Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.06.2010, 13:48   #1
Deepfreeze
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Tagchen, durch Zufall entdeckte ich auf jedem meiner Laufwerke und externen Medien das hier:

Die Datei 'F:\yqq8eqil.exe'
enthielt einen Virus oder unerwünschtes Programm 'WORM/Taterf.B.136'

und zudem noch auf meinen Partitionen eine "2ul.exe", welche sich bei Jotti als "PSW.OnLineGames" nennt. Virustotal kann ich seit meiner Entdeckung nichtmehr aufrufen, es erscheint ein Seitenladefehler.

Diese 2ul.exe konnte ich problemlos manuell löschen (die andere lies ich noch leben, evtl. braucht ihr die ja noch), ich denke daher ist sie nicht aktiv.
Achja, und ist es normal das ich keinen Zugriff auf "C:\Dokumente und Einstellungen" habe?

Meine Angst ist, dass nun meine Passwörter im Besitz einer dritten Person ist.
Bis auf systeminterne Bootprobleme hatte ich bisher noch nicht.
Anbei noch die Logfiles von Malwarebytes und RSIT:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4243

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

26.06.2010 13:40:21
mbam-log-2010-06-26 (13-40-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 312369
Laufzeit: 1 Stunde(n), 38 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Angehängte Dateien
Dateityp: txt log.txt (24,4 KB, 249x aufgerufen)
Dateityp: txt info.txt (6,7 KB, 242x aufgerufen)

Alt 26.06.2010, 14:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Hallo und

Virustotal hat die letzte Zeit einige Macken. Ich kan die momentan auch nicht erreichen.
Du solltest unter Vista die automatische Wiedergabe deaktivieren, das verhindert, dass ein Schädling automatisch gestartet wird, wenn Du einen verseuchten USB-Stick ansteckst.
machst Du in der Systemsteuerung =>Hardware und Sound => CDs und andere Medien automatisch wiedergeben => alles deaktivieren (keine Aktion ausführen)

Erstell danach Logs mit OTL.exe und poste sie.
__________________

__________________

Alt 26.06.2010, 14:27   #3
Larusso
/// Selecta Jahrusso
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Deiner Cosinus
__________________
__________________

Alt 26.06.2010, 15:02   #4
Deepfreeze
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Danke für die Antwort!

edit: klappte doch noch..

Hier die Logfiles:

Extras
[CODE]
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.06.2010 14:55:45 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = D:\Filme
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 7,62 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive D: | 69,95 Gb Total Space | 39,10 Gb Free Space | 55,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 39,06 Gb Total Space | 0,56 Gb Free Space | 1,42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 596,17 Gb Total Space | 239,54 Gb Free Space | 40,18% Space Free | Partition Type: NTFS
 
Computer Name: ARMAGEDDON-PC
Current User Name: Armageddon
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18E1516C-D015-4302-88D0-01B89B0E60C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{22DFBADF-DDD1-4614-92AD-0DFA1139A1B0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24E7EA84-80C3-4F73-879B-7D3AA09DEF92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3647C3E7-43BD-42E4-965F-7A9727C675A3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3BA47229-654F-4C50-A150-510F738E81C7}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{3E265526-5BE9-482F-AE91-4AFFEA9F3B56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E344401-BD01-4F4D-823A-02F2421019F5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4C1086F9-B1AF-4526-865D-2B5D819C608A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4F18EC2C-3589-4F5E-9123-953E664FEC82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52710B14-F8E0-46A5-8A37-E07EC0AB88FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5398B9FD-4B84-4A44-B740-19E8C028F778}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FEBCC34-CCD8-4B00-B4B3-670AF84A574C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6202D557-CD58-4634-BF60-DE2938E778C0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{66D88E52-917C-43C4-9549-E255E1E12095}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{75E6D8CC-1F9A-4CAE-ACAA-3F999A35EBF8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{79A273D8-A1B0-42E6-A314-7B5F239C2F0A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{87534FFA-CEDC-4CC6-B609-EABD91579218}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{87564458-2705-4ED4-A2EC-22DAC3940809}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{94371860-68A5-460B-B323-B09F3189DEDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{986C228C-22CC-4AF1-8B5A-E2334856003E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9C7465E0-7205-414F-AA9B-E1B7623F7938}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A170EDB7-E09A-4C4D-A432-79ACA51A4818}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A25185A8-601B-443B-AC76-C3BF49E46455}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AD7E4B1B-A39A-4E69-B539-6D9D7409CC20}" = lport=443 | protocol=6 | dir=in | app=system | 
"{B1472087-B565-462D-A2A2-AF84F7598CE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B23E497C-FA32-4791-A29F-64967C5887EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{B6AE2B63-7DD1-4C33-8E78-55D5FC76F542}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BFEA17BF-B35C-40F4-84C4-05DA60749027}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CC8B6230-5842-4E61-B006-144EBA84808D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CD574F6E-E6EA-4EA1-A191-5C95B448D090}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CED48674-E283-43CF-846E-35D1254A2C37}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D935EBEA-991C-462D-97FA-34A5BCB6AA3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FCAC239D-EEBA-41ED-86FA-7FDD3B0C6B1F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010A0185-19B9-408D-A43F-5096DBC8ADFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{13D0364C-3A3E-401C-910C-9F829AB6C061}" = protocol=6 | dir=in | app=d:\programme\itunes\itunes.exe | 
"{15C826C1-1616-4A49-821F-2AA55292ACBC}" = protocol=6 | dir=in | app=f:\sonstiges\surf & e-mail-stick\surf & e-mail-stick.exe | 
"{165CA4C4-3BD4-4DB4-B109-823B2E8A70CE}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{17D74466-C53E-4072-8257-44C351C94625}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{1D39B6A8-D49F-4FD6-9247-575868738D93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2AD3890F-3111-4627-8692-2539FE66D73B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{2FB7A67C-521F-4F97-8098-BD0AFCE0E027}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{381A97B3-FAD1-4FF9-BA26-770191A5BC90}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{45DD9A39-0BDC-4300-A6E3-57E24C621F36}" = protocol=6 | dir=in | app=d:\application\doom3.exe | 
"{4A9CBF58-106E-473D-BCFF-733ACFECFBC1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{526797DB-FE62-4C57-B327-F5B3A3729572}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{537F252E-C8EB-4E5D-8CCC-70B64E66D82C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{56E00B13-7CCB-460F-A680-6C638795728C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5D5B4538-0B05-409B-ACE7-4D1266617484}" = protocol=17 | dir=in | app=d:\application\doom3.exe | 
"{62EC1D29-6CE1-4C09-8A8F-8BA267A40F71}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{654DF220-C79E-4DED-9829-A03EE1B53070}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{8A859453-3073-454E-98EF-A742E06E125C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E0A07B8-1CB4-4AE0-847D-6E9E03FB6DE0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9210F401-2C4E-44E1-9B55-758A4AA380A1}" = protocol=17 | dir=in | app=d:\apple\itunes\itunes.exe | 
"{93D0E859-53CE-4363-A31B-2EBEE007A772}" = protocol=17 | dir=in | app=f:\sonstiges\surf & e-mail-stick\surf & e-mail-stick.exe | 
"{93E640B3-A6EC-43C6-B39A-2FB48CB53A8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9540DE3C-FEF6-45C2-9BBD-A82EC7CA4911}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9B7160B1-4852-42E6-865B-D0BADB7FCBE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FF1F13D-33EE-4206-BD9E-E7B642E2F194}" = protocol=6 | dir=in | app=d:\apple\itunes\itunes.exe | 
"{A41DC378-1E97-4FAA-854C-4CA4DFD399A7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{AF506C7C-187C-4629-B463-E1AFD767EA0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AFABAB30-8A73-4271-9589-67AD1D4C9317}" = protocol=17 | dir=in | app=d:\programme\itunes\itunes.exe | 
"{C255B230-5BB0-464C-AB0F-CC5BB6134475}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{D0004C70-E713-4C8B-887A-57F99F80B9BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D33FCCCE-B011-47DF-AD7C-F088F66B607D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{D83C8C7F-8D9F-4E59-92E1-2E3B526B8AAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9728698-F4F1-4CE9-979B-C0B54CBF866D}" = protocol=6 | dir=out | app=system | 
"{DE56F315-E0AE-41B3-8EE9-33F3E7C2AD09}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EDC8014F-BE26-4BF0-A2C2-4E6352ABB2AD}" = protocol=6 | dir=out | app=system | 
"{F25EDA25-0FD7-4DC0-B3A6-EE4B1B7A11E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCC888DF-B13E-4598-9063-415A54077EEA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FF0C1123-3D02-4621-8ECC-8C401CC02A4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{91BFB8D8-365D-44AB-9007-DDDEBB901F16}D:\counterstrike#\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\counterstrike#\counter-strike source\hl2.exe | 
"TCP Query User{975658F3-587F-4DEF-9CD7-B34A00201935}D:\counterstrike#\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\counterstrike#\counter-strike source\hl2.exe | 
"TCP Query User{A50AA3F1-F851-4ED1-9512-4EE23F4F6FAC}F:\steam\steamapps\saskiller1\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\saskiller1\counter-strike source\hl2.exe | 
"TCP Query User{B4D3D74E-A0E9-4129-9AC9-1018801CA20C}D:\programme\icq\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq\icq6\icq.exe | 
"TCP Query User{B617DAFA-CB40-4C96-A809-733B5A409131}G:\ut 99\ut99 portable\system\unrealtournament.exe" = protocol=6 | dir=in | app=g:\ut 99\ut99 portable\system\unrealtournament.exe | 
"TCP Query User{C39927A0-0E53-46B4-AF80-C7B0F8344859}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{E5278B28-5DA1-47E9-B798-9CE40E903E93}D:\filme\half-life_2-the_lost_coast\hl2.exe" = protocol=6 | dir=in | app=d:\filme\half-life_2-the_lost_coast\hl2.exe | 
"TCP Query User{E96B2263-F9DE-495E-850D-D7EA4C1359C6}C:\program files\dvbviewerte\skystarir.exe" = protocol=6 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe | 
"TCP Query User{E9F6ECBC-DE66-41C8-B3BA-9427C16633CD}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{EAE776DD-EB1B-4DF3-8D05-E16E04AB1BE4}F:\steam\steamapps\ksg_scarface\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\ksg_scarface\counter-strike source\hl2.exe | 
"TCP Query User{EEBB43E0-EB57-4DFC-A016-4130566FFEF4}D:\programme\icq\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq\icq6\icq.exe | 
"TCP Query User{F959800B-E120-47AF-873C-09BD5B8D76ED}C:\program files\dvbviewerte\skystarir.exe" = protocol=6 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe | 
"UDP Query User{2A745DE9-E699-4FCE-8E1A-C5446E056DC3}D:\counterstrike#\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\counterstrike#\counter-strike source\hl2.exe | 
"UDP Query User{32A86B46-1597-4430-B421-21C644D13C44}C:\program files\dvbviewerte\skystarir.exe" = protocol=17 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe | 
"UDP Query User{44AE4084-6BED-4325-A6D3-5C0E96AEFE58}D:\programme\icq\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq\icq6\icq.exe | 
"UDP Query User{52FE88D2-C0C9-4260-A107-60451ABD778D}D:\programme\icq\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq\icq6\icq.exe | 
"UDP Query User{6D9BAE52-A695-4562-9BE9-53678AE6C7A6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{767059D2-99A0-4671-8F84-1762A9CED811}G:\ut 99\ut99 portable\system\unrealtournament.exe" = protocol=17 | dir=in | app=g:\ut 99\ut99 portable\system\unrealtournament.exe | 
"UDP Query User{BEFA2CE5-1634-4716-8FAD-59A5C5B1E17B}D:\counterstrike#\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\counterstrike#\counter-strike source\hl2.exe | 
"UDP Query User{CCFF33B9-EF8C-4EF6-B3EF-0936AC865F79}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{D54B8D87-743C-448F-B3FF-00E78064C0FD}D:\filme\half-life_2-the_lost_coast\hl2.exe" = protocol=17 | dir=in | app=d:\filme\half-life_2-the_lost_coast\hl2.exe | 
"UDP Query User{D85064F2-D561-4E37-8FEB-D7D222260E84}F:\steam\steamapps\ksg_scarface\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\ksg_scarface\counter-strike source\hl2.exe | 
"UDP Query User{E2C8A073-6D94-419E-9784-7AA20067FF94}F:\steam\steamapps\saskiller1\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\saskiller1\counter-strike source\hl2.exe | 
"UDP Query User{EF186C41-8D56-4B50-867D-B9F7D340DCD9}C:\program files\dvbviewerte\skystarir.exe" = protocol=17 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.5
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B5F8FCE2-1677-4370-A857-4976E5A95209}" = Topaz Vivacity
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFEDA49F-2E91-4B54-A366-F5A198FE1173}" = DVB-PC TV Star
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D4BA029E-0303-48D2-B9F9-2763D468DC64}" = MainConcept DTV Decoder Standard
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"195542A0B31C09E423E56F0170C91E08AE9084BF" = Windows Driver Package - Atheros Communications Inc. Net  (04/15/2007 7.2.0.204)
"4Musics OGG to MP3 Converter 4.4_is1" = 4Musics OGG to MP3 Converter 4.4
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"D05DA14883E767E9A25DF66DF49F8700A0290ACD" = Windows Driver Package - Atheros Communications Inc. (athr) Net  (04/15/2007 7.2.0.204)
"DiskAid_is1" = DiskAid 3.11
"DVBViewer_is1" = DVBViewer Technisat Edition
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Ulead GIF Animator Lite Edition 1.0" = Ulead GIF Animator Lite Edition 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.5
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.03.2010 06:44:38 | Computer Name = Armageddon-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Avira\AntiVir
 Desktop\avwsc.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2010 06:45:08 | Computer Name = Armageddon-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Avira\AntiVir
 Desktop\avcenter.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2010 06:54:19 | Computer Name = Armageddon-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Avira\AntiVir
 Desktop\sched.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2010 06:54:20 | Computer Name = Armageddon-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Avira\AntiVir
 Desktop\avguard.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2010 06:54:36 | Computer Name = Armageddon-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Avira\AntiVir
 Desktop\avgnt.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2010 06:56:44 | Computer Name = Armageddon-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 6.0.0.7015 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: c50  Anfangszeit: 01cabde4949fa9e6  Zeitpunkt der Beendigung:
 13
 
Error - 07.03.2010 07:01:50 | Computer Name = Armageddon-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Avira\AntiVir
 Desktop\sched.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2010 07:01:51 | Computer Name = Armageddon-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Avira\AntiVir
 Desktop\avguard.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2010 07:02:07 | Computer Name = Armageddon-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Avira\AntiVir
 Desktop\avgnt.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2010 07:08:51 | Computer Name = Armageddon-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Avira\AntiVir
 Desktop\sched.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 16.06.2010 14:23:15 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.06.2010 03:07:00 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.06.2010 05:29:05 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.06.2010 01:13:06 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.06.2010 05:47:32 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.06.2010 05:02:45 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.06.2010 07:44:45 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2010 03:26:28 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2010 04:08:41 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2010 05:51:04 | Computer Name = Armageddon-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


OTL
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 26.06.2010 14:55:45 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = D:\Filme
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 7,62 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive D: | 69,95 Gb Total Space | 39,10 Gb Free Space | 55,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 39,06 Gb Total Space | 0,56 Gb Free Space | 1,42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 596,17 Gb Total Space | 239,54 Gb Free Space | 40,18% Space Free | Partition Type: NTFS
 
Computer Name: ARMAGEDDON-PC
Current User Name: Armageddon
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\Filme\OTL.exe (OldTimer Tools)
PRC - D:\Filme\RSIT.exe ()
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
PRC - C:\Programme\DVBViewerTE\dvbviewer.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\System Control Manager\edd.exe ()
PRC - C:\Programme\DVBViewerTE\SkystarIR.exe ()
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Programme\O2Micro Oz128 Driver\o2flash.exe (O2Micro International)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Filme\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) --  File not found
SRV - (PEVSystemStart) --  File not found
SRV - (Nero BackItUp Scheduler 4.0) --  File not found
SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe ()
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (o2flash) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe (O2Micro International)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (skynetu2) -- C:\Windows\System32\drivers\SkyNETU2.sys (TechniSat Digital, S.A.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (CMISTOR) -- C:\Windows\System32\drivers\cmiucr.SYS (C-Media Corporation)
DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (MTOnlPktAlyX) -- D:\Programme\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 30 F3 1A B3 03 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.26 13:05:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.26 13:07:19 | 000,000,000 | ---D | M]
 
[2008.06.20 23:19:40 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Extensions
[2010.06.26 13:07:12 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions
[2010.04.30 14:07:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.26 11:54:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008.07.14 10:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.04.30 14:07:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.26 13:07:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.26 11:54:16 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\foxyproxy@eric.h.jung
[2010.06.26 10:21:12 | 000,000,950 | ---- | M] () -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\searchplugins\icqplugin-1.xml
[2008.11.25 19:45:37 | 000,000,950 | ---- | M] () -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\searchplugins\icqplugin.xml
[2010.04.15 20:05:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.11.25 19:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.15 20:05:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.15 20:05:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.06 09:24:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] D:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Armageddon\Desktop\Bild 3\Boss der Bosse.jpg
O24 - Desktop BackupWallPaper: C:\Users\Armageddon\Desktop\Bild 3\Boss der Bosse.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.06.16 07:38:42 | 000,000,055 | RHS- | M] () - D:\autorun.txt -- [ NTFS ]
O32 - AutoRun File - [2010.06.16 07:38:42 | 000,000,055 | RHS- | M] () - F:\autorun.txt -- [ NTFS ]
O32 - AutoRun File - [2010.06.26 13:52:37 | 000,000,000 | RH-- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{025bd8b0-5116-11df-8af8-ed7e47caeb7c}\Shell - "" = AutoRun
O33 - MountPoints2\{025bd8b0-5116-11df-8af8-ed7e47caeb7c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{108118cd-35e9-11df-b00c-939c12bc275a}\Shell - "" = AutoRun
O33 - MountPoints2\{108118cd-35e9-11df-b00c-939c12bc275a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{108118cf-35e9-11df-b00c-939c12bc275a}\Shell - "" = AutoRun
O33 - MountPoints2\{108118cf-35e9-11df-b00c-939c12bc275a}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{2f352845-1d75-11df-9498-90ae4c6c3437}\Shell - "" = AutoRun
O33 - MountPoints2\{2f352845-1d75-11df-9498-90ae4c6c3437}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{3cf79ba2-77b8-11df-b48a-be8c19b40a6c}\Shell - "" = AutoRun
O33 - MountPoints2\{3cf79ba2-77b8-11df-b48a-be8c19b40a6c}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{7f356d83-1d24-11df-a810-f6ac53a13773}\Shell - "" = AutoRun
O33 - MountPoints2\{7f356d83-1d24-11df-a810-f6ac53a13773}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{adc19589-1ca3-11df-8169-d1647f5ab40f}\Shell - "" = AutoRun
O33 - MountPoints2\{adc19589-1ca3-11df-8169-d1647f5ab40f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{d9f05d52-3113-11df-b041-fdbe77f02473}\Shell\AutoRun\command - "" = I:\Menu.exe -- File not found
O33 - MountPoints2\{eb1b2a43-3c34-11df-866e-9ee06d984973}\Shell - "" = AutoRun
O33 - MountPoints2\{eb1b2a43-3c34-11df-866e-9ee06d984973}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{eb1b2a45-3c34-11df-866e-9ee06d984973}\Shell - "" = AutoRun
O33 - MountPoints2\{eb1b2a45-3c34-11df-866e-9ee06d984973}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{fc08a623-1412-11df-a446-cdd0a241cb1a}\Shell\AutoRun\command - "" = G:\k8jc.exe -- File not found
O33 - MountPoints2\{fc08a623-1412-11df-a446-cdd0a241cb1a}\Shell\open\Command - "" = G:\k8jc.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.26 13:07:16 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2010.06.26 13:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.06.26 12:43:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games
[2010.06.26 12:17:29 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Avira
[2010.06.26 12:00:46 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Panasonic
[2010.06.26 11:23:18 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll
[2010.06.26 11:23:18 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2010.06.26 11:23:18 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll
[2010.06.26 11:23:18 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2010.06.26 11:23:17 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll
[2010.06.26 11:22:22 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\cdrbsdrv.sys
[2010.06.26 11:22:20 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2010.06.26 11:22:20 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2010.06.26 11:21:05 | 000,045,056 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- C:\Windows\System32\PhDi2.sys
[2010.06.17 15:50:37 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.06.17 15:50:37 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.06.17 15:50:37 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.17 15:50:37 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.14 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Programme
[2010.06.12 19:37:13 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Facebook
[2010.06.10 17:08:20 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.10 17:08:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.10 17:07:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.10 17:07:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.10 17:07:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.10 17:07:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.10 17:07:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.10 17:07:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.10 17:07:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.10 17:07:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.10 17:07:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.10 17:07:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.10 17:07:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.10 17:07:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.10 17:07:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.10 17:07:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.10 17:07:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.10 17:01:42 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.10 16:59:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.05.28 20:24:32 | 001,870,848 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2010.05.27 19:12:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2008.06.20 22:07:33 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2008.06.20 22:07:33 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.26 14:55:37 | 002,883,584 | -HS- | M] () -- C:\Users\Armageddon\ntuser.dat
[2010.06.26 13:53:41 | 001,541,530 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.26 13:53:41 | 000,664,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.26 13:53:41 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.26 13:53:41 | 000,142,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.26 13:53:41 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.26 13:50:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.26 13:50:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.26 13:44:40 | 000,027,810 | ---- | M] () -- C:\Users\Armageddon\AppData\Roaming\nvModes.001
[2010.06.26 11:51:37 | 000,110,336 | ---- | M] () -- C:\Users\Armageddon\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.26 11:50:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.26 11:50:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.26 11:50:15 | 000,406,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.26 11:48:35 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.26 11:25:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.26 11:25:51 | 000,524,288 | -HS- | M] () -- C:\Users\Armageddon\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.06.26 11:25:51 | 000,065,536 | -HS- | M] () -- C:\Users\Armageddon\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.26 11:23:22 | 000,000,524 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
[2010.06.26 09:27:03 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6267935-9F1D-420D-AEE9-5CA4CB01CE4E}.job
[2010.06.20 21:46:38 | 004,274,678 | -H-- | M] () -- C:\Users\Armageddon\AppData\Local\IconCache.db
[2010.06.19 22:06:16 | 000,237,568 | ---- | M] () -- C:\Users\Armageddon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 14:45:39 | 000,000,551 | ---- | M] () -- C:\Users\Armageddon\Desktop\HijackThis.lnk
[2010.06.18 08:03:24 | 001,381,168 | ---- | M] () -- C:\Users\Armageddon\Desktop\P180610_01.49.jpg
[2010.06.17 15:50:50 | 000,000,701 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.11 12:37:57 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
 
========== Files Created - No Company Name ==========
 
[2010.06.26 11:23:22 | 000,000,524 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
[2010.06.26 11:23:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.06.26 11:23:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.06.26 11:23:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.06.26 11:23:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.06.26 11:23:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.06.26 11:23:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.06.26 11:23:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.06.26 11:23:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.06.26 11:23:17 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.06.26 11:23:17 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.06.26 11:23:17 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.06.26 11:23:17 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.06.26 11:23:17 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.06.26 11:23:17 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2010.06.26 11:23:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.06.26 11:23:17 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2010.06.26 11:23:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2010.06.26 11:23:17 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.06.26 11:23:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.06.26 11:23:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.06.26 11:23:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.06.26 11:23:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.06.26 11:23:16 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010.06.26 11:23:16 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2010.06.26 11:23:16 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010.06.26 11:23:16 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010.06.26 11:23:16 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2010.06.26 11:23:16 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010.06.26 11:23:16 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010.06.26 11:23:16 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2010.06.26 11:23:16 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010.06.26 11:23:16 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2010.06.19 14:45:39 | 000,000,551 | ---- | C] () -- C:\Users\Armageddon\Desktop\HijackThis.lnk
[2010.06.18 17:57:10 | 001,381,168 | ---- | C] () -- C:\Users\Armageddon\Desktop\P180610_01.49.jpg
[2010.06.17 15:50:50 | 000,000,701 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.11 12:37:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.04.17 12:29:45 | 000,000,309 | ---- | C] () -- C:\Windows\doom3.ini
[2010.04.14 12:23:00 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.12.03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.17 07:35:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.29 23:20:30 | 000,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.04.11 21:29:12 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.05 00:48:26 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2009.01.05 00:48:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.12.26 02:44:26 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2008.12.23 19:24:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.09.09 14:06:28 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.09.09 14:06:28 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.07.11 22:13:17 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.06.20 23:59:23 | 000,000,269 | ---- | C] () -- C:\Windows\game.ini
[2008.06.20 22:07:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2008.06.20 22:07:34 | 012,007,168 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2008.06.20 22:07:34 | 000,025,216 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2008.06.20 20:43:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2008.06.20 20:43:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2008.06.20 20:38:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.12.25 22:37:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
[2007.12.15 15:55:30 | 002,510,848 | ---- | C] () -- C:\Windows\System32\tlpsplib10.dll
[2006.12.07 16:10:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CmUCRRm.Dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.01.02 12:00:05 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\DiskAid
[2010.06.12 19:37:19 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Facebook
[2010.04.09 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Foxit
[2008.12.11 22:14:56 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\ICQ
[2010.02.22 18:39:03 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Leadertech
[2010.06.26 12:00:48 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Panasonic
[2010.06.14 15:55:21 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Programme
[2009.12.25 20:03:13 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Sony
[2009.04.08 18:34:15 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\T-Online
[2010.04.26 12:02:35 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Vodafone
[2010.06.26 11:25:53 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.26 09:27:03 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F6267935-9F1D-420D-AEE9-5CA4CB01CE4E}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:89EAFAFC
< End of report >
         
--- --- ---

Geändert von Deepfreeze (26.06.2010 um 15:07 Uhr) Grund: Scan erfolgreich

Alt 26.06.2010, 21:35   #5
Larusso
/// Selecta Jahrusso
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Schritt 1

Was ist Laufwerk G ?


Schritt 2
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
O32 - AutoRun File - [2010.06.16 07:38:42 | 000,000,055 | RHS- | M] () - D:\autorun.txt -- [ NTFS ]
O32 - AutoRun File - [2010.06.16 07:38:42 | 000,000,055 | RHS- | M] () - F:\autorun.txt -- [ NTFS ]
O32 - AutoRun File - [2010.06.26 13:52:37 | 000,000,000 | RH-- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{025bd8b0-5116-11df-8af8-ed7e47caeb7c}\Shell - "" = AutoRun
O33 - MountPoints2\{025bd8b0-5116-11df-8af8-ed7e47caeb7c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{108118cd-35e9-11df-b00c-939c12bc275a}\Shell - "" = AutoRun
O33 - MountPoints2\{108118cd-35e9-11df-b00c-939c12bc275a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{108118cf-35e9-11df-b00c-939c12bc275a}\Shell - "" = AutoRun
O33 - MountPoints2\{108118cf-35e9-11df-b00c-939c12bc275a}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{2f352845-1d75-11df-9498-90ae4c6c3437}\Shell - "" = AutoRun
O33 - MountPoints2\{2f352845-1d75-11df-9498-90ae4c6c3437}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{3cf79ba2-77b8-11df-b48a-be8c19b40a6c}\Shell - "" = AutoRun
O33 - MountPoints2\{3cf79ba2-77b8-11df-b48a-be8c19b40a6c}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{7f356d83-1d24-11df-a810-f6ac53a13773}\Shell - "" = AutoRun
O33 - MountPoints2\{7f356d83-1d24-11df-a810-f6ac53a13773}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{adc19589-1ca3-11df-8169-d1647f5ab40f}\Shell - "" = AutoRun
O33 - MountPoints2\{adc19589-1ca3-11df-8169-d1647f5ab40f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{d9f05d52-3113-11df-b041-fdbe77f02473}\Shell\AutoRun\command - "" = I:\Menu.exe -- File not found
O33 - MountPoints2\{eb1b2a43-3c34-11df-866e-9ee06d984973}\Shell - "" = AutoRun
O33 - MountPoints2\{eb1b2a43-3c34-11df-866e-9ee06d984973}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{eb1b2a45-3c34-11df-866e-9ee06d984973}\Shell - "" = AutoRun
O33 - MountPoints2\{eb1b2a45-3c34-11df-866e-9ee06d984973}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{fc08a623-1412-11df-a446-cdd0a241cb1a}\Shell\AutoRun\command - "" = G:\k8jc.exe -- File not found
O33 - MountPoints2\{fc08a623-1412-11df-a446-cdd0a241cb1a}\Shell\open\Command - "" = G:\k8jc.exe -- File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O2 - BHO: (no name) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 3

Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Schritt 4

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
OTLfix Log
Gmer.txt
OTL.txt

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 27.06.2010, 12:58   #6
Deepfreeze
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Hi!

Laufwerk G ist bei mir immer unterschiedlich. Entweder der leere Micro SD Slot von meinem Internetstick, die defekte 16 GB SD Karte oder mein 2 GB USB-Stick, welchen ich noch gestern formatiert habe (an meinem Netbook).

Gmer hat sich nach 5 Stunden inkl. PC aufgehangen, daher kann ich kein Logfile mitposten.

Hier die OTL.txt

Code:
ATTFilter
OTL logfile created on: 27.06.2010 12:46:02 - Run 2
OTL by OldTimer - Version 3.2.7.0     Folder = D:\Filme
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 7,70 Gb Free Space | 22,54% Space Free | Partition Type: NTFS
Drive D: | 69,95 Gb Total Space | 39,10 Gb Free Space | 55,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 39,06 Gb Total Space | 0,56 Gb Free Space | 1,42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ARMAGEDDON-PC
Current User Name: Armageddon
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - D:\Filme\OTL.exe (OldTimer Tools)
PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Backups\PhAutoRun.exe (Panasonic Corporation)
PRC - D:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
PRC - C:\Programme\System Control Manager\edd.exe ()
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Programme\O2Micro Oz128 Driver\o2flash.exe (O2Micro International)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Filme\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) --  File not found
SRV - (PEVSystemStart) --  File not found
SRV - (Nero BackItUp Scheduler 4.0) --  File not found
SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe ()
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (o2flash) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe (O2Micro International)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (skynetu2) -- C:\Windows\System32\drivers\SkyNETU2.sys (TechniSat Digital, S.A.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (CMISTOR) -- C:\Windows\System32\drivers\cmiucr.SYS (C-Media Corporation)
DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (MTOnlPktAlyX) -- D:\Programme\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 30 F3 1A B3 03 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.26 13:05:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.26 13:07:19 | 000,000,000 | ---D | M]
 
[2008.06.20 23:19:40 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Extensions
[2010.06.26 13:07:12 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions
[2010.04.30 14:07:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.26 11:54:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008.07.14 10:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.04.30 14:07:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.26 13:07:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.26 11:54:16 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\extensions\foxyproxy@eric.h.jung
[2010.06.26 10:21:12 | 000,000,950 | ---- | M] () -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\searchplugins\icqplugin-1.xml
[2008.11.25 19:45:37 | 000,000,950 | ---- | M] () -- C:\Users\Armageddon\AppData\Roaming\Mozilla\Firefox\Profiles\ea6ekdlr.default\searchplugins\icqplugin.xml
[2010.04.15 20:05:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.11.25 19:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.15 20:05:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.15 20:05:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.06 09:24:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] D:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Armageddon\Desktop\Bild 3\Boss der Bosse.jpg
O24 - Desktop BackupWallPaper: C:\Users\Armageddon\Desktop\Bild 3\Boss der Bosse.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.27 12:51:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.06.26 13:07:16 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2010.06.26 13:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.06.26 12:43:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games
[2010.06.26 12:17:29 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Avira
[2010.06.26 12:00:46 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Panasonic
[2010.06.26 11:22:22 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\cdrbsdrv.sys
[2010.06.26 11:22:20 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2010.06.26 11:22:20 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2010.06.26 11:21:05 | 000,045,056 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- C:\Windows\System32\PhDi2.sys
[2010.06.17 15:50:37 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.06.17 15:50:37 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.06.17 15:50:37 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.17 15:50:37 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.14 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Programme
[2010.06.12 19:37:13 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Facebook
[2010.05.28 20:24:32 | 001,870,848 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2010.05.14 12:41:28 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Apple Computer
[2010.05.14 12:41:28 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Local\Apple Computer
[2010.05.14 12:40:03 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.05.14 12:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.14 12:38:10 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.05.14 12:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.05.14 12:37:26 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Local\Apple
[2010.05.14 12:37:19 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.05.14 12:36:14 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.05.14 12:35:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.05.14 12:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.05.12 18:20:31 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\Desktop\Bild 3
[2010.05.01 13:22:51 | 000,084,832 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\ASPI32.SYS
[2010.05.01 13:22:51 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\System32\WNASPI32.DLL
[2010.04.26 12:02:35 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Vodafone
[2010.04.26 12:02:23 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\zteusbvoice.sys
[2010.04.26 12:02:22 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2010.04.26 12:02:21 | 000,110,592 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys
[2010.04.26 12:02:19 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2010.04.26 12:02:17 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2010.04.26 12:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2010.04.26 12:01:37 | 000,000,000 | ---D | C] -- C:\Programme\Vodafone
[2010.04.26 12:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.04.26 12:01:24 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Local\{AADEF95F-E36B-426E-B7B1-70E7D4F6AA5B}
[2010.04.25 11:37:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\INCA Shared
[2010.04.16 11:19:36 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\Desktop\DN
[2010.04.15 20:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.15 20:06:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.04.15 20:05:13 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.04.11 13:35:34 | 000,000,000 | ---D | C] -- C:\Programme\XviD
[2010.04.09 21:17:29 | 000,000,000 | ---D | C] -- C:\Users\Armageddon\AppData\Roaming\Foxit
[2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2008.06.20 22:07:33 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2008.06.20 22:07:33 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.27 12:52:46 | 000,669,120 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.27 12:52:46 | 000,629,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.27 12:52:46 | 000,119,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.27 12:52:45 | 001,579,028 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.27 12:52:45 | 000,144,964 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.27 12:49:54 | 002,883,584 | -HS- | M] () -- C:\Users\Armageddon\ntuser.dat
[2010.06.27 12:49:26 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6267935-9F1D-420D-AEE9-5CA4CB01CE4E}.job
[2010.06.27 12:45:46 | 000,027,810 | ---- | M] () -- C:\Users\Armageddon\AppData\Roaming\nvModes.001
[2010.06.27 12:43:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 12:43:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 12:43:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.27 12:43:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.27 12:43:39 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.26 22:03:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.26 22:03:11 | 000,524,288 | -HS- | M] () -- C:\Users\Armageddon\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.06.26 22:03:11 | 000,065,536 | -HS- | M] () -- C:\Users\Armageddon\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.26 17:09:38 | 005,684,810 | ---- | M] () -- C:\Users\Armageddon\Desktop\P1000180.JPG
[2010.06.26 11:51:37 | 000,110,336 | ---- | M] () -- C:\Users\Armageddon\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.26 11:50:15 | 000,406,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.26 11:23:22 | 000,000,524 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
[2010.06.20 21:46:38 | 004,274,678 | -H-- | M] () -- C:\Users\Armageddon\AppData\Local\IconCache.db
[2010.06.19 22:06:16 | 000,237,568 | ---- | M] () -- C:\Users\Armageddon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 14:45:39 | 000,000,551 | ---- | M] () -- C:\Users\Armageddon\Desktop\HijackThis.lnk
[2010.06.18 08:03:24 | 001,381,168 | ---- | M] () -- C:\Users\Armageddon\Desktop\P180610_01.49.jpg
[2010.06.17 15:50:50 | 000,000,701 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.11 12:37:57 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2010.05.15 21:45:57 | 000,007,592 | ---- | M] () -- C:\Users\Armageddon\AppData\Local\d3d9caps.dat
[2010.05.12 18:13:11 | 000,027,810 | ---- | M] () -- C:\Users\Armageddon\AppData\Roaming\nvModes.dat
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.17 12:29:45 | 000,000,309 | ---- | M] () -- C:\Windows\doom3.ini
[2010.04.11 13:42:07 | 000,000,540 | ---- | M] () -- C:\Users\Armageddon\AppData\Roaming\AutoGK.ini
 
========== Files Created - No Company Name ==========
 
[2010.06.26 19:46:33 | 005,684,810 | ---- | C] () -- C:\Users\Armageddon\Desktop\P1000180.JPG
[2010.06.26 11:23:22 | 000,000,524 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
[2010.06.26 11:23:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.06.26 11:23:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.06.26 11:23:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.06.26 11:23:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.06.26 11:23:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.06.26 11:23:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.06.26 11:23:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.06.26 11:23:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.06.26 11:23:17 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.06.26 11:23:17 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.06.26 11:23:17 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.06.26 11:23:17 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.06.26 11:23:17 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.06.26 11:23:17 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2010.06.26 11:23:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.06.26 11:23:17 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2010.06.26 11:23:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2010.06.26 11:23:17 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.06.26 11:23:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.06.26 11:23:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.06.26 11:23:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.06.26 11:23:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.06.26 11:23:16 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010.06.26 11:23:16 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2010.06.26 11:23:16 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010.06.26 11:23:16 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010.06.26 11:23:16 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2010.06.26 11:23:16 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010.06.26 11:23:16 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010.06.26 11:23:16 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2010.06.26 11:23:16 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010.06.26 11:23:16 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2010.06.19 14:45:39 | 000,000,551 | ---- | C] () -- C:\Users\Armageddon\Desktop\HijackThis.lnk
[2010.06.18 17:57:10 | 001,381,168 | ---- | C] () -- C:\Users\Armageddon\Desktop\P180610_01.49.jpg
[2010.06.17 15:50:50 | 000,000,701 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.11 12:37:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.04.17 12:29:45 | 000,000,309 | ---- | C] () -- C:\Windows\doom3.ini
[2010.04.14 12:23:00 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.04.11 13:42:07 | 000,000,540 | ---- | C] () -- C:\Users\Armageddon\AppData\Roaming\AutoGK.ini
[2010.04.02 13:27:59 | 3220,496,384 | -HS- | C] () -- C:\hiberfil.sys
[2009.12.03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.17 07:35:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.29 23:20:30 | 000,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.04.11 21:29:12 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.05 00:48:26 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2009.01.05 00:48:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.12.26 02:44:26 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2008.12.23 19:24:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.09.09 14:06:28 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.09.09 14:06:28 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.07.11 22:13:17 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.06.20 23:59:23 | 000,000,269 | ---- | C] () -- C:\Windows\game.ini
[2008.06.20 22:07:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2008.06.20 22:07:34 | 012,007,168 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2008.06.20 22:07:34 | 000,025,216 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2008.06.20 20:43:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2008.06.20 20:43:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2008.06.20 20:38:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.12.25 22:37:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
[2007.12.15 15:55:30 | 002,510,848 | ---- | C] () -- C:\Windows\System32\tlpsplib10.dll
[2006.12.07 16:10:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CmUCRRm.Dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.01.02 12:00:05 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\DiskAid
[2010.06.12 19:37:19 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Facebook
[2010.04.09 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Foxit
[2008.12.11 22:14:56 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\ICQ
[2010.02.22 18:39:03 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Leadertech
[2010.06.26 12:00:48 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Panasonic
[2010.06.14 15:55:21 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Programme
[2009.12.25 20:03:13 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Sony
[2009.04.08 18:34:15 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\T-Online
[2010.04.26 12:02:35 | 000,000,000 | ---D | M] -- C:\Users\Armageddon\AppData\Roaming\Vodafone
[2010.06.26 22:03:13 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.27 12:49:26 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F6267935-9F1D-420D-AEE9-5CA4CB01CE4E}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:89EAFAFC
< End of report >
         
Hier das Fix Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
D:\autorun.txt moved successfully.
F:\autorun.txt moved successfully.
File move failed. J:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{025bd8b0-5116-11df-8af8-ed7e47caeb7c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{025bd8b0-5116-11df-8af8-ed7e47caeb7c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{025bd8b0-5116-11df-8af8-ed7e47caeb7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{025bd8b0-5116-11df-8af8-ed7e47caeb7c}\ not found.
File G:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{108118cd-35e9-11df-b00c-939c12bc275a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{108118cd-35e9-11df-b00c-939c12bc275a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{108118cd-35e9-11df-b00c-939c12bc275a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{108118cd-35e9-11df-b00c-939c12bc275a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{108118cf-35e9-11df-b00c-939c12bc275a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{108118cf-35e9-11df-b00c-939c12bc275a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{108118cf-35e9-11df-b00c-939c12bc275a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{108118cf-35e9-11df-b00c-939c12bc275a}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f352845-1d75-11df-9498-90ae4c6c3437}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f352845-1d75-11df-9498-90ae4c6c3437}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f352845-1d75-11df-9498-90ae4c6c3437}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f352845-1d75-11df-9498-90ae4c6c3437}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cf79ba2-77b8-11df-b48a-be8c19b40a6c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cf79ba2-77b8-11df-b48a-be8c19b40a6c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cf79ba2-77b8-11df-b48a-be8c19b40a6c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cf79ba2-77b8-11df-b48a-be8c19b40a6c}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f356d83-1d24-11df-a810-f6ac53a13773}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f356d83-1d24-11df-a810-f6ac53a13773}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f356d83-1d24-11df-a810-f6ac53a13773}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f356d83-1d24-11df-a810-f6ac53a13773}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adc19589-1ca3-11df-8169-d1647f5ab40f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adc19589-1ca3-11df-8169-d1647f5ab40f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adc19589-1ca3-11df-8169-d1647f5ab40f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adc19589-1ca3-11df-8169-d1647f5ab40f}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f05d52-3113-11df-b041-fdbe77f02473}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9f05d52-3113-11df-b041-fdbe77f02473}\ not found.
File I:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb1b2a43-3c34-11df-866e-9ee06d984973}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb1b2a43-3c34-11df-866e-9ee06d984973}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb1b2a43-3c34-11df-866e-9ee06d984973}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb1b2a43-3c34-11df-866e-9ee06d984973}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb1b2a45-3c34-11df-866e-9ee06d984973}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb1b2a45-3c34-11df-866e-9ee06d984973}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb1b2a45-3c34-11df-866e-9ee06d984973}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb1b2a45-3c34-11df-866e-9ee06d984973}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc08a623-1412-11df-a446-cdd0a241cb1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc08a623-1412-11df-a446-cdd0a241cb1a}\ not found.
File G:\k8jc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc08a623-1412-11df-a446-cdd0a241cb1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc08a623-1412-11df-a446-cdd0a241cb1a}\ not found.
File G:\k8jc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall Adobe Download Manager deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Armageddon
->Temp folder emptied: 10081710 bytes
->Java cache emptied: 15754411 bytes
->FireFox cache emptied: 88781408 bytes
->Flash cache emptied: 3651 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3268 bytes
RecycleBin emptied: 1575444497 bytes
 
Total Files Cleaned = 1.612,00 mb
 
 
OTL by OldTimer - Version 3.2.7.0 log created on 06262010_220234

Files\Folders moved on Reboot...
File move failed. J:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 27.06.2010, 13:49   #7
Larusso
/// Selecta Jahrusso
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Versuch GMER bitte im abgesicherten Modus
(Beim hochfahren mehrmals F8 drücken)
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 27.06.2010, 15:35   #8
Deepfreeze
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Diesmal hats geklappt, hier das Logfile:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-27 15:25:31
Windows 6.0.6002 Service Pack 2
Running: kpk8ocn1.exe; Driver: C:\Users\ARMAGE~1\AppData\Local\Temp\pgddypoc.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [748D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7492A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [748DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [748CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [748D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [748CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74908395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [748DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [748CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [748CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [748C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7495CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [748FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [748CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [748C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [748C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [748D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd502d67                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd502d67@001a75f46c28             0xC1 0xD5 0xB0 0x3B ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019db0aafcb                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d9214365a                          
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd502d67 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd502d67@001a75f46c28                 0xC1 0xD5 0xB0 0x3B ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019db0aafcb (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d9214365a (not active ControlSet)      

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 27.06.2010, 15:39   #9
Larusso
/// Selecta Jahrusso
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
  • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
  • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
  • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)


Bitte poste in Deiner nächsten Antwort
ESET Logfile
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 28.06.2010, 12:56   #10
Deepfreeze
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Hi, es trat dasselbe Problem auf wie bei Gmer, ab einer gewissen Stundenzeit hat sich mein Laptop aufgehängt. Bis dahin wurden aber keine Funde gefunden, der Rechner läuft momentan mehr oder weniger stabil, was aber, denke ich, andere Gründe hat.
Ich wollte noch anmerken, das ich bis Mittwoch/Donnerstag auswärts bin und somit keinen Zugriff bis dahin auf meinen Laptop habe.

Alt 28.06.2010, 13:00   #11
Larusso
/// Selecta Jahrusso
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Hab ich Cosinus den Thread geklaut

Melde Dich wenn Du wieder mit dem Laptop arbeiten kannst
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 04.07.2010, 10:52   #12
Larusso
/// Selecta Jahrusso
 
PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Standard

PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl



Fehlende Rückmeldung

Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.

PN an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere eröffnet bitte einen eigenen Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl
anti-malware, aufrufe, autorun, autorun wurm, bootprobleme, datei, dateien, einstellungen, explorer, gen, jotti, laufwerke, logfiles, löschen, malwarebytes, malwarebytes' anti-malware, passwörter, probleme, programm, rsit, seite, service, unerwünschtes programm, version, virus, virustotal, wurm, zugriff



Ähnliche Themen: PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl


  1. Microsoft und Adobe bereiten Patchday vor
    Nachrichten - 09.05.2014 (0)
  2. Möglicherweise Variante von Win32/AutoRun.Spy.Banker.M Wurm
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (4)
  3. Usb Stick Autorun .inf Wurm?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (1)
  4. INF/autorun wurm mit rundll32.exe
    Log-Analyse und Auswertung - 20.11.2012 (1)
  5. Bereiten Sie sich auf die Sicherheitsupdates für November 2012 vor
    Nachrichten - 12.11.2012 (0)
  6. autorun-wurm lpl.exe auf cf-card gefunden, rechner ebenfalls infiziert
    Log-Analyse und Auswertung - 19.04.2011 (40)
  7. explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (27)
  8. Autorun blockiert C:\autorun.inf frisches System
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (6)
  9. autorun.inf und RECYCLER Wurm durch USB / SD Karte bekommen.
    Plagegeister aller Art und deren Bekämpfung - 07.06.2010 (2)
  10. Autorun.inf auf USB, möglicher Wurm auf PC?
    Plagegeister aller Art und deren Bekämpfung - 10.05.2010 (9)
  11. TROJANER Flut! W32/Delf.EKEH, INI/AutoRun.CYI, WSCommCntr1.exe, BAT/Autorun.IZJ
    Plagegeister aller Art und deren Bekämpfung - 06.11.2009 (3)
  12. CPU bei 100% in 3D Anwendungen (onlinegames)
    Log-Analyse und Auswertung - 04.09.2009 (7)
  13. Ungutes Gefühl
    Plagegeister aller Art und deren Bekämpfung - 09.06.2009 (3)
  14. autorun.inf: Trojan.Autorun-271 FOUND - USB-Stick
    Log-Analyse und Auswertung - 11.03.2009 (1)
  15. Wurm Worm.Win32.AutoRun.vmq oder TR/Dldr.Agent.jag
    Plagegeister aller Art und deren Bekämpfung - 21.01.2009 (0)
  16. Wurm "BV:AutoRun-J [Wrm]" gefunden...
    Log-Analyse und Auswertung - 11.01.2009 (0)
  17. Virus und Wurm zugleich Virus.VBS.autorun.c
    Antiviren-, Firewall- und andere Schutzprogramme - 10.09.2007 (1)

Zum Thema PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl - Tagchen, durch Zufall entdeckte ich auf jedem meiner Laufwerke und externen Medien das hier: Die Datei 'F:\yqq8eqil.exe' enthielt einen Virus oder unerwünschtes Programm 'WORM/Taterf.B.136' und zudem noch auf meinen Partitionen - PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl...
Archiv
Du betrachtest: PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.