_is1" = SP_Mod_1
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite XII.SP2c
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D60924D0-86C6-441B-BD39-BA3037508976}" = NVIDIA PhysX Unreal Tournament 3 Mods
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"ACDLabs in e__ACDFREE12_" = ACD/Labs Software in e:\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alt.Binz" = Alt.Binz 0.25.0
"ArtMoney SE_is1" = ArtMoney SE v7.31
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"BASE 1.5" = BASE 1.5
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DCoder Image Source" = DCoder Image Source (remove only)
"DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1" = FLAC to MP3 Converter 6.1.9
"DivX Setup.divx.com" = DivX-Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.0.0 Home Edition
"Eraser 5.3" = Eraser 5.3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Explorer Suite_is1" = Explorer Suite III
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free Download Manager_is1" = Free Download Manager 3.9
"Free Studio_is1" = Free Studio version 5.2.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.16
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
"Hattrick Control_is1" = Hattrick Control 2.02
"Hattrick Organizer" = Hattrick Organizer (remove only)
"Hearts of Iron 2 Doomsday Armageddon_is1" = HOI2 Doomsday Armageddon 1.2
"Impulse" = Impulse
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Jagged Alliance 2" = Jagged Alliance 2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"LVoIPDrv" = Logitech® VoIP-Treiber
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Medion GoPal Assistant" = Medion GoPal Assistant 4.00.0042
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.4.0c
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"PC Wizard 2008_is1" = PC Wizard 2008.1.83
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"RADVideo" = RAD Video Tools
"Rossmann Fotoservice_is1" = Rossmann Fotoservice 2.6
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SP6" = Logitech SetPoint 6.0
"Steam App 16830" = Sid Meier's Civilization V SDK
"Streamripper" = Streamripper (Remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.2
"voxware_is1" = Voxware Audio decoder 1.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"X3 Bonuspaket_is1" = X3 Bonuspaket 3.1.07
"XBCD" = XBCD 1.07
"XMedia Recode" = XMedia Recode 3.0.9.4
"xp-AntiSpy" = xp-AntiSpy 3.96-6
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"World War 2 Time of Wrath" = World War 2 Time of Wrath
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.09.2012 19:41:48 | Computer Name = Mineor-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.09.2012 19:41:49 | Computer Name = Mineor-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.09.2012 19:41:49 | Computer Name = Mineor-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.09.2012 19:41:49 | Computer Name = Mineor-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.09.2012 19:41:49 | Computer Name = Mineor-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.09.2012 19:41:49 | Computer Name = Mineor-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.09.2012 19:41:49 | Computer Name = Mineor-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.09.2012 19:41:49 | Computer Name = Mineor-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 25.09.2012 17:52:15 | Computer Name = Mineor-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2012 18:51:16 | Computer Name = Mineor-PC | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 25.09.2012 18:50:34 | Computer Name = Mineor-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.09.2012 um 00:48:06 unerwartet heruntergefahren.
 
Error - 25.09.2012 18:51:06 | Computer Name = Mineor-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25.09.2012 18:51:06 | Computer Name = Mineor-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25.09.2012 18:51:06 | Computer Name = Mineor-PC | Source = LSM | ID = 1048
Description = 
 
Error - 25.09.2012 18:51:16 | Computer Name = Mineor-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25.09.2012 18:51:20 | Computer Name = Mineor-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25.09.2012 18:51:26 | Computer Name = Mineor-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25.09.2012 18:51:27 | Computer Name = Mineor-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25.09.2012 18:51:39 | Computer Name = Mineor-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 18:51:39 | Computer Name = Mineor-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         

OTL Logfile

Code: Alles auswählenAufklappen

ATTFilter

 OTL logfile created on: 26.09.2012 07:03:13 - Run 1
OTL by OldTimer - Version 3.2.68.0     Folder = C:\Users\Mineor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 68,76% Memory free
6,74 Gb Paging File | 5,88 Gb Available in Paging File | 87,22% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,28 Gb Total Space | 77,58 Gb Free Space | 66,15% Space Free | Partition Type: NTFS
Drive D: | 83,01 Gb Total Space | 31,99 Gb Free Space | 38,54% Space Free | Partition Type: NTFS
Drive E: | 32,59 Gb Total Space | 6,53 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
 
Computer Name: MINEOR-PC | User Name: Mineor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.26 01:00:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
PRC - [2009.11.22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.16 07:45:07 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.14 02:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.27 09:25:06 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.06.27 09:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.05.08 19:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 19:00:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.01.29 23:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.04.11 00:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.04.22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.31 16:33:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.07.31 16:29:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PdiPorts.sys -- (PdiPorts)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a1qhlcnc)
DRV - [2012.05.08 19:00:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:00:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.06 23:17:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.05.06 23:17:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011.09.16 17:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.05.25 04:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.12.02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.09 14:19:21 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.06.09 14:19:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.11.22 16:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.11.10 13:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.11.10 13:55:24 | 000,079,504 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.11.10 13:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.11.10 13:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.11.10 13:54:04 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.11.10 13:53:56 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.09.29 09:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 09:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 09:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.04.10 22:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.02.20 07:17:50 | 000,095,760 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.01.13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.01.13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.01.13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.01.13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008.12.20 02:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008.11.19 18:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.19 18:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.19 18:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.10.29 17:29:54 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008.03.10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.02.22 15:54:52 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007.07.31 16:29:04 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006.11.15 16:24:54 | 000,048,128 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atl01v32.sys -- (AtcL001)
DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.daemonsearch.com/intl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledItems: {fd048119-78ee-487f-8fb1-1668d3a6859b}:2.6.1
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mineor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 06:35:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.21 14:51:02 | 000,000,000 | ---D | M]
 
[2008.10.12 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Extensions
[2012.09.25 23:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions
[2011.02.07 23:54:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.06 13:16:06 | 000,000,000 | ---D | M] ("PsicoTSI") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
[2008.06.24 15:46:07 | 000,000,000 | ---D | M] ("SkillRaise Tool") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{90ab4b7a-dfc8-420b-a205-eae16593e719}
[2012.09.25 23:38:00 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2011.10.20 21:54:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.07.24 08:11:44 | 000,000,000 | ---D | M] (Alltid Hattrick Statistics) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{fd048119-78ee-487f-8fb1-1668d3a6859b}
[2009.04.21 20:46:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com
[2011.09.07 00:01:50 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2012.07.23 06:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.03 21:39:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.21 14:51:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech CallCentral] C:\Program Files\Logitech\CallCentral\CallCentral.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [fekoklhqhdukcyv] C:\ProgramData\fekoklhq.exe ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\ICQ7M\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\ICQ7M\ICQ.exe File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F85BDFF-5784-407C-AF42-95A442EFB587}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mineor\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mineor\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{42406e2c-1a27-11e0-b805-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6701f21f-add3-11dd-bb59-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\cdstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.26 01:00:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
[2012.09.25 23:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ateisktyhgbvliw
[2012.09.25 10:40:03 | 000,000,000 | ---D | C] -- C:\Users\Mineor\AppData\Local\DOSBox
[2012.09.24 23:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
[2012.09.06 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Mineor\Documents\IAmAlive
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.26 01:00:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
[2012.09.26 00:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.26 00:46:20 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 00:46:20 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 00:07:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.25 23:44:30 | 000,076,346 | ---- | M] () -- C:\ProgramData\hjabjdlnztwiqna
[2012.09.25 23:44:24 | 000,088,064 | ---- | M] () -- C:\ProgramData\fekoklhq.exe
[2012.09.25 10:39:57 | 000,000,024 | ---- | M] () -- C:\Windows\.conf
[2012.09.24 23:20:41 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.09.24 11:43:23 | 000,162,816 | ---- | M] () -- C:\Users\Mineor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.21 21:39:08 | 000,731,246 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.21 21:39:08 | 000,681,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.21 21:39:08 | 000,164,970 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.21 21:39:08 | 000,135,734 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 16:41:59 | 000,000,702 | ---- | M] () -- C:\Users\Mineor\Desktop\IAmAlive_game - Verknüpfung.lnk
[2012.09.02 18:31:44 | 000,002,175 | ---- | M] () -- C:\Users\Mineor\Desktop\WOT Statistics.lnk
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.26 00:07:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.25 23:44:29 | 000,088,064 | ---- | C] () -- C:\ProgramData\fekoklhq.exe
[2012.09.25 23:44:25 | 000,076,346 | ---- | C] () -- C:\ProgramData\hjabjdlnztwiqna
[2012.09.25 10:39:56 | 000,000,024 | ---- | C] () -- C:\Windows\.conf
[2012.09.24 23:20:41 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.09.06 16:41:59 | 000,000,702 | ---- | C] () -- C:\Users\Mineor\Desktop\IAmAlive_game - Verknüpfung.lnk
[2012.03.15 11:14:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.02.23 21:16:22 | 001,236,992 | ---- | C] () -- C:\Windows\System32\spk.dll
[2011.10.06 22:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.08.22 16:22:17 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.08.22 16:22:17 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.08.22 16:22:17 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.08.22 16:22:17 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.08.22 16:22:17 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.07.23 20:41:26 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2011.07.23 20:41:26 | 000,001,320 | ---- | C] () -- C:\Windows\unins000.dat
[2011.07.13 22:07:54 | 000,022,252 | ---- | C] () -- C:\Users\Mineor\ESt2010_Harms_Arne_und_Harms_Stefanie.elfo
[2011.06.03 21:40:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.20 18:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.08 22:04:36 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2009.12.02 13:33:06 | 000,000,760 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\setup_ldm.iss
[2008.12.19 00:22:20 | 000,000,442 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\mdbu.bin
[2008.06.17 16:26:32 | 000,000,020 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\AVSDVDPlayer.m3u
[2008.06.01 23:55:48 | 007,118,848 | ---- | C] () -- C:\ProgramData\sandra.mda
[2007.12.19 13:59:38 | 000,000,094 | ---- | C] () -- C:\Users\Mineor\AppData\Local\fusioncache.dat
[2007.12.15 22:33:46 | 000,000,010 | ---- | C] () -- C:\Users\Mineor\ho.dir
[2007.12.15 22:31:23 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.15 21:57:07 | 000,162,816 | ---- | C] () -- C:\Users\Mineor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.15 21:13:45 | 000,139,152 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\PnkBstrK.sys
[2007.12.15 18:44:38 | 000,001,356 | ---- | C] () -- C:\Users\Mineor\AppData\Local\d3d9caps.dat
[2005.04.08 04:16:43 | 000,092,573 | -H-- | C] () -- C:\Users\Mineor\AppData\Roaming\Mineorlog.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.10.28 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\4113C8D3B5AFC42F58618C8B41F8027C
[2008.12.01 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Acreon
[2009.11.19 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Advanced Chemistry Development
[2011.10.15 08:53:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Ashampoo
[2012.01.23 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Auslogics
[2010.11.26 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\calibre
[2012.07.11 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Canneverbe Limited
[2011.08.12 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Code Force Limited
[2008.02.28 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\CommunicaEtor
[2010.03.02 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Der Planer 4
[2010.10.28 15:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DisplayTune
[2011.10.22 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Dropbox
[2012.07.26 19:57:14 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoft
[2011.10.20 21:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.24 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Echidna LLC
[2012.07.20 11:01:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\EoN
[2009.06.21 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FFSJ
[2010.04.21 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FileZilla
[2012.06.21 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FLAC to MP3 Converter
[2012.06.02 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\fotw
[2012.03.27 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Foxit Software
[2012.07.12 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Free Download Manager
[2010.08.30 10:29:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FreeOrion
[2011.07.03 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GetRightToGo
[2008.06.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant
[2011.09.04 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GrabIt
[2012.06.13 07:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ICQ
[2010.07.16 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Imperium Romanum
[2012.06.02 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Kalypso Media
[2009.12.02 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Leadertech
[2011.01.08 00:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ML
[2008.06.17 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MPEG Streamclip
[2010.02.28 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MudTV
[2009.10.25 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\NationRed
[2008.03.08 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Newsbin
[2009.10.08 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\OpenOffice.org
[2010.09.01 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ProtectDISC
[2009.01.25 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Silver Style Entertainment
[2012.06.14 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-updater
[2012.06.14 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-zsync
[2012.06.02 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SKD
[2008.02.24 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Soldat
[2010.05.14 12:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony
[2010.05.14 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony Setup
[2008.10.20 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Stardock
[2009.07.10 14:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\streamripper
[2012.04.03 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\The Creative Assembly
[2009.02.08 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Tobit
[2012.01.26 08:47:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\TS3Client
[2011.09.28 08:48:33 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ts3overlay
[2007.12.19 14:48:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Turbine
[2012.07.18 07:57:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unity
[2011.09.06 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unzbin
[2012.09.24 23:21:47 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\wargaming.net
[2012.08.11 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WOT Statistics
[2012.04.29 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\XMedia Recode
[2011.08.12 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ZombieDriver
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         

komisch finde ich , das nix gefunden wird bei einem erneuten Scan von Malwarebytes.. ?!

Gruß

Mineor

Zitat:

Leider habe ich von diesem Scan nicht die Log Datei gespeichert .

Malwarebytes starten => Klick auf Reiter Logdateien => da sollten alle Logs sein

Ohja , habe sie gefunden

hier ist die Log-Datei :

Malwarebytes

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.07.13

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Mineor :: MINEOR-PC [Administrator]

26.09.2012 00:41:13
mbam-log-2012-09-26 (00-41-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196159
Laufzeit: 3 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Mineor\0.2060116205079756.exe (Exploit.Drop.UR.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

der Erreger ist im Moment in Quarantäne , soll ich ihn da lassen ?

Sind das nun alle Logs?!

Zitat:

der Erreger ist im Moment in Quarantäne , soll ich ihn da lassen ?

Was habt ihr alle immer nur mit der Quarantäne?
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Ja , das sind alle Logs die ich gemacht habe .

sind noch andere Logs vonnöten ?

Gruß

Mineor

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code: Alles auswählenAufklappen

ATTFilter

 hier steht das Log
         

Moin ,

würde gerne ESET starten , nur verlangt das Programm von mir das ich
de Proy konfigurieren soll . Leider habe ich davon keine Ahnung
Hoffe Du kannst mir dabei helfen !

Habe WinVista und "arbeite" im abgesicherten Modus , da halt die normale
Oberfläche nicht funktioniert.

Gruß

Mineor

Bitte prüfen


Falsche Proxy Einstellungen entfernen

• Klicke im Start-Menü unter "Einstellungen" auf "Systemsteuerung" -> "Internetoptionen".
• Wähle die Karteikarte "Verbindungen->Lan-Einstellungen“ und überprüfe ob bei Proxyserver ein Häkchen steht,
  wenn ja -> Entfernen, dann -> OK (sofern nicht richtige Eintragung)

Hallo ,

bei den Einstellungen war kein Häkchen gesetzt . Habe das Häkchen bei "Automatische Suche " gesetzt (und wieder rausgenommen) aber das hat auch nichts gebracht

Ich habe es auch mit Firefox ausprobiert , aber da das selbe in Grün .

ESET gibt halt immer noch den Hinweis , das es kein Update durchführen kann und ob der Proxy gesetzt ist .

Gruß

Mineor

Dann überspringen wir ESET erstmal

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Suche.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Hier das Log :

Code: Alles auswählenAufklappen

ATTFilter

 # AdwCleaner v2.003 - Datei am 09/27/2012 um 18:26:00 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Mineor - MINEOR-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Mineor\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\AskBarDis

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\AskBarDis
Schlüssel Gefunden : HKCU\Software\Headlight
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\prefs.js

Gefunden : user_pref("extensions.snipit.askTbInstalled", true);

-\\ Chromium v [Version kann nicht ermittelt werden]

Datei : C:\Users\Mineor\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3510 octets] - [27/09/2012 18:26:00]

########## EOF - C:\AdwCleaner[R1].txt - [3570 octets] ##########
         

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Löschen.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Moin ,

hier die Log-Datei vom Löschvorgang :

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.003 - Datei am 09/28/2012 um 06:27:50 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Mineor - MINEOR-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Mineor\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\AskBarDis

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskBarDis
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\prefs.js

Gelöscht : user_pref("extensions.snipit.askTbInstalled", true);

-\\ Chromium v [Version kann nicht ermittelt werden]

Datei : C:\Users\Mineor\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3639 octets] - [27/09/2012 18:26:00]
AdwCleaner[S1].txt - [3829 octets] - [28/09/2012 06:27:50]

########## EOF - C:\AdwCleaner[S1].txt - [3889 octets] ##########
         

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hallo cosinus ,

zu 1.

Nein , der normale Modus von Windows geht leider noch nicht

zu 2.

Nein , sieht alles gut aus


Gruß

Mineor