Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HiJackThis-Logfile - PC-Überprüfung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 31.07.2010, 19:49   #1
Yare_Yare
 
HiJackThis-Logfile - PC-Überprüfung - Standard

HiJackThis-Logfile - PC-Überprüfung



Hallo,
ich hatte ca. letzte Woche einen unschönen Malware-Angriff auf meinem PC.
Ich habe nicht wirklich das Gefühl, dass alles sauber ist, deswegen wollte ich hier mal nachfragen, um zu gucken, ob noch was getan werden muss.

Hier erstmal die Logfiles von AntiMalware von vor einer Woche:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4339

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

23.07.2010 00:33:23
mbam-log-2010-07-23 (00-33-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 128020
Laufzeit: 5 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iaxaippv (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\patchsetup70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Basti\AppData\Local\vfcktbbfq\fmkfsyhtssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9\patchsetup70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\jydtya.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\ufgxxw.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4339

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

23.07.2010 10:46:18
mbam-log-2010-07-23 (10-46-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 419205
Laufzeit: 2 Stunde(n), 3 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CL5CHZ2A\patchsetup70700[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXP1CME0\aaidkfmhfa[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0HL3RZB\imhbjepxrz[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQY8C9DZ\bsvqbwql[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQY8C9DZ\sjnvpnidk[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
         
Hier das Log von heute:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4373

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

31.07.2010 18:10:20
mbam-log-2010-07-31 (18-10-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 422021
Laufzeit: 1 Stunde(n), 38 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Hier das Log von HijackThis von Heute:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:14, on 31.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\***\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\***\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Basti\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
O4 - Global Startup: Philips SA30XX Device Manager.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12334 bytes
         
Und schlussendlich noch OTL von Heute:

Code:
ATTFilter
OTL logfile created on: 31.07.2010 19:28:40 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Basti\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 45,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,99 Gb Total Space | 500,61 Gb Free Space | 54,59% Space Free | Partition Type: NTFS
Drive D: | 14,52 Gb Total Space | 1,99 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BASTI-PC
Current User Name: Basti
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Basti\Downloads\HiJackThis204.exe (Trend Micro Inc.)
PRC - C:\Users\Basti\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Users\Basti\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Basti\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (PDNSp50a64) -- C:\Windows\SysNative\Drivers\PDNSp50a64.sys File not found
DRV:64bit: - (PDNSp50) -- C:\Windows\SysNative\drivers\PDNSp50.sys File not found
DRV:64bit: - (PDNMp50) -- C:\Windows\SysNative\drivers\PDNMp50.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys ()
DRV:64bit: - (WacomVKHid) -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys ()
DRV:64bit: - (AVMUNET) -- C:\Windows\SysNative\DRIVERS\avmunet.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)
DRV - (PDNMp50) -- C:\Windows\SysWOW64\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PDNSp50) -- C:\Windows\SysWOW64\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.25 09:17:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 09:17:02 | 000,000,000 | ---D | M]
 
[2009.04.09 11:25:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2010.07.30 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions
[2010.07.22 21:09:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.22 23:53:13 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010.07.22 21:09:09 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009.04.09 16:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.06.11 02:08:24 | 000,000,917 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\conduit.xml
[2010.07.30 14:02:58 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-1.xml
[2009.07.24 15:34:17 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-2.xml
[2009.08.12 06:53:02 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-3.xml
[2009.09.11 11:47:56 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-4.xml
[2009.10.30 09:57:34 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-5.xml
[2009.12.17 18:58:24 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-6.xml
[2010.01.07 21:25:08 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-7.xml
[2009.06.08 21:23:58 | 000,000,944 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin.xml
[2010.07.23 11:41:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.05.03 21:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2010.07.30 08:06:48 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.07.15 09:43:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.15 09:43:02 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.15 09:43:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.15 09:43:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.15 09:43:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE File not found
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Basti\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\Shell - "" = AutoRun
O33 - MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found
O33 - MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\Shell - "" = AutoRun
O33 - MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found
O33 - MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\Shell - "" = AutoRun
O33 - MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.30 08:08:10 | 000,000,000 | ---D | C] -- C:\Users\Basti\Neuer Ordner
[2010.07.30 08:06:55 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\GamersFirst LIVE!
[2010.07.30 08:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst
[2010.07.29 20:38:24 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Avira
[2010.07.29 20:35:43 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.07.29 20:35:43 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.07.29 20:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.07.29 20:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.07.23 00:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.07.23 00:27:12 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Malwarebytes
[2010.07.23 00:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.23 00:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.23 00:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.22 23:38:26 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\vfcktbbfq
[2010.07.22 23:37:41 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9
[2010.07.12 11:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010.07.02 15:37:19 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010.07.02 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2010.07.02 15:36:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.07.02 15:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.07.02 15:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.07.02 15:29:26 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.31 19:28:18 | 002,359,296 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT
[2010.07.31 18:43:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.31 18:43:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.31 13:36:01 | 000,189,952 | ---- | M] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.31 08:43:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.31 08:43:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.31 00:48:18 | 000,524,288 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.07.31 00:48:18 | 000,065,536 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.07.31 00:48:05 | 002,657,405 | -H-- | M] () -- C:\Users\Basti\AppData\Local\IconCache.db
[2010.07.30 20:24:19 | 000,000,997 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010.07.30 20:24:19 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2010.07.30 20:00:17 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Sword of the New World.lnk
[2010.07.29 20:35:49 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.07.28 13:18:06 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.28 13:18:06 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.28 13:18:06 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.28 13:18:06 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.28 13:18:06 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.21 08:32:55 | 000,007,426 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\wklnhst.dat
[2010.07.14 19:27:41 | 000,000,680 | ---- | M] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat
[2010.07.02 15:37:23 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.02 15:35:16 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.07.02 15:13:55 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
 
========== Files Created - No Company Name ==========
 
[2010.07.30 20:00:17 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Sword of the New World.lnk
[2010.07.30 08:06:44 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010.07.30 08:06:44 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2010.07.29 20:35:49 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.07.29 20:35:43 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.07.29 20:35:43 | 000,081,072 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.07.23 11:34:00 | 000,422,904 | ---- | C] () -- C:\Users\Basti\AppData\Local\dd_vcredistMSI3F6C.txt
[2010.07.23 11:34:00 | 000,011,710 | ---- | C] () -- C:\Users\Basti\AppData\Local\dd_vcredistUI3F6C.txt
[2010.07.23 00:27:02 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.12 11:47:17 | 000,008,704 | ---- | C] () -- C:\Windows\SysNative\E_GCINST.DLL
[2010.07.12 11:47:14 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\E_ILMBNE.DLL
[2010.07.12 11:47:14 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\E_IBCBBNE.DLL
[2010.07.02 15:37:23 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.02 15:37:19 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
[2010.07.02 15:37:19 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.07.02 15:35:16 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.07.02 15:13:55 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009.08.07 15:53:46 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini
[2009.05.05 18:24:59 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\viscomqtde.dll
[2009.05.05 18:24:59 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009.04.08 23:29:06 | 000,042,982 | ---- | C] () -- C:\Windows\SysWow64\pddsladp.dll
[2009.04.08 23:28:57 | 000,000,111 | ---- | C] () -- C:\Windows\telephon.ini
[2009.02.13 10:36:52 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009.02.13 10:36:52 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.03.18 15:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
 
========== LOP Check ==========
 
[2010.07.22 23:38:41 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9
[2010.07.31 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\BitTorrent
[2009.08.07 16:14:06 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Disney Interactive Studios
[2010.07.31 19:24:24 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DNA
[2009.04.10 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\GetRightToGo
[2009.05.03 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ
[2009.04.10 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\IrfanView
[2009.10.24 17:23:58 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\NeopleLauncherDFO
[2009.04.16 16:57:45 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Publish Providers
[2009.12.09 21:06:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ringtone Expressions
[2010.06.29 16:00:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Softland
[2009.08.24 13:28:39 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Sony
[2009.08.01 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Sony Setup
[2009.04.10 19:04:09 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Template
[2009.04.08 21:30:36 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\WildTangent
[2009.07.20 21:49:31 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\WinBatch
[2009.07.25 06:31:17 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010.07.31 00:48:12 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
und dann noch das "extra"-Logfile von OTL:
Code:
ATTFilter
OTL Extras logfile created on: 31.07.2010 19:28:40 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Basti\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 45,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,99 Gb Total Space | 500,61 Gb Free Space | 54,59% Space Free | Partition Type: NTFS
Drive D: | 14,52 Gb Total Space | 1,99 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BASTI-PC
Current User Name: Basti
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2AE92A-069C-4993-9C95-C6CF80F7044D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{31B74AC2-7356-4F4C-8F36-5F781E5CAA80}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C50492E-50EA-4539-97A5-88D235E11DA8}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{0F45ABD0-2DD2-4CBC-B0D3-16B7809F5EB4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{20B94F37-AA02-4C2A-BED0-45E74D969802}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{2791F98C-913E-4F53-92A8-63F21593D85D}" = protocol=17 | dir=in | app=c:\program files (x86)\neuer ordner\adobe bridge cs3\bridge.exe | 
"{2CDD4297-B909-429D-808E-9E087E298ACA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{2D467BB9-2005-4A6E-96BE-682B1EC41FED}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{2F9EA09F-AB75-4D84-97AE-AD2F4D13418E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{359C3516-C501-481E-B5F3-03E9687B087C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{39A7270F-85FF-48DE-9AB9-5282B101E2FF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{3C1794FD-AB55-47FB-9D04-D0D4B9D56EFD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{40A07069-FD86-49D4-984A-24CB8A63ABC8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{44E0D050-55B0-4B55-8DD2-56CF2E4D1896}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4D7B987E-E9EA-4CE0-A900-88F5678704B1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{532FC741-6921-4828-BA1D-10E1B138BF7F}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{61BC402B-CE5D-4C25-9A7C-0CFBEA109E22}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{653756D2-4E5C-45E1-AB16-24257FD0DE71}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\sword of the new world\ge.exe | 
"{6B8D4687-7404-449D-8F6C-F74CAC98276F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6D5EADBE-5B3B-4F02-8C87-141647A486A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{76BAA1E2-E4A2-40A9-8B7C-0BFC914A5277}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | 
"{7A42197C-BA57-44BC-85D2-BA441D4C860F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{889FA592-FC90-4E4E-8C4C-490BCE82A123}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{8B5D4B91-BF56-421C-A83B-4FCA6213F482}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{96F7AE4E-9EEE-463F-928B-D256727AF934}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{99CE458D-7335-404E-8596-7DA9DFC1C448}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\sword of the new world\ge.exe | 
"{9C01EB90-7475-48F6-AD83-5F551732DE55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A5A2B8E6-8ED8-42FE-952B-087AF63018E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{B35564DC-FF9C-4941-AD00-E8A8984D2CAB}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | 
"{B6673633-C3EF-4A3B-A997-B51223992ECC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B71FFE92-37CA-4C88-8721-DD76E2E8914F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{C24D4E30-1A52-486A-B55D-153EB0867CDB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C7B263B8-DFC7-4C1F-8CCB-CB48330C42F7}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe | 
"{D0A614A1-5620-410A-8BC4-738F08B8F15D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D65124CB-2482-46B9-88C3-17A17B5D436A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{DAE15229-29F9-48E6-B2ED-97039931BD75}" = protocol=6 | dir=in | app=c:\program files (x86)\neuer ordner\adobe bridge cs3\bridge.exe | 
"{E204CD6F-212A-4024-9359-3B898EA34D87}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{FDD96438-7516-4EBC-B548-444325DCFB8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{1A194CC2-1ECE-44B8-A09F-99C79339700F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{2D37E5E5-557C-4BDA-9288-2F8A7B389A97}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{38D54E7D-2589-463F-B07F-0A03C8949BC8}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{48EC75DE-5FBD-47BC-B139-8E09D3CCB083}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{7B718EC5-6EFC-46F5-B4C6-71F36708765A}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe | 
"TCP Query User{938CA73B-9765-44E6-9A38-25B01E6BE590}C:\users\basti\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\basti\program files (x86)\dna\btdna.exe | 
"TCP Query User{AD21A6AD-ACF4-44BD-91AB-9C20B2883C93}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{B8789022-C78D-4F20-AD2C-9D2560C9662C}C:\users\basti\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\basti\program files (x86)\dna\btdna.exe | 
"TCP Query User{CA0B6573-4B4D-42D9-ABFB-3A8DC85A870E}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"UDP Query User{03523CC1-9E4A-4476-B21A-34DBE4EE8987}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{248963BB-BD6B-4593-AB67-F7FCA5EFC6B8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{97367F90-92C1-431F-AB27-3E8BA19DF30F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"UDP Query User{A8EDBA4F-79A2-44DF-A48C-E0AE0F4C5495}C:\users\basti\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\basti\program files (x86)\dna\btdna.exe | 
"UDP Query User{AB3368D6-344C-4B08-AF2B-73BE4AD42A1E}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{AB54C6A2-6950-4AFA-BE79-67FD32CC031D}C:\users\basti\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\basti\program files (x86)\dna\btdna.exe | 
"UDP Query User{EEABF4A1-FB25-48E7-A647-F40019FCEC5C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{F236B01C-7A5B-4E73-81F0-539E8BDFA8D4}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{FB64CA39-EC27-470D-BBEA-7BB43CDE149D}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13C0B2E2-1E27-47DF-A972-02EDA3954167}" = MobileMe Control Panel
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"doPDF 7 printer_is1" = doPDF 7.1 printer
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEC97C4-ACCF-4759-A524-8E15C478E43B}" = Media Go
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software  1.14.25.1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Alice" = Alice-Installationsdateien entfernen
"AllToAVI" = AllToAVI v4 r5394
"AOL Toolbar" = AOL Toolbar 5.0
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = FRITZ!Box
"Bejeweled Twist" = Bejeweled Twist
"CCleaner" = CCleaner
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst Sword of the New World" = Sword of the New World
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"Mahjong Escape – Ancient China" = Mahjong Escape – Ancient China
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"My~PortCoimbra" = My~PortCoimbra 1.1[3.4b]
"Mystery P.I. – The Vegas Heist" = Mystery P.I. – The Vegas Heist
"osu!" = osu!
"Peggle Deluxe" = Peggle Deluxe
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"PokerStars" = PokerStars
"Rainlendar2" = Rainlendar2 (remove only)
"Ringtone Expressions" = Ringtone Expressions 1.5.0
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Spannende Abenteuer Die verschollene Grabkammer" = Spannende Abenteuer Die verschollene Grabkammer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 0.9.9
"Wacom Tablet Driver" = Wacom Tablett
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
[ System Events ]
Error - 30.07.2010 12:49:18 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 30.07.2010 12:53:30 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 31.07.2010 02:43:10 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.07.2010 02:45:16 | Computer Name = Basti-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 31.07.2010 02:45:16 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 31.07.2010 02:45:16 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.07.2010 02:45:46 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 31.07.2010 02:45:47 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.07.2010 02:46:19 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 31.07.2010 02:46:19 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Wenn etwas fehlt, bitt Bescheid geben. =)

LG

Alt 31.07.2010, 20:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJackThis-Logfile - PC-Überprüfung - Standard

HiJackThis-Logfile - PC-Überprüfung



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O33 - MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\Shell - "" = AutoRun
O33 - MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found
O33 - MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\Shell - "" = AutoRun
O33 - MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found
O33 - MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\Shell - "" = AutoRun
O33 - MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
[2010.07.22 23:38:26 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\vfcktbbfq
[2010.07.22 23:37:41 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________

__________________

Alt 31.07.2010, 22:39   #3
Yare_Yare
 
HiJackThis-Logfile - PC-Überprüfung - Standard

HiJackThis-Logfile - PC-Überprüfung



Danke für die Antwort!

Hier das gewünschte Logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22aba375-246a-11de-95ce-00248c07bd6c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22aba375-246a-11de-95ce-00248c07bd6c}\ not found.
File J:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{325d0e43-2982-11de-94ef-00248c07bd6c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{325d0e43-2982-11de-94ef-00248c07bd6c}\ not found.
File J:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\ not found.
File J:\LaunchU3.exe not found.
C:\Users\Basti\AppData\Local\vfcktbbfq folder moved successfully.
C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9 folder moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Basti
->Temp folder emptied: 149433459 bytes
->Temporary Internet Files folder emptied: 97392056 bytes
->Java cache emptied: 64097277 bytes
->FireFox cache emptied: 98839889 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 76094 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19413121 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3016268121 bytes
 
Total Files Cleaned = 3.286,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 07312010_222344

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZV1D0E8\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXDGW2ZH\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3N71IEE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TZ6H1KG\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Hat auf jeden Fall geholfen!
LG
__________________

Alt 01.08.2010, 20:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJackThis-Logfile - PC-Überprüfung - Standard

HiJackThis-Logfile - PC-Überprüfung



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.08.2010, 22:06   #5
Yare_Yare
 
HiJackThis-Logfile - PC-Überprüfung - Standard

HiJackThis-Logfile - PC-Überprüfung



So, hier die Logs.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4381

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

02.08.2010 18:17:57
mbam-log-2010-08-02 (18-17-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 414932
Laufzeit: 1 Stunde(n), 39 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
SUPERAntiSpyware:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/02/2010 at 09:30 PM

Application Version : 4.41.1000

Core Rules Database Version : 5302
Trace Rules Database Version: 3114

Scan type       : Complete Scan
Total Scan Time : 02:59:57

Memory items scanned      : 601
Memory threats detected   : 0
Registry items scanned    : 12936
Registry threats detected : 0
File items scanned        : 306674
File threats detected     : 31

Adware.Tracking Cookie
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@apmebf[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@bs.serving-sys[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@serving-sys[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@doubleclick[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@questionmarket[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@advertising[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ad.71i[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adfarm1.adition[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.windowsmedia[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@weborama[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@cgm.adbureau[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@atwola[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tradedoubler[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@content.yieldmanager[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@content.yieldmanager[3].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.mediasoftwareapps[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ads.nexon[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@mediaplex[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@at.atwola[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ar.atwola[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adtech[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ad.yieldmanager[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@atdmt[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@fastclick[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@2o7[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@xfire.adbureau[2].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@msnportal.112.2o7[1].txt
	C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tacoda[2].txt
	core.insightexpressai.com [ C:\Users\Basti\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PNYVXNZP ]

Trojan.Agent/CDesc[Generic]
	C:\PROGRAM FILES (X86)\SONY\PLAYSTATION STORE\NPAAC_WIN.DLL
	C:\PROGRAM FILES (X86)\SONY\PLAYSTATION STORE\NPCOMMERCE2LIB.DLL
         
Wenn ich mich nicht irre wurden diese alle Sachen auch gelöscht. Jedenfalls musste ich den PC neustarten. =)


Alt 05.08.2010, 12:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJackThis-Logfile - PC-Überprüfung - Standard

HiJackThis-Logfile - PC-Überprüfung



Sieht ok aus.
Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________
--> HiJackThis-Logfile - PC-Überprüfung

Alt 06.08.2010, 08:36   #7
Yare_Yare
 
HiJackThis-Logfile - PC-Überprüfung - Standard

HiJackThis-Logfile - PC-Überprüfung



Zitat:
Zitat von cosinus Beitrag anzeigen
Sieht ok aus.
Noch Probleme oder weitere Funde in der Zwischenzeit?
Nein, momentan scheint alles ziemlich in Ordnung zu sein. Danke. =)

LG

Alt 06.08.2010, 11:04   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJackThis-Logfile - PC-Überprüfung - Standard

HiJackThis-Logfile - PC-Überprüfung



Gut, dann bitte die Updates prüfen, hier mein Leitfaden dazu:


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu HiJackThis-Logfile - PC-Überprüfung
adware.bho, antivir guard, ask toolbar, ask.com, audacity, avg, avgntflt.sys, avira, bonjour, components, defender, desktop, error, firefox, flash player, format, google, hijack, hijackthis, home premium, iastor.sys, install.exe, intranet, launch, local\temp, location, media center, monitor, mozilla, oldtimer, otl logfile, otl.exe, pando media booster, programdata, realtek, registry, rogue.antimalwaredoctor, rundll, saver, searchplugins, security, service pack 1, shell32.dll, skype.exe, software, start menu, svchost.exe, system, syswow64, teamspeak, torrent.exe, trojan.agent.ge, udp, usbaapl64, vista, vlc media player



Ähnliche Themen: HiJackThis-Logfile - PC-Überprüfung


  1. Hijackthis File überprüfung
    Log-Analyse und Auswertung - 17.05.2011 (7)
  2. Genaue HiJackThis Überprüfung!
    Log-Analyse und Auswertung - 09.08.2010 (2)
  3. Überprüfung HiJackThis Log
    Log-Analyse und Auswertung - 11.12.2009 (1)
  4. Hijackthis Logfile Überprüfung
    Log-Analyse und Auswertung - 09.10.2009 (4)
  5. Bitte um Hilfe bei HijackThis-Logfile-Überprüfung
    Mülltonne - 03.02.2009 (0)
  6. hijackthis logfile, bitte um überprüfung
    Mülltonne - 25.11.2008 (0)
  7. Unsicherheit von Mir bittet um Überprüfung von HiJackThis-Logfile.
    Log-Analyse und Auswertung - 21.02.2008 (10)
  8. Bitte um Überprüfung hijackthis.log
    Mülltonne - 08.12.2007 (0)
  9. HiJackThis-Log | Bitte um Überprüfung
    Log-Analyse und Auswertung - 16.05.2007 (4)
  10. HijackThis erbitte Überprüfung!!!
    Log-Analyse und Auswertung - 18.02.2007 (1)
  11. HiJackThis Zur Überprüfung -Danke
    Mülltonne - 11.01.2007 (4)
  12. Überprüfung von HiJackThis
    Mülltonne - 01.09.2006 (4)
  13. Überprüfung: HiJackThis Log-File
    Plagegeister aller Art und deren Bekämpfung - 22.06.2006 (2)
  14. HijackThis Log-File zur Überprüfung
    Log-Analyse und Auswertung - 11.05.2006 (3)
  15. Bitte um Überprüfung meines HiJackThis Log`s
    Log-Analyse und Auswertung - 18.12.2005 (1)
  16. Überprüfung HiJackThis Log
    Log-Analyse und Auswertung - 25.03.2005 (6)
  17. Bitte um Überprüfung des Logfile vom HijackThis
    Log-Analyse und Auswertung - 09.12.2004 (11)

Zum Thema HiJackThis-Logfile - PC-Überprüfung - Hallo, ich hatte ca. letzte Woche einen unschönen Malware-Angriff auf meinem PC. Ich habe nicht wirklich das Gefühl, dass alles sauber ist, deswegen wollte ich hier mal nachfragen, um zu - HiJackThis-Logfile - PC-Überprüfung...
Archiv
Du betrachtest: HiJackThis-Logfile - PC-Überprüfung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.