Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.04.2010, 11:41   #1
tommyhenkel
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Hallo zusammen.
Ich hab mir wohl gestern abend irgendwie den Antimalware Doctor eingefangen und versucht ihn nach dieser Anleitung hier aus dem Board:
http://www.trojaner-board.de/83172-a...entfernen.html zu entfernen.

Hab MBAM bestimmt 2-3x laufen lassen und er hat immer wieder was gefunden.

Das is die MBAM Log vom 1. Mal:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
w*w.malwarebytes.org

Datenbank Version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

08.04.2010 22:00:34
mbam-log-2010-04-08 (22-00-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 271664
Laufzeit: 47 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 1
Infizierte Dateien: 13

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\System32\nmklo.dll (Worm.MarioFev) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SlysBitch (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windefence32 (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Windows\System32\WinDefence (Bifrose.Trace) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\User\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\nmklo.dll (Worm.MarioFev) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\cooper.mine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
         
2. Mal: (Quick Scan)
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
w*w.malwarebytes.org

Datenbank Version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

08.04.2010 22:20:59
mbam-log-2010-04-08 (22-20-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 115452
Laufzeit: 3 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\User\AppData\Local\Temp\Bsr.exe (Trojan.FakeAlert) -> Delete on reboot.
         
3. Mal
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
w*w.malwarebytes.org

Datenbank Version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

08.04.2010 23:20:32
mbam-log-2010-04-08 (23-20-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|M:\|)
Durchsuchte Objekte: 271802
Laufzeit: 46 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
4. Mal:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
w*w.malwarebytes.org

Datenbank Version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

09.04.2010 10:47:06
mbam-log-2010-04-09 (10-47-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 271655
Laufzeit: 45 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Jetzt scheint zwar das gröbste weg zu sein aber in der Hijack Log finden sich immernoch n paar dubiose Sachen. Insbesondere "O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - (no file)" kommt mir komisch vor.

Meine aktuelle HijackThis Log:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:36, on 09.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Fabian\Anwendungen\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "D:\Fabian\Spiele\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Rainmeter.exe - Verknüpfung.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: nmklo
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - D:\Fabian\Anwendungen\Hamachi2.0\hamachi-2.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8237 bytes
         
und meine RSIT info:
Code:
ATTFilter
info.txt logfile of random's system information tool 1.06 2010-04-09 11:24:11

======Uninstall list======

-->C:\Program Files (x86)\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{54194F60-988C-4D03-B922-C2B00EFDA39A}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\25db75244653b42cb93dc27939d1c0e\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 9.3.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Setup-->MsiExec.exe /I{7D386596-0E80-4808-8AAE-C1DDA8212F7F}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
ANNO 1404 - Venedig-->"C:\Program Files (x86)\InstallShield Installation Information\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1404-->"C:\Program Files (x86)\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly
Any DVD Converter Professional 3.7.1-->"D:\Fabian\Anwendungen\AnyDVD Converter Professional\unins000.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVI/MPEG/RM/WMV Splitter 4.28-->"D:\Fabian\Anwendungen\VirtualDub\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe
EVEREST Ultimate Edition v5.30-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
Free YouTube to iPod Converter version 3.2-->"D:\Fabian\Anwendungen\Free YouTube to iPod Converter\unins000.exe"
FUSSBALL MANAGER 10 DEMO-->D:\Fabian\Spiele\FM10\eauninstall.exe
FUSSBALL MANAGER 10-->D:\Fabian\Spiele\FM10\eauninstall.exe
Haali Media Splitter-->"D:\Fabian\Anwendungen\PopCorn MKV AudioConverter\MatroskaSplitter\uninstall.exe"
Hattrick Organizer (remove only)-->D:\Fabian\Anwendungen\Hattrick Organizer\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files (x86)\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
KoolPlaya-->D:\Fabian\Zip und Setups\Koolplaya.exe /uninstall
LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.3)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files (x86)\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0007 -removeonly
Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX-->MsiExec.exe /X{54194F60-988C-4D03-B922-C2B00EFDA39A}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
PixiePack Codec Pack-->MsiExec.exe /I{9C450606-ED24-4958-92BA-B8940C99D441}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Rainmeter (remove only)-->"C:\Program Files\Rainmeter\uninst.exe"
Rapture3D 2.3.22 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
RayV-->C:\Program Files (x86)\RayV\RayV\uninstall.exe
Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"
SimpleSYN 2.0-->MsiExec.exe /X{1F7C6BBA-4C5B-46C1-A20B-4EA961057B89}
SopCast 3.2.4-->D:\Fabian\Anwendungen\SopCast\uninst.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 1.0.2-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Xvid 1.2.2 final uninstall-->"D:\Fabian\Anwendungen\XviD\unins001.exe"

=====HijackThis Backups=====

O4 - HKCU\..\Policies\Explorer\Run: [WinDefence] C:\Windows\system32\WinDefence\windefence32.exe [2010-04-08]
O4 - HKLM\..\Policies\Explorer\Run: [WinDefence] C:\Windows\system32\WinDefence\windefence32.exe [2010-04-08]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  [2010-04-09]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2010-04-09]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.10.34.21:3128 [2010-04-09]
O2 - BHO: (no name) - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - (no file) [2010-04-09]

======Security center information======

AV: AntiVir Desktop
AS: AntiVir Desktop
AS: Windows-Defender

======System event log======

Computer Name: PC6
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.
Record Number: 68807
Source Name: disk
Time Written: 20091224004752.424007-000
Event Type: Warnung
User: 

Computer Name: PC6
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.
Record Number: 68806
Source Name: disk
Time Written: 20091224004752.424007-000
Event Type: Warnung
User: 

Computer Name: PC6
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.
Record Number: 68805
Source Name: disk
Time Written: 20091224004752.424007-000
Event Type: Warnung
User: 

Computer Name: PC6
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.
Record Number: 68804
Source Name: disk
Time Written: 20091224004752.424007-000
Event Type: Warnung
User: 

Computer Name: PC6
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.
Record Number: 68803
Source Name: disk
Time Written: 20091224004752.424007-000
Event Type: Warnung
User: 

=====Application event log=====

Computer Name: LH-GWB0OXBYBV49
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 5
Source Name: Microsoft-Windows-EventSystem
Time Written: 20091013163000.000000-000
Event Type: Informationen
User: 

Computer Name: LH-GWB0OXBYBV49
Event Code: 900
Message: Der Softwarelizenzierungsdienst wird gestartet.

Record Number: 4
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20091013163000.000000-000
Event Type: Informationen
User: 

Computer Name: LH-GWB0OXBYBV49
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  


Record Number: 3
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091013163000.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: 26L2233A1-13
Event Code: 2
Message: Der Zertifikatdiensteclient wurde angehalten.
Record Number: 2
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20061102160003.208200-000
Event Type: Informationen
User: 

Computer Name: 26L2233A1-13
Event Code: 2
Message: Der Zertifikatdiensteclient wurde angehalten.
Record Number: 1
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20061102160003.145800-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: 26L2233A1-13
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

	Anzahl von Elementen:	0
	Richtlinienkennung:	0x7fbd8
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091013162939.065290-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 26L2233A1-13
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-0-0
	Kontoname:		-
	Kontodomäne:		-
	Anmelde-ID:		0x0

Anmeldetyp:			0

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x4
	Prozessname:		

Netzwerkinformationen:
	Arbeitsstationsname:	-
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		-
	Authentifizierungspaket:	-
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091013162937.723682-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 26L2233A1-13
Event Code: 4608
Message: Windows wird gestartet.

Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091013162937.723682-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 26L2233A1-13
Event Code: 4647
Message: Benutzerinitiierte Abmeldung:

Antragsteller:
	Sicherheits-ID:		S-1-5-21-3991871189-2232181320-2112149827-500
	Kontoname:		Administrator
	Kontodomäne:		26L2233A1-13
	Anmelde-ID:		0x92456

Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102160004.159800-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 26L2233A1-13
Event Code: 4634
Message: Ein Konto wurde abgemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-7
	Kontoname:		ANONYMOUS LOGON
	Kontodomäne:		NT AUTHORITY
	Anmelde-ID:		0x1f471

Anmeldetyp:			3

Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102160003.192600-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
         
und RSIT log:
Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2010-04-09 11:24:09
Microsoft® Windows Vista™ Ultimate  Service Pack 2
System drive C: has 17 GB (23%) free of 76 GB
Total RAM: 4094 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:10, on 09.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\CCleaner\CCleaner.exe
M:\anti\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Fabian\Anwendungen\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "D:\Fabian\Spiele\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Rainmeter.exe - Verknüpfung.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: nmklo
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - D:\Fabian\Anwendungen\Hamachi2.0\hamachi-2.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8328 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{7EFB0A09-63F3-4369-A515-95410BC21F7D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=D:\Fabian\Anwendungen\iTunes\iTunesHelper.exe []
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-14 149280]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Fabian\Spiele\Steam2\Steam.exe -silent []
"ICQ"=D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe silent []
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
Rainmeter.exe - Verknüpfung.lnk - C:\Program Files (x86)\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="nmklo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{161918f6-c008-11de-9581-0019dbd107a2}]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32564761-f3c4-11de-8900-0019dbd107a2}]
shell\access\command - I:\.\sgportable\SGPortable.exe
shell\AutoRun\command - I:\.\sgportable\SGPortable.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e6fdaa5-c603-11de-b131-0019dbd107a2}]
shell\AutoRun\command - L:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66b312cc-ce0f-11de-9254-0019dbd107a2}]
shell\AutoRun\command - 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea521c2c-f762-11d4-98bc-0019dbd107a2}]
shell\AutoRun\command - Y:\Razor1911_Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7f59418-b8d6-11de-a99c-0019dbd107a2}]
shell\AutoRun\command - Z:\BSAutoRun.exe


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - "D:\Fabian\Anwendungen\Dreamweaver\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-04-09 11:24:09 ----D---- C:\rsit
2010-04-08 23:30:23 ----D---- C:\Program Files (x86)\CCleaner
2010-04-08 22:27:43 ----D---- C:\Windows\pss
2010-04-08 19:51:00 ----D---- C:\Program Files (x86)\Trend Micro
2010-04-08 19:31:11 ----A---- C:\mbam-error.txt
2010-04-08 18:49:55 ----A---- C:\Windows\system32\stu2.exe
2010-04-08 18:49:00 ----A---- C:\Windows\Blomoa.exe
2010-04-08 18:42:47 ----SHD---- C:\Config.Msi
2010-04-01 16:31:16 ----A---- C:\Windows\system32\mshtml.dll
2010-04-01 16:31:12 ----A---- C:\Windows\system32\iertutil.dll
2010-04-01 16:31:12 ----A---- C:\Windows\system32\ieframe.dll
2010-04-01 16:31:11 ----A---- C:\Windows\system32\wininet.dll
2010-04-01 16:31:11 ----A---- C:\Windows\system32\urlmon.dll
2010-04-01 16:31:11 ----A---- C:\Windows\system32\occache.dll
2010-04-01 16:31:11 ----A---- C:\Windows\system32\mstime.dll
2010-04-01 16:31:11 ----A---- C:\Windows\system32\msfeeds.dll
2010-04-01 16:31:11 ----A---- C:\Windows\system32\iedkcs32.dll
2010-04-01 16:31:10 ----A---- C:\Windows\system32\msfeedssync.exe
2010-04-01 16:31:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-04-01 16:31:10 ----A---- C:\Windows\system32\jsproxy.dll
2010-04-01 16:31:10 ----A---- C:\Windows\system32\ieUnatt.exe
2010-04-01 16:31:10 ----A---- C:\Windows\system32\ieui.dll
2010-04-01 16:31:10 ----A---- C:\Windows\system32\iesysprep.dll
2010-04-01 16:31:10 ----A---- C:\Windows\system32\iesetup.dll
2010-04-01 16:31:10 ----A---- C:\Windows\system32\iernonce.dll
2010-04-01 16:31:10 ----A---- C:\Windows\system32\iepeers.dll
2010-04-01 16:31:10 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-28 17:33:10 ----D---- C:\Users\User\AppData\Roaming\NVIDIA
2010-03-28 17:24:54 ----D---- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2010-03-28 17:18:15 ----A---- C:\Windows\system32\OpenCL.dll
2010-03-28 17:18:15 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-03-28 17:18:14 ----A---- C:\Windows\system32\nvoglv32.dll
2010-03-28 17:18:12 ----A---- C:\Windows\system32\nvcuvid.dll
2010-03-28 17:18:12 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-03-28 17:18:10 ----A---- C:\Windows\system32\nvcuda.dll
2010-03-28 17:18:10 ----A---- C:\Windows\system32\nvcompiler.dll
2010-03-28 17:09:10 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-03-28 17:09:10 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-03-28 17:09:10 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-03-28 17:09:10 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-03-28 14:41:58 ----A---- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2010-03-28 14:35:32 ----D---- C:\Program Files (x86)\SimpleSYN 2.0
2010-03-27 12:48:13 ----D---- C:\Users\User\AppData\Roaming\Dropbox
2010-03-13 14:09:54 ----D---- C:\ProgramData\Solidshield
2010-03-13 14:07:02 ----D---- C:\Users\User\AppData\Roaming\Ubisoft
2010-03-12 20:58:26 ----D---- C:\Users\User\AppData\Roaming\Tropico 3
2010-03-11 21:49:14 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 21:49:13 ----A---- C:\Windows\system32\httpapi.dll

======List of files/folders modified in the last 1 months======

2010-04-09 11:24:09 ----D---- C:\Windows\Temp
2010-04-09 11:12:07 ----D---- C:\Windows\System32
2010-04-09 11:00:08 ----D---- C:\ProgramData\NVIDIA
2010-04-09 10:52:35 ----D---- C:\Windows\Minidump
2010-04-09 10:52:35 ----D---- C:\Windows\Debug
2010-04-09 10:52:35 ----D---- C:\Windows
2010-04-08 23:49:33 ----SHD---- C:\System Volume Information
2010-04-08 23:30:23 ----RD---- C:\Program Files (x86)
2010-04-08 22:14:43 ----D---- C:\Windows\Tasks
2010-04-08 22:02:12 ----D---- C:\Windows\SysWOW64
2010-04-08 20:06:39 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-04-08 20:06:36 ----D---- C:\Windows\system32\drivers
2010-04-08 18:48:51 ----D---- C:\Windows\Prefetch
2010-04-08 18:43:21 ----SHD---- C:\Windows\Installer
2010-04-08 18:42:58 ----D---- C:\ProgramData\Adobe
2010-04-08 18:42:58 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-04-08 18:42:56 ----D---- C:\Program Files (x86)\Adobe
2010-04-05 16:05:10 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2010-04-05 16:04:58 ----D---- C:\Users\User\AppData\Roaming\vlc
2010-04-03 11:57:39 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-04-02 11:50:28 ----D---- C:\Windows\system32\migration
2010-04-02 11:50:28 ----D---- C:\Program Files (x86)\Internet Explorer
2010-04-01 23:01:44 ----D---- C:\Windows\winsxs
2010-03-28 17:25:48 ----D---- C:\Windows\inf
2010-03-28 17:24:33 ----RD---- C:\Program Files
2010-03-28 17:08:45 ----RSD---- C:\Windows\assembly
2010-03-28 17:01:58 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-03-28 17:01:57 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-03-28 16:27:37 ----D---- C:\Windows\Microsoft.NET
2010-03-28 15:48:55 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2010-03-28 14:41:58 ----HD---- C:\ProgramData
2010-03-28 13:32:32 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-03-28 13:32:31 ----D---- C:\ProgramData\Media Center Programs
2010-03-27 16:57:53 ----A---- C:\Windows\NeroDigital.ini
2010-03-26 00:40:36 ----D---- C:\Users\User\AppData\Roaming\ICQ
2010-03-24 08:23:12 ----D---- C:\Users\User\AppData\Roaming\Any DVD Converter Professional
2010-03-16 08:51:59 ----A---- C:\Windows\system32\nvd3dum.dll
2010-03-16 08:51:59 ----A---- C:\Windows\system32\nvapi.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
S1 zhrroheo7;zhrroheo7; C:\Windows\system32\drivers\zhrroheo7.sys []
S3 as74nweh;as74nweh; C:\Windows\system32\drivers\as74nweh.sys []
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Fabian\Anwendungen\Hamachi2.0\hamachi-2.exe -s []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29 89920]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-22 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 660256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-09-05 316664]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

-----------------EOF-----------------
         
Den cccleaner hab ich natürlich auch bereits ausgeführt.

Ich hoffe irgendwer kann mal drüber gucken und schauen obs System noch infiziert ist. Vielen Dank schonmal .

Alt 09.04.2010, 14:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Hallo und

Zitat:
Datenbank Version: 3930
Du musst Malwarebytes aktualisieren und einen weiteren Vollscan machen. Wie sind bei DB Version 3970!
__________________

__________________

Alt 09.04.2010, 16:06   #3
tommyhenkel
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Ok hier die Ergebnisse von MBAM aktualisiert:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3972

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

09.04.2010 15:51:44
mbam-log-2010-04-09 (15-51-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 257375
Laufzeit: 42 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
HijackThis Log:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:26, on 09.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Fabian\Anwendungen\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "D:\Fabian\Spiele\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Rainmeter.exe - Verknüpfung.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: nmklo
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - D:\Fabian\Anwendungen\Hamachi2.0\hamachi-2.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8074 bytes
         
__________________

Alt 09.04.2010, 16:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Mach bitte noch Logs mit OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.04.2010, 16:59   #5
tommyhenkel
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Code:
ATTFilter
OTL logfile created on: 09.04.2010 16:47:12 - Run 1
OTL by OldTimer - Version 3.2.1.1     Folder = C:\Users\User\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,84 Gb Total Space | 16,97 Gb Free Space | 22,99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC6
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV - (CSC) -- C:\Windows\CSC [2009.10.13 18:30:00 | 000,000,000 | ---D | M]
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B C1 F3 24 78 D3 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.1.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.03 11:57:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.08 18:42:58 | 000,000,000 | ---D | M]
 
[2009.10.13 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010.04.08 18:54:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions
[2009.10.20 20:44:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.05 10:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2009.11.02 22:38:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.11.28 18:30:35 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.01.31 16:59:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\personas@christopher.beard
[2010.04.08 18:54:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2008.12.19 01:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npstrlnk.dll
[2010.01.31 16:52:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.31 16:52:45 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.31 16:52:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.31 16:52:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.31 16:52:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Fabian\Anwendungen\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKCU..\Run: [ICQ] D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] D:\Fabian\Spiele\Steam2\Steam.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.exe - Verknüpfung.lnk = C:\Program Files (x86)\Rainmeter\Rainmeter.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (nmklo) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{161918f6-c008-11de-9581-0019dbd107a2}\Shell - "" = AutoRun
O33 - MountPoints2\{161918f6-c008-11de-9581-0019dbd107a2}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{32564761-f3c4-11de-8900-0019dbd107a2}\Shell\access\command - "" = I:\.\sgportable\SGPortable.exe -- File not found
O33 - MountPoints2\{32564761-f3c4-11de-8900-0019dbd107a2}\Shell\AutoRun\command - "" = I:\.\sgportable\SGPortable.exe -- File not found
O33 - MountPoints2\{4e6fdaa5-c603-11de-b131-0019dbd107a2}\Shell - "" = AutoRun
O33 - MountPoints2\{4e6fdaa5-c603-11de-b131-0019dbd107a2}\Shell\AutoRun\command - "" = L:\SETUP.EXE -- File not found
O33 - MountPoints2\{66b312cc-ce0f-11de-9254-0019dbd107a2}\Shell - "" = AutoRun
O33 - MountPoints2\{66b312cc-ce0f-11de-9254-0019dbd107a2}\Shell\AutoRun\command - "" = 1
O33 - MountPoints2\{ea521c2c-f762-11d4-98bc-0019dbd107a2}\Shell - "" = AutoRun
O33 - MountPoints2\{ea521c2c-f762-11d4-98bc-0019dbd107a2}\Shell\AutoRun\command - "" = Y:\Razor1911_Installer.exe -- File not found
O33 - MountPoints2\{f7f59418-b8d6-11de-a99c-0019dbd107a2}\Shell - "" = AutoRun
O33 - MountPoints2\{f7f59418-b8d6-11de-a99c-0019dbd107a2}\Shell\AutoRun\command - "" = Z:\BSAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.09 16:46:26 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.04.09 11:24:09 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.08 23:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.04.08 22:27:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.04.08 19:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.04.08 18:49:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\stu2.exe
[2010.04.08 18:42:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.01 16:31:11 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.04.01 16:31:11 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.04.01 16:31:11 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.04.01 16:31:11 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.04.01 16:31:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.04.01 16:31:11 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.04.01 16:31:11 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.04.01 16:31:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.04.01 16:31:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.04.01 16:31:11 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.04.01 16:31:10 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.04.01 16:31:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.04.01 16:31:10 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.04.01 16:31:10 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.04.01 16:31:10 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.04.01 16:31:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.04.01 16:31:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.04.01 16:31:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.04.01 16:31:10 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.04.01 16:31:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.04.01 16:31:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.04.01 16:31:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.04.01 16:31:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.04.01 16:31:10 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.04.01 16:31:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.04.01 16:31:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.04.01 16:31:10 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.04.01 16:31:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.04.01 16:31:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.04.01 16:31:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.04.01 16:31:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.04.01 16:31:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.04.01 16:31:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.03.28 17:34:21 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\4A Games
[2010.03.28 17:33:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA
[2010.03.28 17:24:54 | 000,000,000 | ---D | C] -- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
[2010.03.28 17:24:33 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.03.28 17:18:15 | 006,279,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010.03.28 17:18:15 | 004,503,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.03.28 17:18:15 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.03.28 17:18:15 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.03.28 17:18:15 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.03.28 17:18:14 | 021,005,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.03.28 17:18:14 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.03.28 17:18:12 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.03.28 17:18:12 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.03.28 17:18:12 | 002,106,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.03.28 17:18:12 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.03.28 17:18:10 | 016,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.03.28 17:18:10 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.03.28 17:18:10 | 005,444,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.03.28 17:18:10 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.03.28 17:18:10 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll
[2010.03.28 17:18:10 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.03.28 17:13:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\4A Games
[2010.03.28 17:09:10 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.03.28 17:09:10 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.03.28 17:09:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.03.28 17:09:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.03.28 17:09:10 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.03.28 17:09:10 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.03.28 17:09:10 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.03.28 17:09:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.03.28 14:58:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010.03.28 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SimpleSYN
[2010.03.28 14:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimpleSYN 2.0
[2010.03.28 14:33:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\dotnetfx3530729.01
[2010.03.27 12:48:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2010.03.24 23:30:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.03.16 02:53:00 | 014,828,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010.03.16 02:53:00 | 001,515,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010.03.16 02:53:00 | 001,067,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010.03.16 02:53:00 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010.03.13 14:41:57 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ANNO 1404 Venedig
[2010.03.13 14:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2010.03.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ubisoft
[2010.03.12 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Tropico 3
[2010.03.11 21:49:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010.03.11 21:49:14 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010.03.11 21:49:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010.03.11 21:49:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.09 16:46:44 | 002,621,440 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
[2010.04.09 16:46:30 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.04.09 16:46:01 | 005,418,888 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.09 16:46:01 | 002,046,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.09 16:46:01 | 001,656,662 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.09 16:46:01 | 001,498,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.09 16:46:01 | 000,005,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.09 16:44:47 | 000,052,597 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.04.09 16:44:47 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.04.09 15:54:01 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.09 15:54:01 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.09 15:53:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.09 15:53:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.09 15:53:49 | 4294,230,016 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.09 15:52:54 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010.04.09 15:52:54 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010.04.09 15:52:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.04.09 15:52:14 | 003,849,037 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010.04.09 11:18:01 | 000,942,890 | ---- | M] () -- C:\Users\User\Documents\cc_20100409_111747.reg
[2010.04.09 10:54:06 | 000,000,082 | ---- | M] () -- C:\Users\User\Documents\cc_20100409_105405.reg
[2010.04.08 23:31:58 | 000,019,520 | ---- | M] () -- C:\Users\User\Documents\cc_20100408_233142.reg
[2010.04.08 19:51:00 | 000,001,934 | ---- | M] () -- C:\Users\User\Desktop\HijackThis.lnk
[2010.04.08 18:50:02 | 000,065,024 | ---- | M] () -- C:\Windows\SysWow64\bb52fkri.few
[2010.04.08 18:50:02 | 000,032,768 | ---- | M] () -- C:\Windows\SysWow64\23rh46g.4e
[2010.04.08 18:48:57 | 000,183,808 | ---- | M] () -- C:\Windows\Blomoa.exe
[2010.04.08 18:43:15 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.08 18:11:09 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EFB0A09-63F3-4369-A515-95410BC21F7D}.job
[2010.04.05 12:44:14 | 000,129,024 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.28 14:41:58 | 000,000,129 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.03.27 16:57:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.03.27 12:50:13 | 000,000,920 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.03.16 08:51:59 | 021,005,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.03.16 08:51:59 | 016,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.03.16 08:51:59 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.03.16 08:51:59 | 011,906,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.03.16 08:51:59 | 011,647,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.03.16 08:51:59 | 009,386,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.03.16 08:51:59 | 006,279,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010.03.16 08:51:59 | 005,444,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.03.16 08:51:59 | 004,503,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.03.16 08:51:59 | 004,029,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.03.16 08:51:59 | 002,893,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.03.16 08:51:59 | 002,646,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.03.16 08:51:59 | 002,106,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.03.16 08:51:59 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.03.16 08:51:59 | 001,592,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010.03.16 08:51:59 | 001,296,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.03.16 08:51:59 | 000,657,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvudisp.exe
[2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll
[2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.03.16 08:51:59 | 000,064,616 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.03.16 08:51:59 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.03.16 08:51:59 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.03.16 08:51:59 | 000,009,832 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010.03.16 02:53:00 | 014,828,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010.03.16 02:53:00 | 001,515,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010.03.16 02:53:00 | 001,067,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010.03.16 02:53:00 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010.03.16 02:52:54 | 000,276,196 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml
[2010.03.16 02:52:54 | 000,066,714 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml
[2010.03.13 14:00:48 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.03.13 14:00:47 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.03.12 11:26:42 | 000,657,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.04.09 11:17:48 | 000,942,890 | ---- | C] () -- C:\Users\User\Documents\cc_20100409_111747.reg
[2010.04.09 10:54:06 | 000,000,082 | ---- | C] () -- C:\Users\User\Documents\cc_20100409_105405.reg
[2010.04.08 23:31:45 | 000,019,520 | ---- | C] () -- C:\Users\User\Documents\cc_20100408_233142.reg
[2010.04.08 19:51:00 | 000,001,934 | ---- | C] () -- C:\Users\User\Desktop\HijackThis.lnk
[2010.04.08 18:50:02 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\bb52fkri.few
[2010.04.08 18:50:02 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\23rh46g.4e
[2010.04.08 18:49:00 | 000,183,808 | ---- | C] () -- C:\Windows\Blomoa.exe
[2010.04.08 18:42:58 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.03.28 17:18:15 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010.03.28 14:55:06 | 002,164,452 | ---- | C] () -- C:\Users\User\AppData\Local\dd_NET_Framework35_x64_MSI23C7.txt
[2010.03.28 14:41:58 | 000,000,129 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.03.28 14:34:40 | 000,000,002 | ---- | C] () -- C:\Users\User\AppData\Local\dd_dotnetfx35error_lp.txt
[2010.03.28 14:34:39 | 000,077,966 | ---- | C] () -- C:\Users\User\AppData\Local\dd_dotnetfx35install_lp.txt
[2010.03.28 14:34:06 | 002,164,708 | ---- | C] () -- C:\Users\User\AppData\Local\dd_NET_Framework35_x64_MSI13B5.txt
[2010.03.28 14:32:57 | 000,517,046 | ---- | C] () -- C:\Users\User\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2010.03.28 14:32:43 | 000,886,730 | ---- | C] () -- C:\Users\User\AppData\Local\dd_dotnetfx35install.txt
[2010.03.28 14:32:43 | 000,012,652 | ---- | C] () -- C:\Users\User\AppData\Local\uxeventlog.txt
[2010.03.28 14:32:43 | 000,000,002 | ---- | C] () -- C:\Users\User\AppData\Local\dd_dotnetfx35error.txt
[2010.03.27 12:50:13 | 000,000,920 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.03.16 02:52:54 | 000,276,196 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml
[2010.03.16 02:52:54 | 000,066,714 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml
[2010.03.13 14:00:48 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.03.13 14:00:47 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.01.31 18:35:18 | 000,349,852 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI34DE.txt
[2010.01.31 18:35:18 | 000,013,506 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI34DE.txt
[2010.01.31 18:13:52 | 000,348,760 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI2476.txt
[2010.01.31 18:13:52 | 000,012,442 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI2476.txt
[2010.01.31 17:54:08 | 000,348,098 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI155C.txt
[2010.01.31 17:54:08 | 000,011,162 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI155C.txt
[2010.01.31 17:46:43 | 000,348,098 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI0FAE.txt
[2010.01.31 17:46:43 | 000,011,162 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI0FAE.txt
[2010.01.27 21:30:58 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2010.01.25 22:18:47 | 000,432,228 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI0B17.txt
[2010.01.25 22:18:45 | 000,011,434 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI0B17.txt
[2009.12.23 18:23:01 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.23 14:45:58 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.23 14:45:45 | 000,001,024 | ---- | C] () -- C:\Users\User\.rnd
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.31 15:34:00 | 001,448,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.22 18:32:06 | 000,000,186 | ---- | C] () -- C:\Windows\aimpr.ini
[2009.10.22 18:20:37 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009.10.22 13:55:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.22 13:55:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.10.16 17:11:22 | 000,000,040 | ---- | C] () -- C:\Users\User\ho.dir
[2009.10.15 16:30:08 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.10.15 16:30:08 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.10.13 21:46:58 | 000,129,024 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.13 20:22:18 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.10.13 19:45:49 | 000,000,142 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2009.10.13 19:44:36 | 000,052,597 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.10.13 19:44:36 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.10.13 18:48:58 | 000,000,732 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps64.dat
[2009.10.13 18:47:05 | 002,621,440 | -HS- | C] () -- C:\Users\User\NTUSER.DAT
[2009.10.13 18:47:05 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms
[2009.10.13 18:47:05 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2009.10.13 18:47:05 | 000,262,144 | -H-- | C] () -- C:\Users\User\ntuser.dat.LOG1
[2009.10.13 18:47:05 | 000,065,536 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2009.10.13 18:47:05 | 000,000,020 | -HS- | C] () -- C:\Users\User\ntuser.ini
[2009.10.13 18:47:05 | 000,000,000 | -H-- | C] () -- C:\Users\User\ntuser.dat.LOG2
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
         


Code:
ATTFilter
OTL Extras logfile created on: 09.04.2010 16:47:12 - Run 1
OTL by OldTimer - Version 3.2.1.1     Folder = C:\Users\User\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,84 Gb Total Space | 16,97 Gb Free Space | 22,99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC6
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 66 17 E6 E0 36 4C CA 01  [binary data]
"VistaSp2" = 73 43 B0 A0 10 53 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-803241420-1934010950-952792630-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33CB1F80-80FF-4482-84F1-B3F2FCCF1E06}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3E283CB6-E54E-49A2-9356-67A9CF5B4849}" = lport=3689 | protocol=6 | dir=in | name=123 | 
"{445739B4-AB38-4859-A921-7DB71C86BDDF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A13E64E6-76AC-4225-8421-1E2D11905589}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A505E57E-5DB3-4FD5-8679-5C02AC03BA1B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AACDEEA8-4F5E-4CA5-86A5-C2896DBE9BBA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B9106DD3-6FEB-467B-9BA3-3C2C5A0A0765}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C05AD43B-18F2-4630-9817-3A30E1D2A781}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CEFB1F81-1376-42D0-921F-4F1F651CB92E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D2FCCDA7-127A-41DA-AD31-38F1108EB938}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E0E2865B-7655-44F9-B331-DDDAD4960FAF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{F2B26A55-12E8-4DFB-A66A-39D2E6B8050E}" = lport=5353 | protocol=17 | dir=in | name=456 | 
"{FA436BB3-7984-4556-8A00-3BE9CE5DF906}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F5ACE2B-D7D9-4A26-9231-ADD06C646497}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{1B713C3E-66D3-4C1B-8477-D77041E24D4B}" = protocol=17 | dir=in | app=d:\fabian\spiele\battlefield bad company 2\bfbc2updater.exe | 
"{23443DBE-4301-4AB3-A227-80C1296DA541}" = protocol=6 | dir=in | app=c:\program files (x86)\simplesyn 2.0\cbn.simplesyn.net.exe | 
"{26FEF112-ADE1-4E61-AF8B-D800696A6615}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2F09DE54-865A-4F69-8B16-5BCBBE750179}" = protocol=6 | dir=in | app=d:\fabian\spiele\battlefield bad company 2\bfbc2updater.exe | 
"{31861CFA-5A30-466B-9A66-C31F6A858D03}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3430D390-B041-46A6-BF23-7356A9B4FF2D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3D000AB0-75F0-4FF6-BF35-5476686B6778}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{44DED4D0-7A20-4A3F-A487-A04E90F62BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{4DB07B94-CBD2-40EE-B9C4-01B203D4DDFF}" = protocol=17 | dir=in | app=d:\fabian\anwendungen\itunes\itunes.exe | 
"{55475202-F165-4926-AAFD-242A802BF2C6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6C5A1782-F8E8-4CA9-91CB-C38C74A10A94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{79BF4F5B-CA00-4C93-B9E7-3B9EE8CDE64D}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{81C99EB8-4904-442B-AC84-7D7A048E9064}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{861DB8C6-07F5-4EF9-AC72-26CA61B3DB3F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{93366E7E-5A98-41F6-AE89-A5AA8270244A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{97840CDA-757C-46B6-A7F3-068D29E220F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A2584B94-3AE2-4715-AE68-3EECE75FCA24}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{B00FF054-53F5-4874-BA6B-412B6CEA6707}" = protocol=17 | dir=in | app=c:\program files (x86)\simplesyn 2.0\cbn.simplesyn.net.exe | 
"{B859E9AA-A92A-4B8C-954F-F82F4969003E}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{C7E72AA0-F8DE-425E-97A6-955B043E59B1}" = protocol=6 | dir=in | app=d:\fabian\anwendungen\itunes\itunes.exe | 
"{CE0DF6A9-5D33-4DE8-99C9-44B59B8F8A19}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{D0359988-FA3E-46F7-8D3C-297F6A3E00CD}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D072BF93-AADD-48FC-84A9-E2FE7D12B255}" = protocol=6 | dir=in | app=d:\fabian\spiele\anno 1404\tools\addonweb.exe | 
"{D2284407-D7D4-4DA9-9B86-3899EB20AB45}" = protocol=17 | dir=in | app=d:\fabian\spiele\anno 1404\tools\addonweb.exe | 
"{D59A2BD6-6F57-4459-9ED3-C175800F88BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D73FA54D-3F91-421F-869A-27144EEAE321}" = protocol=6 | dir=in | app=d:\fabian\spiele\anno 1404\addon.exe | 
"{DF5BAAB2-0F14-43DE-907E-AACC02C20203}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E6886A61-1C78-47F0-BC21-B20E0186B914}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{EAEA9DD4-F2C5-4B0E-94E4-99E1EBB3244F}" = protocol=17 | dir=in | app=d:\fabian\spiele\anno 1404\addon.exe | 
"{ED68F3ED-F835-4BFD-9008-FFF51C516297}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{EF1C47F8-BFC8-4C9A-A09C-DF48407908AE}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"TCP Query User{02315930-A515-4099-85CF-F3ABFEE437BE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{03BC5143-3ABB-448B-821D-95B80564745C}D:\fabian\anwendungen\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\icq6.5\icq.exe | 
"TCP Query User{32C87561-CC1A-418C-A073-387B0DAAC212}D:\fabian\spiele\fifa10\fifa10.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\fifa10\fifa10.exe | 
"TCP Query User{3FEEFEB0-17F1-4C0E-A282-C64F707CBB81}D:\fabian\anwendungen\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\sopcast\sopcast.exe | 
"TCP Query User{504CE358-CBE2-4FFD-9692-560B7A4E1370}D:\fabian\anwendungen\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\sopcast\adv\sopadver.exe | 
"TCP Query User{513CA2D7-C3D5-4A7D-B35A-AA5CA41549D1}D:\fabian\anwendungen\qip\qip.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\qip\qip.exe | 
"TCP Query User{58FD42F9-493F-4320-90D3-45BC0F16BFB8}D:\fabian\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\anno 1404\tools\anno4web.exe | 
"TCP Query User{59D0630F-9E9D-4163-8160-DEC385B6996E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{66939F88-F494-41DD-91D7-9C3D8509F5A2}D:\fabian\anwendungen\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\sopcast\sopcast.exe | 
"TCP Query User{67CCB490-025A-4173-8887-E5B015C3D583}D:\fabian\anwendungen\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\icq6.5\icq.exe | 
"TCP Query User{7282F7DD-19E6-4D93-9B1D-E513D0E0DA6F}D:\fabian\spiele\call of duty 6 - modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\call of duty 6 - modern warfare 2\iw4mp.exe | 
"TCP Query User{7360F82E-5F5A-41A9-8CB4-A60FA7EFEA98}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{80E7A565-4D33-4A88-AC11-26A2A8F6A3BD}D:\fabian\anwendungen\teamviewer4\teamviewer.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\teamviewer4\teamviewer.exe | 
"TCP Query User{A3AB9CBE-5556-44EB-A5E4-296CE84C0053}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{ABAD5F73-20BA-4E25-AC6C-23ABF2440545}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{B433CCC0-CB7F-4CFB-83F8-9AC8FCADEF88}D:\fabian\spiele\hawx\hawx_dx10.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\hawx\hawx_dx10.exe | 
"TCP Query User{CBD0F552-CF8F-4EE0-B1C1-14A84764B6B0}D:\fabian\spiele\steam\steamapps\solar2000\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\steam\steamapps\solar2000\counter-strike source\hl2.exe | 
"TCP Query User{E1A5E573-6D7C-43C0-BA4B-5225A464BA19}D:\fabian\anwendungen\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\sopcast\adv\sopadver.exe | 
"UDP Query User{04B1D71C-BCD1-454C-BE8A-5317195E173F}D:\fabian\anwendungen\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\sopcast\sopcast.exe | 
"UDP Query User{0CBD975F-2F8D-4E14-A2BA-0C4A213D432B}D:\fabian\anwendungen\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\sopcast\adv\sopadver.exe | 
"UDP Query User{1478B3BE-EFCB-48B9-AA05-F5DBFED9666C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{292AF600-91B6-4155-B63B-E41D3EF0E079}D:\fabian\spiele\call of duty 6 - modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\call of duty 6 - modern warfare 2\iw4mp.exe | 
"UDP Query User{331EDB71-6470-4E90-BA3A-1E98E192A103}D:\fabian\anwendungen\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\icq6.5\icq.exe | 
"UDP Query User{363CCD97-8AFA-4470-9117-11CFF6D17CDF}D:\fabian\anwendungen\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\sopcast\sopcast.exe | 
"UDP Query User{45C6EA9A-618E-4657-8C46-49A9E0197E9A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{48400F43-D65A-4106-8BF2-DFF9FE182D35}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{4A157591-46EF-4E0F-9247-6DC880BC6488}D:\fabian\anwendungen\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\icq6.5\icq.exe | 
"UDP Query User{4C184647-39BF-40BA-B23F-7DCF140A01C6}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{6ECC23AF-A291-4BE1-8AEF-D17381856765}D:\fabian\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\anno 1404\tools\anno4web.exe | 
"UDP Query User{7B25BF0D-4597-4B5B-9A1C-16C4BF7A2570}D:\fabian\spiele\hawx\hawx_dx10.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\hawx\hawx_dx10.exe | 
"UDP Query User{A870789E-AE19-467F-BF72-2A589A335650}D:\fabian\spiele\steam\steamapps\solar2000\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\steam\steamapps\solar2000\counter-strike source\hl2.exe | 
"UDP Query User{B124A813-7F4A-430C-B176-7F79778D2934}D:\fabian\spiele\fifa10\fifa10.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\fifa10\fifa10.exe | 
"UDP Query User{B64847B0-8B3D-473C-8AD4-D31605E3ADD7}D:\fabian\anwendungen\qip\qip.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\qip\qip.exe | 
"UDP Query User{BD6B0061-2CC6-4E69-B475-C6FC9B7CFA03}D:\fabian\anwendungen\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\sopcast\adv\sopadver.exe | 
"UDP Query User{C901E89E-4DA0-4D30-9DB7-D018D505E4CC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{D5E8A076-6E4F-4E53-9C1A-DED5D3596A61}D:\fabian\anwendungen\teamviewer4\teamviewer.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\teamviewer4\teamviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"VistaGlazz_is1" = VistaGlazz 2.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1F7C6BBA-4C5B-46C1-A20B-4EA961057B89}" = SimpleSYN 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.1
"AVI MPEG RM WMV Splitter_is1" = AVI/MPEG/RM/WMV Splitter 4.28
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"FUSSBALL MANAGER 10 DEMO" = FUSSBALL MANAGER 10 DEMO
"HaaliMkx" = Haali Media Splitter
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HijackThis" = HijackThis 2.0.2
"KoolPlaya" = KoolPlaya
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Rainmeter" = Rainmeter (remove only)
"RayV" = RayV
"RocketDock_is1" = RocketDock 1.3.5
"SopCast" = SopCast 3.2.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"KoolPlaya" = KoolPlaya
"KoolPlayaX64" = KoolPlayaX64
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.04.2010 05:25:02 | Computer Name = PC6 | Source = LoadPerf | ID = 3011
Description = 
 
Error - 09.04.2010 05:37:31 | Computer Name = PC6 | Source = LoadPerf | ID = 3012
Description = 
 
Error - 09.04.2010 05:37:31 | Computer Name = PC6 | Source = LoadPerf | ID = 3012
Description = 
 
Error - 09.04.2010 05:37:31 | Computer Name = PC6 | Source = LoadPerf | ID = 3011
Description = 
 
Error - 09.04.2010 10:01:15 | Computer Name = PC6 | Source = LoadPerf | ID = 3012
Description = 
 
Error - 09.04.2010 10:01:15 | Computer Name = PC6 | Source = LoadPerf | ID = 3012
Description = 
 
Error - 09.04.2010 10:01:15 | Computer Name = PC6 | Source = LoadPerf | ID = 3011
Description = 
 
Error - 09.04.2010 10:45:58 | Computer Name = PC6 | Source = LoadPerf | ID = 3012
Description = 
 
Error - 09.04.2010 10:45:58 | Computer Name = PC6 | Source = LoadPerf | ID = 3012
Description = 
 
Error - 09.04.2010 10:45:58 | Computer Name = PC6 | Source = LoadPerf | ID = 3011
Description = 
 
[ System Events ]
Error - 09.04.2010 05:01:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 09.04.2010 05:01:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.04.2010 05:01:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 09.04.2010 05:31:45 | Computer Name = PC6 | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 09.04.2010 05:31:45 | Computer Name = PC6 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.04.2010 05:31:45 | Computer Name = PC6 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 09.04.2010 09:55:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 09.04.2010 09:55:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.04.2010 09:55:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 09.04.2010 10:25:46 | Computer Name = PC6 | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         


Alt 09.04.2010, 18:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL):

Code:
ATTFilter
:OTL
O20 - AppInit_DLLs: (nmklo) -  File not found
[2010.03.28 17:24:54 | 000,000,000 | ---D | C] -- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
[2010.04.08 18:50:02 | 000,065,024 | ---- | M] () -- C:\Windows\SysWow64\bb52fkri.few
[2010.04.08 18:50:02 | 000,032,768 | ---- | M] () -- C:\Windows\SysWow64\23rh46g.4e
[2010.04.08 18:48:57 | 000,183,808 | ---- | M] () -- C:\Windows\Blomoa.exe
         
Klick dann auf den Button Run Fixes!
Das Logfile nach dem Fixen müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________
--> Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen

Alt 09.04.2010, 18:39   #7
tommyhenkel
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Code:
ATTFilter
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:nmklo deleted successfully.
C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP folder moved successfully.
C:\Windows\SysWOW64\bb52fkri.few moved successfully.
C:\Windows\SysWOW64\23rh46g.4e moved successfully.
C:\Windows\Blomoa.exe moved successfully.
 
OTL by OldTimer - Version 3.2.1.1 log created on 04092010_183811
         

Alt 09.04.2010, 18:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Sehr schön. Wir sollten eigentlich fast durch sein, oder gibts noch gravierende Probleme?
Mach bitte mal ein Kontrollscan mit SUPERAntiSpyware und poste das Log.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.04.2010, 23:34   #9
tommyhenkel
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Zu eventuellen Problemen kann ich garnich viel sagen .
Hab den infizierten PC danach vom Netzwerk abgekoppelt und kaum benutzt bzw nur die Anti Malware Scans usw durchgeführt. Aber das gefakte Security Center taucht auf jeden Fall nicht mehr auf. Das war ja eigentlich das einzige direkte "Symptom". Soweit sieht auch alles sauber aus. Es bleibt halt immernoch so ein fader Beigeschmack .

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/09/2010 at 08:24 PM

Application Version : 4.35.1002

Core Rules Database Version : 4787
Trace Rules Database Version: 2599

Scan type       : Complete Scan
Total Scan Time : 01:18:07

Memory items scanned      : 346
Memory threats detected   : 0
Registry items scanned    : 7649
Registry threats detected : 8
File items scanned        : 169436
File threats detected     : 9

Adware.Tracking Cookie
	C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@ar.atwola[2].txt
	C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@zanox[1].txt
	C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@unitymedia[3].txt
	C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[2].txt
	C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@ad.zanox[1].txt
	C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@tracking.mindshare[2].txt
	C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[2].txt
	C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@msnportal.112.2o7[1].txt

Trojan.DNSChanger-Codec
	HKLM\Software\1
	HKLM\Software\1#31AC70412E939D72A9234CDEBB1AF5867B
	HKLM\Software\1#31897356954C2CD3D41B221E3F24F99BBA
	HKLM\Software\1#31C2E1E4D78E6A11B88DFA803456A1FFA5
	HKLM\Software\9
	HKLM\Software\9#31AC70412E939D72A9234CDEBB1AF5867B
	HKLM\Software\9#31897356954C2CD3D41B221E3F24F99BBA
	HKLM\Software\9#31C2E1E4D78E6A11B88DFA803456A1FFA5

Trojan.Agent/Gen-FakeAlert
	C:\_OTL\MOVEDFILES\04092010_183811\C_WINDOWS\BLOMOA.EXE
         

Alt 10.04.2010, 14:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Die Funde kannst Du alle entfernen. Sonst wieder soweit alles ok?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2010, 14:17   #11
tommyhenkel
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



sieht gut aus soweit. wurden zwar n paar systemeinstellungen verstellt (dateiendungen bekannter dateitypen wurden ausgeblendet und so kleinigkeiten) aber das lässt sich alles korrigieren.

dann bedank ich mich mal und hoffe das ich jetzt erstmal trojaner-frei bleibe

Alt 10.04.2010, 14:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Standard

Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen



Gut
Dann prüf mal die wichtigsten Updates:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen
adobe, antivir, antivir guard, avg, avgntflt.sys, avira, backdoor.bifrose, benutzerprofildienst, bho, bifrose.trace, converter, desktop, diagnostics, entfernen, excel, fehler, firefox, flash player, fontcache, hdaudio.sys, hijack.folderoptions, hijack.regedit, hijackthis, hijackthis log, installation, launch, local\temp, mbam log, media center, msiexec, msiexec.exe, nvlddmkm.sys, object, programdata, rogue.antimalwaredoctor, rundll, scan, security, senden, services.exe, software, spyware.zbot, start menu, svchost.exe, system, syswow64, trick, trojan.downloader, usbaapl64, vista



Ähnliche Themen: Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen


  1. PornBHO.ru und weitere Schädlinge auf externer Festplatte-wie entfernen!
    Plagegeister aller Art und deren Bekämpfung - 21.07.2014 (23)
  2. Antimalware Doctor entfernen
    Log-Analyse und Auswertung - 24.04.2011 (15)
  3. Probleme mit Antimalware Doctor - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 07.04.2011 (13)
  4. Antimalware Doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (5)
  5. Antimalware Doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.03.2011 (13)
  6. Antimalware Doctor und weitere entfernt, aber GMER hängt. Sauber?
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (28)
  7. Wie kann ich den Antimalware Doctor entfernen?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (9)
  8. Wie Antimalware Doctor entfernen?
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (15)
  9. Antimalware Doctor entfernt aber weitere Probleme
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (17)
  10. Antimalware Doctor erfolgreich gelöscht aber noch weitere Probleme
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (18)
  11. antimalware doctor entfernen-guide befolgt, weitere schritte erforderlich?
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (4)
  12. Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert)
    Log-Analyse und Auswertung - 27.08.2010 (4)
  13. Antimalware Doctor endgültig entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (1)
  14. Antimalware Doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.06.2010 (21)
  15. Antimalware Doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (6)
  16. Antimalware Doctor erfolgreich gelöscht - Reste machen große Probleme
    Plagegeister aller Art und deren Bekämpfung - 05.05.2010 (14)
  17. Antimalware Doctor entfernen
    Anleitungen, FAQs & Links - 22.02.2010 (2)

Zum Thema Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen - Hallo zusammen. Ich hab mir wohl gestern abend irgendwie den Antimalware Doctor eingefangen und versucht ihn nach dieser Anleitung hier aus dem Board: http://www.trojaner-board.de/83172-a...entfernen.html zu entfernen. Hab MBAM bestimmt 2-3x - Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen...
Archiv
Du betrachtest: Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.