Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internet Explore geht immer auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.02.2010, 11:59   #1
Moritz93
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Wie gesagt der Internet explorer geht immer auf und seit neusten habe ich eine exe laufen die kk1 heist hat das was zu bedeuten???

Hier auch Hijackers
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:51, on 02.02.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Moritz\AppData\Local\Temp\Kk0.exe
C:\Program Files (x86)\Hama\Common\RaUI.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Runes of Magic\Client.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Moritz\AppData\Local\Temp\Kk1.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Users\Moritz\AppData\Local\Temp\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [BMIMZMHMFM] C:\Users\Moritz\AppData\Local\Temp\Kk1.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files (x86)\Hama\Common\RaUI.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD Fusion Utility Service (AMDFusionSVC) - Advanced Micro Devices - C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7856 bytes

Alt 03.02.2010, 13:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Hallo und

Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Mach bitte einen Durchgang mit Malwarebytes und poste das Log.
__________________

__________________

Alt 03.02.2010, 14:25   #3
Moritz93
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Ok danke schonmal an dich hier ist das mit dem malware programm

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3683
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.02.2010 15:24:16
mbam-log-2010-02-03 (15-24-13).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 97247
Laufzeit: 1 minute(s), 32 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
C:\Users\Moritz\AppData\Local\Temp\Kk0.exe (Trojan.Downloader) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmimzmhmfm (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.FakeAlert) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Moritz\AppData\Local\Temp\Kk0.exe (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
__________________

Alt 03.02.2010, 15:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Hast Du die Funde auch entfernt?

Bitte Logs mit OTL machen:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2010, 15:51   #5
Moritz93
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Ähm ja ich habe die files bei dem malware programm alle gelöscht und seitdem habe ich noch keine kk1/0 exe wieder gesehen

und hier die daten von dem OTL Programm

OTL Extras logfile created on: 03.02.2010 16:47:08 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Moritz\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 199,75 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAPTAINHOOK
Current User Name: Moritz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{12C85315-0989-4C28-8956-33458F464DD6}" = The Chronicles of Riddick - Assault on Dark Athena
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1596098A-FCEC-48F0-B7C7-08A31B771031}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion Utility for Desktops
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DEDF2885-0086-4534-9912-F9B97377ED07}" = AGEIA GAME System Software
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}" = Razer Krait
"{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArenaWarsReloaded" = ArenaWarsReloaded
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"Borderlands" = Borderlands
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"CCleaner" = CCleaner
"Fraps" = Fraps
"Free Studio_is1" = Free Studio version 4.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"LG USB Booster_is1" = Booster 1.03
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Saw" = Saw Game
"SpeedFan" = SpeedFan (remove only)
"Steam App 9480" = Saints Row 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.01.2010 12:54:32 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4445c334 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x47e2d72b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0ea3553e
ID
des fehlerhaften Prozesses: 0xc28 Startzeit der fehlerhaften Anwendung: 0x01caa1c7be4b99e1
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\CS-Source\CSS\hl2.exe Pfad des
fehlerhaften Moduls: filesystem_steam.dll Berichtskennung: 22fa91cc-0dc0-11df-8ceb-001966f3466e

Error - 30.01.2010 13:35:15 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4445c334 Name des fehlerhaften Moduls: d3d9.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bd9a9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00036c53 ID des fehlerhaften Prozesses:
0xf60 Startzeit der fehlerhaften Anwendung: 0x01caa1cf78f279bd Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\CS-Source\CSS\hl2.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\d3d9.dll Berichtskennung: d31ea326-0dc5-11df-8ceb-001966f3466e

Error - 30.01.2010 13:48:54 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4445c334 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x47e2d72b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0035553e
ID
des fehlerhaften Prozesses: 0x8d8 Startzeit der fehlerhaften Anwendung: 0x01caa1d29e3af969
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\CS-Source\CSS\hl2.exe Pfad des
fehlerhaften Moduls: filesystem_steam.dll Berichtskennung: bb4844cc-0dc7-11df-8ceb-001966f3466e

Error - 30.01.2010 18:29:48 | Computer Name = CaptainHook | Source = VSS | ID = 8194
Description =

Error - 30.01.2010 20:11:31 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 6.5.0.2024, Zeitstempel:
0x4b010ef1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x007400e1 ID des fehlerhaften Prozesses:
0x11f4 Startzeit der fehlerhaften Anwendung: 0x01caa1f23a820809 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\ICQ6.5\ICQ.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
2eca9058-0dfd-11df-8ceb-001966f3466e

Error - 30.01.2010 22:01:51 | Computer Name = CaptainHook | Source = Application Hang | ID = 1002
Description = Programm SawGame.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2a8 Startzeit:
01caa219518619bd Endzeit: 2 Anwendungspfad: C:\Users\Public\Games\Konami\Saw\Binaries\SawGame.exe

Berichts-ID:
976cc6e8-0e0c-11df-8ceb-001966f3466e

Error - 31.01.2010 09:57:55 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: krait.cpl, Version: 4.0.0.4,
Zeitstempel: 0x4397c7eb Ausnahmecode: 0xc0000005 Fehleroffset: 0x000015d7 ID des fehlerhaften
Prozesses: 0x828 Startzeit der fehlerhaften Anwendung: 0x01caa27d6283863a Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\rundll32.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\krait.cpl Berichtskennung: a0e2e272-0e70-11df-8b6c-001966f3466e

Error - 01.02.2010 05:26:32 | Computer Name = CaptainHook | Source = VSS | ID = 8194
Description =

Error - 02.02.2010 09:13:06 | Computer Name = CaptainHook | Source = VSS | ID = 8194
Description =

Error - 02.02.2010 10:16:41 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Client.exe, Version: 2.1.5.2050,
Zeitstempel: 0x4b5979d5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c9cd ID des fehlerhaften
Prozesses: 0x1060 Startzeit der fehlerhaften Anwendung: 0x01caa40a26c047ac Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Runes of Magic\Client.exe Pfad des
fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 94bc9c24-1005-11df-aa02-001966f3466e

[ System Events ]
Error - 02.02.2010 09:09:24 | Computer Name = CaptainHook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio StarOpen

Error - 02.02.2010 16:14:28 | Computer Name = CaptainHook | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 02.02.2010 16:14:28 | Computer Name = CaptainHook | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 02.02.2010 16:14:54 | Computer Name = CaptainHook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio StarOpen

Error - 03.02.2010 04:39:57 | Computer Name = CaptainHook | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 03.02.2010 04:39:57 | Computer Name = CaptainHook | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 03.02.2010 04:40:24 | Computer Name = CaptainHook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio StarOpen

Error - 03.02.2010 05:56:19 | Computer Name = CaptainHook | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 03.02.2010 06:03:19 | Computer Name = CaptainHook | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 03.02.2010 06:03:19 | Computer Name = CaptainHook | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.


< End of report >


Alt 03.02.2010, 16:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Das andere Log von OTL brauch ich auch
__________________
--> Internet Explore geht immer auf

Alt 03.02.2010, 16:23   #7
Moritz93
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Das hier???
Übrigens seitdem ich diese malware benutzt habe ist alles bis jetzt weg
ist das problem vllt behoben?

OTL Extras logfile created on: 03.02.2010 16:47:08 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Moritz\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 199,75 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAPTAINHOOK
Current User Name: Moritz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{12C85315-0989-4C28-8956-33458F464DD6}" = The Chronicles of Riddick - Assault on Dark Athena
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1596098A-FCEC-48F0-B7C7-08A31B771031}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion Utility for Desktops
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DEDF2885-0086-4534-9912-F9B97377ED07}" = AGEIA GAME System Software
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}" = Razer Krait
"{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArenaWarsReloaded" = ArenaWarsReloaded
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"Borderlands" = Borderlands
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"CCleaner" = CCleaner
"Fraps" = Fraps
"Free Studio_is1" = Free Studio version 4.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"LG USB Booster_is1" = Booster 1.03
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Saw" = Saw Game
"SpeedFan" = SpeedFan (remove only)
"Steam App 9480" = Saints Row 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.01.2010 12:54:32 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4445c334 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x47e2d72b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0ea3553e
ID
des fehlerhaften Prozesses: 0xc28 Startzeit der fehlerhaften Anwendung: 0x01caa1c7be4b99e1
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\CS-Source\CSS\hl2.exe Pfad des
fehlerhaften Moduls: filesystem_steam.dll Berichtskennung: 22fa91cc-0dc0-11df-8ceb-001966f3466e

Error - 30.01.2010 13:35:15 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4445c334 Name des fehlerhaften Moduls: d3d9.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bd9a9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00036c53 ID des fehlerhaften Prozesses:
0xf60 Startzeit der fehlerhaften Anwendung: 0x01caa1cf78f279bd Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\CS-Source\CSS\hl2.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\d3d9.dll Berichtskennung: d31ea326-0dc5-11df-8ceb-001966f3466e

Error - 30.01.2010 13:48:54 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4445c334 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x47e2d72b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0035553e
ID
des fehlerhaften Prozesses: 0x8d8 Startzeit der fehlerhaften Anwendung: 0x01caa1d29e3af969
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\CS-Source\CSS\hl2.exe Pfad des
fehlerhaften Moduls: filesystem_steam.dll Berichtskennung: bb4844cc-0dc7-11df-8ceb-001966f3466e

Error - 30.01.2010 18:29:48 | Computer Name = CaptainHook | Source = VSS | ID = 8194
Description =

Error - 30.01.2010 20:11:31 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 6.5.0.2024, Zeitstempel:
0x4b010ef1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x007400e1 ID des fehlerhaften Prozesses:
0x11f4 Startzeit der fehlerhaften Anwendung: 0x01caa1f23a820809 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\ICQ6.5\ICQ.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
2eca9058-0dfd-11df-8ceb-001966f3466e

Error - 30.01.2010 22:01:51 | Computer Name = CaptainHook | Source = Application Hang | ID = 1002
Description = Programm SawGame.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2a8 Startzeit:
01caa219518619bd Endzeit: 2 Anwendungspfad: C:\Users\Public\Games\Konami\Saw\Binaries\SawGame.exe

Berichts-ID:
976cc6e8-0e0c-11df-8ceb-001966f3466e

Error - 31.01.2010 09:57:55 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: krait.cpl, Version: 4.0.0.4,
Zeitstempel: 0x4397c7eb Ausnahmecode: 0xc0000005 Fehleroffset: 0x000015d7 ID des fehlerhaften
Prozesses: 0x828 Startzeit der fehlerhaften Anwendung: 0x01caa27d6283863a Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\rundll32.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\krait.cpl Berichtskennung: a0e2e272-0e70-11df-8b6c-001966f3466e

Error - 01.02.2010 05:26:32 | Computer Name = CaptainHook | Source = VSS | ID = 8194
Description =

Error - 02.02.2010 09:13:06 | Computer Name = CaptainHook | Source = VSS | ID = 8194
Description =

Error - 02.02.2010 10:16:41 | Computer Name = CaptainHook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Client.exe, Version: 2.1.5.2050,
Zeitstempel: 0x4b5979d5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c9cd ID des fehlerhaften
Prozesses: 0x1060 Startzeit der fehlerhaften Anwendung: 0x01caa40a26c047ac Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Runes of Magic\Client.exe Pfad des
fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 94bc9c24-1005-11df-aa02-001966f3466e

[ System Events ]
Error - 02.02.2010 09:09:24 | Computer Name = CaptainHook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio StarOpen

Error - 02.02.2010 16:14:28 | Computer Name = CaptainHook | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 02.02.2010 16:14:28 | Computer Name = CaptainHook | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 02.02.2010 16:14:54 | Computer Name = CaptainHook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio StarOpen

Error - 03.02.2010 04:39:57 | Computer Name = CaptainHook | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 03.02.2010 04:39:57 | Computer Name = CaptainHook | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 03.02.2010 04:40:24 | Computer Name = CaptainHook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio StarOpen

Error - 03.02.2010 05:56:19 | Computer Name = CaptainHook | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 03.02.2010 06:03:19 | Computer Name = CaptainHook | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 03.02.2010 06:03:19 | Computer Name = CaptainHook | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.


< End of report >

Alt 03.02.2010, 16:26   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Jetzt hast Du 2x die extras.txt gepostet, ich will aber die OTL.txt haben
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2010, 16:29   #9
Moritz93
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Ok sry es müsste dann das hier sein

OTL logfile created on: 03.02.2010 16:47:08 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Moritz\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 199,75 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAPTAINHOOK
Current User Name: Moritz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Moritz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Windows\vsnpstd3.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Moritz\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (Irmon) -- C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AMDFusionSVC) -- C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NBService) -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\drivers\AmdLLD64.sys (Advanced Micro Devices)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (acedrv09) -- C:\Windows\SysWOW64\acedrv09.dll ()
DRV - (avgntflt) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgntflt.sys (Avira GmbH)
DRV - (CSC) -- C:\Windows\CSC [2009.12.15 19:50:04 | 000,000,000 | ---D | M]
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys ()
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\snpstd3.ini ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 A0 A2 8E 86 A2 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.01.23 11:03:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.23 11:03:01 | 000,000,000 | ---D | M]

[2009.12.17 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions
[2009.12.17 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\qrx0sji4.default\extensions
[2010.01.26 18:47:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.23 11:02:58 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.23 11:02:58 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.23 11:02:58 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.23 11:02:58 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.23 11:02:58 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.03 16:45:41 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Moritz\Desktop\OTL.exe
[2010.02.03 16:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.02.03 15:20:34 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Malwarebytes
[2010.02.03 15:20:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.03 15:20:29 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.03 15:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.03 15:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.02 21:33:23 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010.02.02 21:22:07 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Users\Moritz\Desktop\HousecallLauncher.exe
[2010.02.02 15:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.02.02 15:48:03 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Moritz\Desktop\HijackThisInstaller.exe
[2010.02.01 12:35:41 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\NFS Underground 2
[2010.01.31 01:20:15 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Frauenarzt_And_Manny_Marc-Disco_Pogo-WEB-DE-2010-UKHx
[2010.01.30 19:53:53 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Pitbull - The Kraziest (2009)
[2010.01.30 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Ke$ha - Animal (2010)
[2010.01.30 17:17:17 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Fleisch hat immer Saison
[2010.01.28 17:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2010.01.27 12:51:24 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.01.27 12:51:24 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.01.27 12:51:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.01.26 19:25:40 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Counter-Strike CS 1.6 p47
[2010.01.26 18:59:17 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\LogMeIn Hamachi
[2010.01.26 18:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2010.01.26 18:45:41 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Hamachi
[2010.01.25 13:01:00 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\TS3Client
[2010.01.25 13:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2010.01.24 05:35:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.01.24 05:35:15 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\CAPCOM
[2010.01.24 05:30:52 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010.01.24 05:30:52 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010.01.24 05:30:52 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010.01.24 05:30:52 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010.01.24 05:30:51 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010.01.24 05:30:51 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010.01.24 05:30:51 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010.01.24 05:30:51 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010.01.24 05:30:51 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.01.24 05:30:51 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.01.24 05:30:50 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010.01.24 05:30:50 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010.01.24 05:30:49 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010.01.24 05:30:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010.01.24 05:30:47 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010.01.24 05:30:47 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.01.24 05:30:47 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010.01.24 05:30:47 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.01.24 05:30:43 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010.01.24 05:30:43 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.01.24 05:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CAPCOM
[2010.01.24 00:55:28 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Postal 2
[2010.01.24 00:11:21 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\helly-red
[2010.01.24 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\cs 1.6 an 10.0.0.50
[2010.01.23 21:53:47 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Warcraft III 1.20
[2010.01.23 21:22:29 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.01.23 21:11:59 | 000,000,000 | ---D | C] -- C:\Windows\74224F8D4A1748169EDB7BB854DE532C.TMP
[2010.01.22 20:03:46 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\NFS Undercover
[2010.01.22 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Leadertech
[2010.01.22 19:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2010.01.22 19:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010.01.22 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\TrackMania
[2010.01.22 19:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever
[2010.01.22 13:48:33 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\skypePM
[2010.01.22 13:45:12 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Skype
[2010.01.22 13:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.01.22 13:44:02 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.01.22 13:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.01.22 13:05:51 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.01.22 13:05:51 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.01.22 13:05:51 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.01.22 13:05:51 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.01.22 13:05:51 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.01.22 13:05:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.01.19 19:49:10 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\Call of Juarez - Bound in Blood
[2010.01.19 19:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.01.19 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Downloaded Installations
[2010.01.18 18:33:40 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Ahead
[2010.01.18 18:32:43 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Ahead
[2010.01.18 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
[2010.01.18 18:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.01.18 18:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010.01.18 18:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2010.01.18 18:27:58 | 000,000,000 | ---D | C] -- C:\Temp
[2010.01.18 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG USB Booster
[2010.01.18 18:27:22 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vb6stkit.dll
[2010.01.18 18:27:22 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemdisp.tlb
[2010.01.18 18:27:21 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2010.01.18 18:27:21 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6KO.DLL
[2010.01.18 18:27:21 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\SysWow64\lgfwunis.exe
[2010.01.18 18:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lg_fwupdate
[2010.01.18 18:12:48 | 000,000,000 | ---D | C] -- C:\MyWorks
[2010.01.18 18:12:15 | 000,027,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010.01.18 18:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010.01.18 17:48:27 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Auslogics
[2010.01.18 16:25:30 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Rockstar Games
[2010.01.18 16:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.01.18 16:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2010.01.18 16:02:38 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\BitTorrent
[2010.01.18 16:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010.01.17 12:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CS-Source
[2010.01.17 11:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2010.01.17 11:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unreal Tournament 2004
[2010.01.17 10:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters
[2010.01.17 10:39:33 | 000,000,000 | ---D | C] -- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
[2010.01.16 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\EA Games
[2010.01.16 20:53:05 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Left4Dead
[2010.01.16 20:52:15 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Mirror's Edge
[2010.01.16 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\dvdcss
[2010.01.16 20:49:31 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\World of Warcraft
[2010.01.16 18:42:53 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\Call of Duty 4
[2010.01.13 19:54:20 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\kaneandlynch
[2010.01.13 19:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eidos
[2010.01.13 19:25:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.01.13 19:17:12 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.01.13 19:17:12 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.01.13 19:17:12 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.01.13 19:17:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.01.12 15:13:28 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\runic games
[2010.01.12 14:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010.01.12 14:38:02 | 000,012,744 | R--- | C] (EnTech Taiwan) -- C:\Windows\SysNative\drivers\Entech64.sys
[2010.01.12 14:38:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Futuremark
[2010.01.12 14:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2010.01.12 14:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010.01.12 14:29:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010.01.08 12:56:02 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\Legend - Hand of God
[2010.01.07 22:00:25 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Application Data
[2010.01.07 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\ICQ
[2010.01.07 20:01:16 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\Prince of Persia
[2010.01.07 19:18:55 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\music
[2010.01.07 19:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crysis
[2010.01.06 19:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.01.06 19:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010.01.06 19:05:02 | 000,000,000 | ---D | C] -- C:\ATI
[2010.01.06 18:02:03 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Uniblue
[2010.01.05 21:19:57 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\THQ
[2010.01.05 20:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.01.05 20:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010.01.05 13:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaM - The Peasants Rebellion
[2010.01.05 11:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010.01.05 11:37:27 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.01.05 11:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.01.05 11:34:54 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.02.03 16:46:24 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz\Desktop\OTL.exe
[2010.02.03 16:44:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.03 16:44:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.03 16:44:02 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.03 16:12:58 | 001,835,008 | -HS- | M] () -- C:\Users\Moritz\ntuser.dat
[2010.02.03 16:12:55 | 005,090,402 | -H-- | M] () -- C:\Users\Moritz\AppData\Local\IconCache.db
[2010.02.03 16:08:27 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.03 16:08:27 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.03 16:06:37 | 000,001,889 | ---- | M] () -- C:\Users\Moritz\Desktop\CCleaner.lnk
[2010.02.03 15:25:50 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\ntuser.dat{b392771d-109f-11df-86be-001966f3466e}.TMContainer00000000000000000002.regtrans-ms
[2010.02.03 15:25:50 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\ntuser.dat{b392771d-109f-11df-86be-001966f3466e}.TMContainer00000000000000000001.regtrans-ms
[2010.02.03 15:25:50 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\ntuser.dat{b392771d-109f-11df-86be-001966f3466e}.TM.blf
[2010.02.03 15:20:33 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.02 21:22:52 | 000,000,036 | ---- | M] () -- C:\Users\Moritz\AppData\Local\housecall.guid.cache
[2010.02.02 21:22:47 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Users\Moritz\Desktop\HousecallLauncher.exe
[2010.02.02 15:48:45 | 000,002,097 | ---- | M] () -- C:\Users\Moritz\Desktop\HijackThis.lnk
[2010.02.02 15:48:18 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Moritz\Desktop\HijackThisInstaller.exe
[2010.02.01 12:33:45 | 000,002,208 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2010.01.31 01:03:12 | 004,954,112 | ---- | M] () -- C:\Users\Moritz\Desktop\MANNY MARC - PARTY TOUR (OFFICIAL VIDEO).mp3
[2010.01.31 00:58:46 | 000,010,187 | ---- | M] () -- C:\Users\Moritz\Desktop\6-3cf053dc5da3fa96.jpg
[2010.01.29 13:26:31 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.01.29 13:26:31 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.01.28 17:33:35 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.01.28 17:33:35 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.01.28 17:33:35 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.01.28 17:33:35 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.01.28 17:33:35 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.01.27 13:19:45 | 016,575,341 | ---- | M] () -- C:\Users\Moritz\Desktop\House X Baby (Stylefiler Remix).mp4
[2010.01.25 13:33:17 | 000,002,017 | ---- | M] () -- C:\Users\Moritz\Desktop\Runes of Magic.lnk
[2010.01.23 23:11:25 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.01.23 21:23:11 | 000,001,212 | ---- | M] () -- C:\Users\Moritz\Desktop\UT2004 - Verknüpfung.lnk
[2010.01.23 21:22:29 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.01.22 20:02:43 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk
[2010.01.22 19:45:36 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010.01.22 18:34:43 | 000,194,459 | ---- | M] () -- C:\Users\Moritz\Desktop\vlcsnap-2010-01-22-18h34m43s64.png
[2010.01.22 17:36:30 | 039,269,518 | ---- | M] () -- C:\Users\Moritz\Desktop\TOTALE ZERSTÖRUNG.mp4
[2010.01.22 13:48:33 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.01.22 13:44:03 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.01.20 14:06:45 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2010.01.18 18:29:29 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\SysWow64\lgfwunis.exe
[2010.01.17 12:07:52 | 000,001,478 | ---- | M] () -- C:\Users\Moritz\Desktop\Borderlands.lnk
[2010.01.17 10:57:32 | 000,002,269 | ---- | M] () -- C:\Users\Public\Desktop\Play Rise of the Argonauts.lnk
[2010.01.17 00:44:23 | 000,003,536 | ---- | M] () -- C:\bootsqm.dat
[2010.01.13 19:27:44 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.01.13 19:27:44 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.01.13 19:27:44 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.01.13 19:27:44 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.01.11 08:44:17 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.01.11 08:12:38 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.01.07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.01.07 16:07:06 | 000,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.01.05 20:36:11 | 000,002,525 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.01.05 13:22:25 | 000,087,400 | ---- | M] () -- C:\Users\Moritz\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.01.05 13:14:18 | 000,363,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.01.05 12:32:17 | 000,017,038 | ---- | M] () -- C:\Users\Moritz\Documents\einbbei.rtf
[2010.01.05 11:38:20 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.01.05 11:38:03 | 000,000,499 | ---- | M] () -- C:\Windows\win.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.03 16:06:37 | 000,001,889 | ---- | C] () -- C:\Users\Moritz\Desktop\CCleaner.lnk
[2010.02.03 15:20:33 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.03 11:03:28 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\ntuser.dat{b392771d-109f-11df-86be-001966f3466e}.TMContainer00000000000000000002.regtrans-ms
[2010.02.03 11:03:28 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\ntuser.dat{b392771d-109f-11df-86be-001966f3466e}.TMContainer00000000000000000001.regtrans-ms
[2010.02.03 11:03:28 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\ntuser.dat{b392771d-109f-11df-86be-001966f3466e}.TM.blf
[2010.02.02 21:22:52 | 000,000,036 | ---- | C] () -- C:\Users\Moritz\AppData\Local\housecall.guid.cache
[2010.02.02 15:48:45 | 000,002,097 | ---- | C] () -- C:\Users\Moritz\Desktop\HijackThis.lnk
[2010.02.01 12:33:45 | 000,002,208 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2010.01.31 01:03:03 | 004,954,112 | ---- | C] () -- C:\Users\Moritz\Desktop\MANNY MARC - PARTY TOUR (OFFICIAL VIDEO).mp3
[2010.01.31 00:58:46 | 000,010,187 | ---- | C] () -- C:\Users\Moritz\Desktop\6-3cf053dc5da3fa96.jpg
[2010.01.27 13:13:11 | 016,575,341 | ---- | C] () -- C:\Users\Moritz\Desktop\House X Baby (Stylefiler Remix).mp4
[2010.01.25 13:33:17 | 000,002,017 | ---- | C] () -- C:\Users\Moritz\Desktop\Runes of Magic.lnk
[2010.01.22 20:02:43 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk
[2010.01.22 19:45:36 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010.01.22 18:34:43 | 000,194,459 | ---- | C] () -- C:\Users\Moritz\Desktop\vlcsnap-2010-01-22-18h34m43s64.png
[2010.01.22 17:35:37 | 039,269,518 | ---- | C] () -- C:\Users\Moritz\Desktop\TOTALE ZERSTÖRUNG.mp4
[2010.01.22 13:48:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.22 13:44:03 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.01.22 13:07:19 | 000,001,212 | ---- | C] () -- C:\Users\Moritz\Desktop\UT2004 - Verknüpfung.lnk
[2010.01.18 18:27:24 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010.01.18 18:13:10 | 000,033,820 | ---- | C] () -- C:\Windows\WMPrfDEU.prx
[2010.01.17 12:02:45 | 000,001,478 | ---- | C] () -- C:\Users\Moritz\Desktop\Borderlands.lnk
[2010.01.17 10:57:32 | 000,002,269 | ---- | C] () -- C:\Users\Public\Desktop\Play Rise of the Argonauts.lnk
[2010.01.17 00:44:23 | 000,003,536 | ---- | C] () -- C:\bootsqm.dat
[2010.01.13 20:36:37 | 000,215,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.01.05 20:36:11 | 000,002,525 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.01.05 12:32:17 | 000,017,038 | ---- | C] () -- C:\Users\Moritz\Documents\einbbei.rtf
[2010.01.05 11:38:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.29 18:46:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.12.29 18:44:55 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.12.28 20:47:39 | 000,001,019 | ---- | C] () -- C:\Windows\disney.ini
[2009.12.28 20:28:14 | 000,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrv09.dll
[2009.12.24 13:51:44 | 000,003,003 | ---- | C] () -- C:\Users\Moritz\AppData\Roaming\PStrip.ini
[2009.12.18 14:08:43 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.12.18 14:08:43 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.12.17 19:15:58 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2009.12.16 15:58:45 | 000,007,601 | ---- | C] () -- C:\Users\Moritz\AppData\Local\Resmon.ResmonCfg
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
< End of report >

Alt 05.02.2010, 07:49   #10
Niki85
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Hallo Moritz und Cosinus,

ich hab e mein Problem auch noch nicht gelöst - Cosinus, könntest Du bitte mal in mein Logfile hineinschauen??? Ich bin echt ratlos. Vielen DANK!!!!!!!!!!!!!!!!!

Alt 05.02.2010, 12:00   #11
Moritz93
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



ok ich weiß wie man ihn wegmacht du musst dir diesen komischen malware entferner denn er hier im gespräch gepostet hat besorgen und ihn mal durchlaufen lassen dan ist es weg

Alt 05.02.2010, 14:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explore geht immer auf - Standard

Internet Explore geht immer auf



Ich seh da leider so keine Anhaltspunkte
Mach mal bitte => http://www.trojaner-board.de/54192-a...tellungen.html

Nach dem Scan wieder alles auf Standard stellen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Internet Explore geht immer auf
adobe, antivir, antivir guard, avg, avira, bho, desktop, dll, excel, exe, explorer, firefox, gservice, helper, hijackthis, icq, internet, internet explorer, local\temp, lsass.exe, microsoft, mozilla, pdf, rundll, software, sshnas21.dll, syswow64, temp, windows, wireless lan



Ähnliche Themen: Internet Explore geht immer auf


  1. lollipop geht nicht zu deinstallieren und mein pc geht neuerdings immer aus, der akku ist dann auf 0%
    Plagegeister aller Art und deren Bekämpfung - 24.02.2014 (1)
  2. Internet verbindung geht immer weg
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (13)
  3. Problem! Kabel-Internet geht nicht, WLAN geht!
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (1)
  4. IE öffnet immer wieder werbefenster sowie geht immer wieder der ton aus
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (2)
  5. Inet explore leüft im hintergrund
    Plagegeister aller Art und deren Bekämpfung - 03.04.2010 (2)
  6. Ist mein PC verseucht ? Internet geht immer aus ;[
    Log-Analyse und Auswertung - 19.01.2010 (1)
  7. Internet geht immer aus
    Log-Analyse und Auswertung - 18.01.2010 (2)
  8. Firefox, opera, internet explorer geht nicht, aber ICQ geht
    Netzwerk und Hardware - 05.08.2009 (9)
  9. i explore.exe - Fehler in Anwendung
    Plagegeister aller Art und deren Bekämpfung - 27.03.2009 (1)
  10. FireFox und I-Net Explore öffnen sich ständig
    Log-Analyse und Auswertung - 30.01.2009 (6)
  11. mein Internet geht immer langsamer! Was kann ich tun?
    Mülltonne - 18.12.2008 (0)
  12. internet geht zäh, internet windows explorer spinnt
    Log-Analyse und Auswertung - 20.11.2008 (20)
  13. Internet geht auf einem PC nicht mehr, Laptop (am gleichen Router angeschlossen) geht
    Plagegeister aller Art und deren Bekämpfung - 04.12.2007 (0)
  14. Internet geht mal und mal geht es nicht
    Log-Analyse und Auswertung - 24.08.2007 (3)
  15. Firewall geht nicht und Internet geht nur manchmal
    Log-Analyse und Auswertung - 29.07.2007 (6)
  16. Internet geht immer aus! wurm?
    Plagegeister aller Art und deren Bekämpfung - 20.03.2006 (9)
  17. explore.exe
    Plagegeister aller Art und deren Bekämpfung - 14.04.2004 (2)

Zum Thema Internet Explore geht immer auf - Wie gesagt der Internet explorer geht immer auf und seit neusten habe ich eine exe laufen die kk1 heist hat das was zu bedeuten??? Hier auch Hijackers Logfile of Trend - Internet Explore geht immer auf...
Archiv
Du betrachtest: Internet Explore geht immer auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.