Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: C:\Windows\system32\Winbooterr\Svchost.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.11.2010, 22:46   #1
Bladeweaver
 
C:\Windows\system32\Winbooterr\Svchost.exe - Standard

C:\Windows\system32\Winbooterr\Svchost.exe



Servus,

ich hab mir anscheinend irgend so einen Internetrotz eingefangen.

Hab auch schon diverse Foren durchgelesen, bin mir aber nicht sicher, inwieweit das mein Problem betrifft.

Dabei scheint es sich auf jedenfall um Malware bzw. einen Trojaner zu handeln. Seit heute poppen immer wieder ungewollt unzählige Tabs in FireFox auf. Vor ner Stunde etwa waren es an die 80 Tabs...

Wie auch immer.

HijackThis:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:52, on 18.11.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\Winbooterr\Svchost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\Winbooterr\Svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\Winbooterr\Svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\Winbooterr\Svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14078 bytes
         
Code:
ATTFilter
OTL:
OTL logfile created on: 18.11.2010 22:47:45 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\O****w\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235,44 Gb Total Space | 60,61 Gb Free Space | 25,74% Space Free | Partition Type: NTFS
Drive D: | 230,32 Gb Total Space | 89,56 Gb Free Space | 38,89% Space Free | Partition Type: NTFS
Drive E: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: OUTLAW-DESKTOP | User Name: O***w | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\O***w\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\O***w\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2010.04.23 22:09:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.07.24 12:44:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.16 15:12:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.04 23:58:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.18 22:44:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.11.05 16:44:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.11.18 22:44:50 | 000,000,000 | ---D | M]
 
[2010.09.08 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\O***w\AppData\Roaming\mozilla\Extensions
[2010.09.08 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O****w\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.11.04 14:19:09 | 000,000,000 | ---D | M] -- C:\Users\O****w\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.10.05 12:49:06 | 000,000,000 | ---D | M] -- C:\Users\O***w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default\extensions
[2010.03.02 23:44:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\O****w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.03.02 23:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O****w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.05 12:49:07 | 000,000,000 | ---D | M] -- C:\Users\O****w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default\extensions\toolbar@ask.com
[2010.03.02 23:44:16 | 000,000,000 | ---D | M] -- C:\Users\O***w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default - Kopie\extensions
[2010.03.02 23:44:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\O***w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default - Kopie\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.03.02 23:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O****w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default - Kopie\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.01.07 14:26:35 | 000,000,950 | ---- | M] () -- C:\Users\O***w\AppData\Roaming\Mozilla\FireFox\Profiles\be6r9k60.default - Kopie\searchplugins\icqplugin-1.xml
[2008.07.26 19:59:23 | 000,000,950 | ---- | M] () -- C:\Users\O***w\AppData\Roaming\Mozilla\FireFox\Profiles\be6r9k60.default - Kopie\searchplugins\icqplugin-2.xml
[2008.02.19 17:16:46 | 000,000,951 | ---- | M] () -- C:\Users\O***w\AppData\Roaming\Mozilla\FireFox\Profiles\be6r9k60.default - Kopie\searchplugins\icqplugin.xml
[2010.11.17 01:36:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.13 05:36:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.17 14:54:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 22:11:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.29 05:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe File not found
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [HKLM] C:\Windows\SysWOW64\Winbooterr\Svchost.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [HKCU] C:\Windows\SysWOW64\Winbooterr\Svchost.exe (Microsoft Corporation)
O4 - Startup: C:\Users\O***w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\Winbooterr\Svchost.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\Winbooterr\Svchost.exe (Microsoft Corporation)
O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.12 12:42:53 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ UDF ]
O32 - AutoRun File - [2008.04.11 18:52:28 | 002,404,352 | R--- | M] () - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.11.06 17:33:09 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\Shell - "" = AutoRun
O33 - MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found
O33 - MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2006.01.10 14:49:24 | 000,492,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.18 22:46:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\O***w\Desktop\OTL.exe
[2010.11.18 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.11.18 22:35:32 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\O***w\Desktop\HJTInstall.exe
[2010.11.14 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Die Gilde 2 - Gold Edition
[2010.11.13 01:29:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\explorer
[2010.11.10 22:11:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.11.10 22:11:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.11.10 22:11:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.11.10 11:22:00 | 000,000,000 | ---D | C] -- C:\Windows\de
[2010.11.10 11:16:32 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010.11.10 11:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010.11.10 11:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010.11.10 11:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010.11.10 11:14:59 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010.11.10 11:14:59 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010.11.10 11:14:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.11.10 11:14:59 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.11.10 11:14:54 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.11.10 11:14:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.11.10 11:13:42 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010.11.10 11:13:42 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010.11.10 11:13:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010.11.10 11:13:41 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010.11.10 11:13:41 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010.11.10 11:13:41 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010.11.10 11:13:40 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010.11.02 00:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0
[2010.11.02 00:58:01 | 000,000,000 | ---D | C] -- C:\Users\O***w\AppData\Roaming\StreamTorrent
[2010.11.01 19:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010.11.01 19:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.10.27 04:25:54 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 04:25:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 04:25:54 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 04:25:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 04:25:54 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 04:25:54 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 04:25:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 04:25:49 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.10.24 11:43:38 | 000,000,000 | ---D | C] -- C:\Users\O***w\AppData\Roaming\DVDVideoSoft
[2010.10.23 18:34:44 | 000,000,000 | ---D | C] -- C:\Users\O***w\AppData\Roaming\Outlook
[2010.10.23 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\O***w\Documents\My Photos
[2010.10.23 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\O***w\Documents\My Documents
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.18 22:50:38 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.18 22:50:38 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.18 22:47:41 | 001,805,958 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.18 22:47:41 | 000,765,838 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.18 22:47:41 | 000,720,550 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.18 22:47:41 | 000,173,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.18 22:47:41 | 000,146,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.18 22:46:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\O***w\Desktop\OTL.exe
[2010.11.18 22:44:51 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.18 22:43:16 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.18 22:42:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.18 22:42:48 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.18 22:39:54 | 000,472,410 | -H-- | M] () -- C:\Users\O***w\AppData\Roaming\O****wlog.dat
[2010.11.18 22:35:52 | 000,002,093 | ---- | M] () -- C:\Users\O***w\Desktop\HijackThis.lnk
[2010.11.18 22:35:33 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\O***w\Desktop\HJTInstall.exe
[2010.11.18 22:02:10 | 000,158,720 | ---- | M] () -- C:\Users\O***w\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.18 22:01:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.18 14:05:33 | 000,000,000 | ---- | M] () -- C:\Users\O***w\NortonAV.exe
[2010.11.16 22:43:05 | 000,056,548 | ---- | M] () -- C:\Users\O***w\Desktop\he-man-400ds0702.jpg
[2010.11.14 16:43:56 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk
[2010.11.13 16:06:52 | 000,001,570 | ---- | M] () -- C:\Users\O***w\Desktop\Thunderbird.lnk
[2010.11.11 14:04:29 | 003,150,965 | ---- | M] () -- C:\Users\O***w\Desktop\scoresheets0001.pdf
[2010.11.10 11:19:25 | 000,000,020 | ---- | M] () -- C:\Windows\0ö^
[2010.11.06 19:42:32 | 002,738,950 | ---- | M] () -- C:\Users\O***w\Desktop\dream.psd
[2010.11.03 21:31:29 | 000,015,748 | ---- | M] () -- C:\Users\O***w\Documents\konto.xlsx
[2010.11.02 13:05:06 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.10.29 10:55:40 | 000,026,624 | ---- | M] () -- C:\Users\O***w\Desktop\widerspruch_gez.doc
[2010.10.29 10:45:30 | 000,000,000 | ---- | M] () -- C:\Users\O***w\Desktop\widerspruch_gez.docx
[2010.10.24 11:47:01 | 004,712,776 | ---- | M] () -- C:\Users\O***w\Desktop\raikos_strip_vorbereitung.avi
[2010.10.24 11:46:55 | 037,861,250 | ---- | M] () -- C:\Users\O***w\Desktop\raikos_strip_01.avi
[2010.10.24 11:43:43 | 000,001,239 | ---- | M] () -- C:\Users\O***w\Desktop\DVDVideoSoft Free Studio.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.18 22:35:39 | 000,002,093 | ---- | C] () -- C:\Users\O***w\Desktop\HijackThis.lnk
[2010.11.16 22:43:03 | 000,056,548 | ---- | C] () -- C:\Users\O***w\Desktop\he-man-400ds0702.jpg
[2010.11.14 16:43:56 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk
[2010.11.13 16:06:52 | 000,001,570 | ---- | C] () -- C:\Users\O***w\Desktop\Thunderbird.lnk
[2010.11.13 01:30:03 | 000,000,000 | ---- | C] () -- C:\Users\O***w\NortonAV.exe
[2010.11.11 14:04:29 | 003,150,965 | ---- | C] () -- C:\Users\O***w\Desktop\scoresheets0001.pdf
[2010.11.10 11:19:25 | 000,000,020 | ---- | C] () -- C:\Windows\0ö^
[2010.11.06 19:42:30 | 002,738,950 | ---- | C] () -- C:\Users\O***w\Desktop\dream.psd
[2010.10.29 10:55:36 | 000,026,624 | ---- | C] () -- C:\Users\O***w\Desktop\widerspruch_gez.doc
[2010.10.29 10:45:30 | 000,000,000 | ---- | C] () -- C:\Users\O***w\Desktop\widerspruch_gez.docx
[2010.10.24 18:31:55 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.24 11:46:55 | 004,712,776 | ---- | C] () -- C:\Users\O***w\Desktop\raikos_strip_vorbereitung.avi
[2010.10.24 11:46:04 | 037,861,250 | ---- | C] () -- C:\Users\O***w\Desktop\raikos_strip_01.avi
[2010.09.13 19:28:27 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2010.09.08 18:20:52 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.07.30 14:15:17 | 000,000,089 | ---- | C] () -- C:\Windows\SysWow64\MSBII.dll
[2010.07.30 14:12:28 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2010.07.30 14:12:28 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2010.07.30 14:12:28 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\WKAuxil.dll
[2010.07.30 14:12:26 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2010.07.30 14:12:25 | 003,782,416 | ---- | C] () -- C:\Windows\SysWow64\mso97.dll
[2010.06.22 18:11:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.03.03 12:40:11 | 001,782,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.03.03 01:03:45 | 000,008,814 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.03.03 00:50:33 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.29 21:11:35 | 000,004,041 | ---- | C] () -- C:\Users\O***w\AppData\Roaming\SQLite3.dll
[2010.01.15 00:14:24 | 004,612,300 | -H-- | C] () -- C:\Users\O***w\AppData\Local\IconCache (1).db
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.07.25 00:19:19 | 000,158,720 | ---- | C] () -- C:\Users\O***w\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.24 19:57:07 | 000,101,224 | ---- | C] () -- C:\Users\O***w\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2008.07.24 19:57:07 | 000,000,680 | ---- | C] () -- C:\Users\O***w\AppData\Local\d3d9caps.dat
[2006.11.02 09:27:46 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP207.ini
[2005.04.08 03:16:43 | 001,432,904 | -H-- | C] () -- C:\Users\O***w\AppData\Roaming\logs.dat
[2005.04.08 03:16:43 | 000,472,410 | -H-- | C] () -- C:\Users\O***w\AppData\Roaming\O***wlog.dat
[2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\O***w\AppData\Roaming\MafiaSetup.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:7AC689116CCF149D

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 18.11.2010 22:47:45 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\O***w\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235,44 Gb Total Space | 60,61 Gb Free Space | 25,74% Space Free | Partition Type: NTFS
Drive D: | 230,32 Gb Total Space | 89,56 Gb Free Space | 38,89% Space Free | Partition Type: NTFS
Drive E: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: OUTLAW-DESKTOP | User Name: O***w | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SP6" = Logitech SetPoint 6.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57ABE5FC-9E26-49E0-00A3-CF45D750B1AB}" = MVP Baseball 2005
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{66EBD70F-A42C-475F-AEDF-277378151031}" = Nero 7 Essentials
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v2.2
"{75C14F0A-EAA4-43CD-AA81-32FDB1686329}" = TubeBox!
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BBD3BDF5-056A-4FB5-91B6-E317DB669FB0}" = HTC Sync
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Alarm_is1" = Alarm 2.0.4
"A-PDF Image to PDF_is1" = A-PDF Image to PDF 4.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Civilization III" = Civilization III
"Civilization III Conquests " = Civilization III Conquests 
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.6
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"KPS Click & design_is1" = KPS Click & design 3.1
"meinHausplaner" = meinHausplaner
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PowerISO" = PowerISO
"StreamTorrent 1.0" = StreamTorrent 1.0
"Sweet Home 3D_is1" = Sweet Home 3D version 2.4
"Uninstall_is1" = Uninstall 1.0.0.1
"WaSaKu" = WaSaKu
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.10.2010 13:20:29 | Computer Name = Outlaw-Desktop | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
 Geräts. (Die Daten enthalten den Fehlercode.).
 
Error - 24.10.2010 19:14:51 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 29.10.2010 18:33:27 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 02.11.2010 09:00:27 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 03.11.2010 14:12:41 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 06.11.2010 20:00:53 | Computer Name = Outlaw-Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8117.416,
 Zeitstempel: 0x4bc935af  Name des fehlerhaften Moduls: LiveTransport.dll, Version:
 14.0.8117.416, Zeitstempel: 0x4bc9353e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004bfe7
ID
 des fehlerhaften Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung: 0x01cb7df6b8e7b83b
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Windows Live\Messenger\LiveTransport.dll
Berichtskennung:
 15ca23e4-ea02-11df-b148-8bb272e01aa8
 
Error - 08.11.2010 06:24:23 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 10.11.2010 19:51:05 | Computer Name = Outlaw-Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3727,
 Zeitstempel: 0x4b9fb052  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x6f0  Startzeit der fehlerhaften Anwendung: 0x01cb811bed137bcc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 6180c1f0-ed25-11df-b909-d36099f9e2fc
 
Error - 10.11.2010 20:30:12 | Computer Name = Outlaw-Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: skypePM.exe, Version: 2.0.0.67, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x1b0  Startzeit der fehlerhaften Anwendung: 0x01cb812fe7ef249f  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: d7d75587-ed2a-11df-b909-d36099f9e2fc
 
Error - 18.11.2010 17:43:46 | Computer Name = Outlaw-Desktop | Source = MsiInstaller | ID = 11721
Description = 
 
[ Media Center Events ]
Error - 04.09.2010 12:32:58 | Computer Name = Outlaw-Desktop | Source = MCUpdate | ID = 0
Description = 18:32:58 - Fehler beim Herstellen der Internetverbindung.  18:32:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.09.2010 13:06:14 | Computer Name = Outlaw-Desktop | Source = MCUpdate | ID = 0
Description = 19:06:14 - Fehler beim Herstellen der Internetverbindung.  19:06:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 18.05.2010 06:14:06 | Computer Name = Outlaw-Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 576
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 08.06.2010 08:49:56 | Computer Name = Outlaw-Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 626
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 16.11.2010 02:09:53 | Computer Name = Outlaw-Desktop | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
 
Error - 16.11.2010 02:09:53 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom3 ist für den Zugriff noch nicht bereit.
 
Error - 16.11.2010 17:11:20 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
 
Error - 16.11.2010 17:11:51 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
 
Error - 16.11.2010 17:11:51 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
 
Error - 16.11.2010 17:11:52 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
 
Error - 16.11.2010 17:11:53 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
 
Error - 16.11.2010 17:11:54 | Computer Name = Outlaw-Desktop | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
 
Error - 16.11.2010 17:11:54 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
 
Error - 18.11.2010 17:43:31 | Computer Name = Outlaw-Desktop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 ICQ Service erreicht.
 
 
< End of report >
         
Malwarebytes' Anti-Malware Log (ist der erste Scan gewesen):

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5148

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.11.2010 23:35:06
mbam-log-2010-11-18 (23-35-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172710
Laufzeit: 7 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66f82msb-q0u7-174g-7ecm-bs836d2t786d} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{861npm6s-2683-03i5-u18t-tl47kg2f3x28} (Generic.Bot.H) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Backdoor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Backdoor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Windows\System32\Winbooterr (Trojan.Backdoor) -> No action taken.

Infizierte Dateien:
C:\Windows\System32\Winbooterr\Svchost.exe (Generic.Bot.H) -> No action taken.
C:\Windows\System32\explorer\explorer.exe (Generic.Bot.H) -> No action taken.
C:\Users\O***w\AppData\Local\Temp\cas4AB4.tmp (PUP.Casino.Gen) -> No action taken.
C:\Users\O***w\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
C:\Users\O***w\AppData\Local\Temp\MSN.abc (Malware.Trace) -> No action taken.
C:\Users\O****w\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\O***w\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.
C:\Users\O***w\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> No action taken.
         
Er hat auch ordentlich was gefunden beim Scan. 14 Einträge uiuiui...

Wäre schön, wenn ich das Problem mit Euerer Hilfe lösen kann.

Merce

Alt 19.11.2010, 11:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\system32\Winbooterr\Svchost.exe - Standard

C:\Windows\system32\Winbooterr\Svchost.exe



Hallo und

Zitat:
-> No action taken.
Alle Funde müssen entfernt werden!

Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 19.11.2010, 15:14   #3
Bladeweaver
 
C:\Windows\system32\Winbooterr\Svchost.exe - Standard

C:\Windows\system32\Winbooterr\Svchost.exe



reicht es aus, wenn ich die 14 teile einfach mit antimalware entferne? nicht, dass da nochwas drauf bleibt. in anderen threads hab ich gelesen, dass mit OTL ein fix durchgeführt worden ist.

anbei das logfile. und es gibt keine vorherigen scans. der oben war der erste. der nachfolgende der zweite scan mit antimalware.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5151

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.11.2010 16:13:48
mbam-log-2010-11-19 (16-13-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 485227
Laufzeit: 1 Stunde(n), 14 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
es scheint, dass alles weg ist, aber ich bin irgendwie noch nich überzeugt. der pc bootet auf jedenfall langsamer als in den letzten tagen.
__________________

Alt 19.11.2010, 17:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\system32\Winbooterr\Svchost.exe - Standard

C:\Windows\system32\Winbooterr\Svchost.exe



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [HKCU] C:\Windows\SysWOW64\Winbooterr\Svchost.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\Winbooterr\Svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.12 12:42:53 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ UDF ]
O32 - AutoRun File - [2008.04.11 18:52:28 | 002,404,352 | R--- | M] () - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.11.06 17:33:09 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\Shell - "" = AutoRun
O33 - MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found
O33 - MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2006.01.10 14:49:24 | 000,492,032 | R--- | M] ()
@Alternate Data Stream - 24 bytes -> C:\Windows:7AC689116CCF149D
:Files
C:\Windows\SysWOW64\Winbooterr
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2010, 19:20   #5
Bladeweaver
 
C:\Windows\system32\Winbooterr\Svchost.exe - Standard

C:\Windows\system32\Winbooterr\Svchost.exe



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU not found.
File C:\Windows\SysWOW64\Winbooterr\Svchost.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies not found.
File C:\Windows\system32\Winbooterr\Svchost.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\ not found.
File L:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8c776aa-2648-11df-b357-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8c776aa-2648-11df-b357-806e6f6e6963}\ not found.
File move failed. E:\Start.exe scheduled to be moved on reboot.
ADS C:\Windows:7AC689116CCF149D deleted successfully.
========== FILES ==========
File\Folder C:\Windows\SysWOW64\Winbooterr not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Outlaw
->Temp folder emptied: 9693040555 bytes
->Temporary Internet Files folder emptied: 109224730 bytes
->Java cache emptied: 195034704 bytes
->FireFox cache emptied: 110691858 bytes
->Flash cache emptied: 441372 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 2580 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102950671 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 9.739,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11192010_200752

Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. E:\Start.exe scheduled to be moved on reboot.
C:\Users\Outlaw\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
der neustart ging nun um einiges schneller.

besten dank für die hilfe bisher. wars das dann?


Alt 19.11.2010, 19:31   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\system32\Winbooterr\Svchost.exe - Standard

C:\Windows\system32\Winbooterr\Svchost.exe



Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
--> C:\Windows\system32\Winbooterr\Svchost.exe

Alt 19.11.2010, 21:34   #7
Bladeweaver
 
C:\Windows\system32\Winbooterr\Svchost.exe - Standard

C:\Windows\system32\Winbooterr\Svchost.exe



Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		 (build 7600), 64-bit
Base Board Manufacturer:	Foxconn
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		Foxconn
System Product Name:		P35
Logical Drives Mask:		0x000003fc

Kernel Drivers (total 196):
  0x02C4A000 \SystemRoot\system32\ntoskrnl.exe
  0x02C01000 \SystemRoot\system32\hal.dll
  0x00BB3000 \SystemRoot\system32\kdcom.dll
  0x00CFA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D3E000 \SystemRoot\system32\PSHED.dll
  0x00D52000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00E74000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F18000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x010A2000 \SystemRoot\System32\Drivers\spxs.sys
  0x011D6000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00F27000 \SystemRoot\system32\DRIVERS\pci.sys
  0x011DF000 \SystemRoot\System32\drivers\partmgr.sys
  0x00F5A000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00F6F000 \SystemRoot\System32\drivers\volmgrx.sys
  0x011F4000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00FCB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00FDB000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00FF5000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x00E2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x00DB0000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00E35000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01257000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0145E000 \SystemRoot\System32\Drivers\msrpc.sys
  0x014BC000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x014D6000 \SystemRoot\System32\Drivers\cng.sys
  0x01549000 \SystemRoot\System32\drivers\pcw.sys
  0x0155A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01648000 \SystemRoot\system32\drivers\ndis.sys
  0x0173A000 \SystemRoot\system32\drivers\NETIO.SYS
  0x0179A000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01801000 \SystemRoot\System32\drivers\tcpip.sys
  0x01564000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x015AE000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x017C5000 \SystemRoot\System32\Drivers\spldr.sys
  0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
  0x017CD000 \SystemRoot\System32\Drivers\mup.sys
  0x017DF000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x017E8000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x00E49000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x0144F000 \SystemRoot\System32\Drivers\Null.SYS
  0x01243000 \SystemRoot\System32\Drivers\Beep.SYS
  0x00CC0000 \SystemRoot\System32\drivers\vga.sys
  0x00CCE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x03ADC000 \SystemRoot\System32\drivers\watchdog.sys
  0x03AEC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x03AF5000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x03AFE000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x03B07000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x03B12000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03B23000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03B41000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03B4E000 \SystemRoot\system32\drivers\afd.sys
  0x03A00000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03A45000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03A4E000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03A74000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03A83000 \SystemRoot\system32\DRIVERS\serial.sys
  0x03AA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03ABB000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x03BD8000 \SystemRoot\System32\Drivers\SCDEmu.SYS
  0x04003000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04054000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x04060000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x0406B000 \SystemRoot\System32\drivers\discache.sys
  0x0407A000 \SystemRoot\System32\Drivers\dfsc.sys
  0x04098000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x040A9000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x040CB000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x040F1000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x0FEE6000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x10B78000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x04107000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x10B7A000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x10BC0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x0FE00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x0FE56000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x0FE67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x0FE8B000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x0FE97000 \SystemRoot\system32\DRIVERS\parport.sys
  0x0FEB4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x0FED2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x0422B000 \SystemRoot\System32\Drivers\a6rikkla.SYS
  0x0426E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x0427E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x04294000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x042B8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x042C4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x042F3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0430E000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x0432F000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x04349000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x04358000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x0435A000 \SystemRoot\system32\DRIVERS\ks.sys
  0x0439D000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x043AF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04838000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x04892000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x048A7000 \SystemRoot\system32\drivers\HdAudio.sys
  0x04903000 \SystemRoot\system32\drivers\portcls.sys
  0x04940000 \SystemRoot\system32\drivers\drmk.sys
  0x04962000 \SystemRoot\system32\drivers\ksthunk.sys
  0x00060000 \SystemRoot\System32\win32k.sys
  0x04968000 \SystemRoot\System32\drivers\Dxapi.sys
  0x04974000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x0498F000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x04991000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00530000 \SystemRoot\System32\TSDDD.dll
  0x0466C000 \SystemRoot\system32\DRIVERS\netr7364.sys
  0x00690000 \SystemRoot\System32\cdd.dll
  0x04701000 \SystemRoot\system32\DRIVERS\usbcir.sys
  0x04720000 \SystemRoot\system32\DRIVERS\PFC027.SYS
  0x047B1000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x047C2000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
  0x047D2000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x047E0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x04600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x04609000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x0461D000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x0462A000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x0463E000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x0464F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x0499F000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x0465D000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x049F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x04800000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x04809000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x043C1000 \SystemRoot\system32\drivers\luafv.sys
  0x04200000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x10BCD000 \SystemRoot\system32\drivers\WudfPf.sys
  0x0481C000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x058E7000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x0593A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x0594D000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x05800000 \SystemRoot\system32\drivers\HTTP.sys
  0x058C8000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x05965000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x0597D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x059AA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x05CB0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x05CD3000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x05D22000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x05D2F000 \SystemRoot\system32\drivers\peauth.sys
  0x05DD5000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x05C00000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x05C2D000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x05C3F000 \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
  0x07642000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x076A9000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0773F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x077E1000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x776A0000 \Windows\System32\ntdll.dll
  0x47A70000 \Windows\System32\smss.exe
  0xFF9C0000 \Windows\System32\apisetschema.dll
  0xFF0D0000 \Windows\System32\autochk.exe
  0xFF930000 \Windows\System32\difxapi.dll
  0x77870000 \Windows\System32\normaliz.dll
  0xFF8E0000 \Windows\System32\ws2_32.dll
  0xFF8D0000 \Windows\System32\lpk.dll
  0xFF7F0000 \Windows\System32\oleaut32.dll
  0xFF750000 \Windows\System32\msvcrt.dll
  0xFF730000 \Windows\System32\imagehlp.dll
  0xFF5B0000 \Windows\System32\urlmon.dll
  0xFF590000 \Windows\System32\sechost.dll
  0xFF520000 \Windows\System32\gdi32.dll
  0xFF340000 \Windows\System32\setupapi.dll
  0xFF260000 \Windows\System32\advapi32.dll
  0xFF190000 \Windows\System32\usp10.dll
  0xFF060000 \Windows\System32\rpcrt4.dll
  0xFEF50000 \Windows\System32\msctf.dll
  0xFEE20000 \Windows\System32\wininet.dll
  0xFED80000 \Windows\System32\comdlg32.dll
  0xFEB20000 \Windows\System32\iertutil.dll
  0xFDD90000 \Windows\System32\shell32.dll
  0xFDD40000 \Windows\System32\Wldap32.dll
  0x77860000 \Windows\System32\psapi.dll
  0x775A0000 \Windows\System32\user32.dll
  0xFDD10000 \Windows\System32\imm32.dll
  0xFDC70000 \Windows\System32\clbcatq.dll
  0x77480000 \Windows\System32\kernel32.dll
  0xFDBF0000 \Windows\System32\shlwapi.dll
  0xFD9E0000 \Windows\System32\ole32.dll
  0xFD9D0000 \Windows\System32\nsi.dll
  0xFD930000 \Windows\System32\comctl32.dll
  0xFD8F0000 \Windows\System32\wintrust.dll
  0xFD880000 \Windows\System32\KernelBase.dll
  0xFD840000 \Windows\System32\cfgmgr32.dll
  0xFD820000 \Windows\System32\devobj.dll
  0xFD6B0000 \Windows\System32\crypt32.dll

Processes (total 87):
       0 System Idle Process
       4 System
     328 C:\Windows\System32\smss.exe
     420 csrss.exe
     480 C:\Windows\System32\wininit.exe
     504 csrss.exe
     564 C:\Windows\System32\winlogon.exe
     604 C:\Windows\System32\services.exe
     624 C:\Windows\System32\lsass.exe
     632 C:\Windows\System32\lsm.exe
     740 C:\Windows\System32\svchost.exe
     840 C:\Windows\System32\nvvsvc.exe
     880 C:\Windows\System32\svchost.exe
     968 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
     364 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\nvvsvc.exe
    1140 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\spoolsv.exe
    1320 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1340 C:\Windows\System32\svchost.exe
    1464 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1532 C:\Windows\System32\svchost.exe
    1556 C:\Windows\SysWOW64\svchost.exe
    1628 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1636 C:\Windows\System32\conhost.exe
    2016 C:\Windows\System32\dwm.exe
    2040 C:\Windows\explorer.exe
    1376 C:\Windows\System32\taskhost.exe
    2132 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    2160 C:\Windows\System32\svchost.exe
    2200 C:\Windows\System32\svchost.exe
    2224 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2340 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2364 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2388 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2424 C:\Windows\System32\svchost.exe
    2460 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2668 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3064 C:\Windows\System32\svchost.exe
    2156 WUDFHost.exe
    3164 C:\Windows\System32\rundll32.exe
    3296 C:\Windows\System32\SearchIndexer.exe
    3560 C:\Windows\WindowsMobile\wmdc.exe
    3592 C:\Program Files\Logitech\SetPointP\SetPoint.exe
    3600 C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    3608 C:\Windows\System32\svchost.exe
    3684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    3748 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    3840 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    3900 C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    3944 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    4068 C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    4084 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
     652 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
     960 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3220 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    4320 C:\Windows\System32\svchost.exe
    4656 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4928 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4972 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    4992 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    1968 dllhost.exe
    2116 C:\Program Files (x86)\Nero\Update\NASvc.exe
    4640 C:\Windows\System32\svchost.exe
    5020 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
     388 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    2260 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    4216 C:\Windows\System32\taskeng.exe
    3908 C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    4596 C:\Windows\System32\SearchProtocolHost.exe
    3212 C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
    5044 C:\Program Files (x86)\Java\jre6\bin\java.exe
    2108 C:\Windows\System32\conhost.exe
    2500 C:\Program Files (x86)\Skype\Phone\Skype.exe
    4964 WmiPrvSE.exe
    2652 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    4948 C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    3572 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
     184 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    3532 C:\Windows\System32\audiodg.exe
    5996 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
     964 C:\Windows\System32\SearchFilterHost.exe
    4456 C:\Windows\System32\dllhost.exe
    2168 C:\Users\Outlaw\Desktop\MBRCheck.exe
    5140 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`dc500000  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-12

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
         
bitteschön

Alt 19.11.2010, 21:43   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\system32\Winbooterr\Svchost.exe - Standard

C:\Windows\system32\Winbooterr\Svchost.exe



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu C:\Windows\system32\Winbooterr\Svchost.exe
64-bit, alternate, antivir, antivir guard, avgntflt.sys, avira, bho, bifrose.trace, browser, c:\windows\system32\rundll32.exe, desktop, error, firefox, firefox.exe, flash player, generic.bot.h, google, home, home premium, ieframe.dll, location, logfile, malware, media center, microsoft office word, mozilla thunderbird, mp3, msiinstaller, nicht sicher, office 2007, oldtimer, otl.exe, poweriso, problem, programdata, realtek, richtlinie, saver, searchplugins, security, security update, senden, shell32.dll, software, sptd.sys, start menu, studio, svchost.exe, system, syswow64, teamspeak, trojan.backdoor, trojaner, tubebox, video converter, visual studio, webcheck, windows



Ähnliche Themen: C:\Windows\system32\Winbooterr\Svchost.exe


  1. Avast Pop-ups Infection: URL:Mal Process: C:\Windows\System32\svchost.exe
    Log-Analyse und Auswertung - 13.06.2015 (11)
  2. URL:Mal in C:\Windows\System32\svchost.exe von avast gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.03.2015 (11)
  3. c:\windows\system32\svchost.exe "Avast - Infektion geblockt"
    Log-Analyse und Auswertung - 07.03.2015 (11)
  4. C:windows/system32/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (1)
  5. Avast blockiert Datei (windows\system32\svchost.exe)
    Log-Analyse und Auswertung - 21.07.2013 (32)
  6. C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (10)
  7. C:/windows/system32/svchost.exe trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.01.2012 (4)
  8. C:\windows\system32\svchost.exe Tojaner , Malwarebytes blockt IP
    Log-Analyse und Auswertung - 10.12.2011 (44)
  9. c:\windows\system32\svchost.exe Virus?
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (24)
  10. Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT !
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (4)
  11. TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)
    Log-Analyse und Auswertung - 11.11.2010 (11)
  12. Browser lassen sich nach Troj.-Befall nicht öffnen windows\system32\svchost.exe Trojan.Downloader
    Plagegeister aller Art und deren Bekämpfung - 31.10.2010 (30)
  13. virus in windows/system32/drivers und svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (1)
  14. c:\WINDOWS\system32\svchost.exe Probleme mit Sound und Grafikeinstellungen
    Plagegeister aller Art und deren Bekämpfung - 08.08.2009 (5)
  15. C:\Windows\system32\svchost.exe.
    Plagegeister aller Art und deren Bekämpfung - 17.07.2009 (19)
  16. c:windows\system32\svchost.exe oO
    Log-Analyse und Auswertung - 14.03.2009 (1)
  17. svchost.exe in "system32/windows update"
    Log-Analyse und Auswertung - 16.02.2009 (11)

Zum Thema C:\Windows\system32\Winbooterr\Svchost.exe - Servus, ich hab mir anscheinend irgend so einen Internetrotz eingefangen. Hab auch schon diverse Foren durchgelesen, bin mir aber nicht sicher, inwieweit das mein Problem betrifft. Dabei scheint es sich - C:\Windows\system32\Winbooterr\Svchost.exe...
Archiv
Du betrachtest: C:\Windows\system32\Winbooterr\Svchost.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.