Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Diagnostic - richtig entfernt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.03.2011, 15:04   #1
Swaggy
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Hallo zusammen,
gestern Abend bemerkte ich ein neues ,,angebliches´´ Windows Tool, names Windows Diagnostic, welches mir permanent dubiose Fehlermeldungen und Warnungen zeigte. Auch mein Dekstop war plötzlich leer.
Als ich nach diesem Toll googlete wurde mir schnell kalr, dass es sich um einen Trojaner handelt.
Ich habe mich auch informiert, wie ich diesen wieder los werde. Allerdings habe ich vorher erst einmal ,,Microsoft Security Essentials´´ durchlaufen lassen und so anscheinden den Virus erfolgreich entfernt.
Die Fehlermeldungen haben zwar aufgehört, doch mein Desktop ist immernoch leer. Es befindet sich noch ein leerer Ordner, ein Mozilla Firefox Symbol, Icq und der Papierkorb, in dem komischerweise noch Datein sind,auf dem Desktop.
Wenn ich nach einzelnen Datein suche, finde ich diese auch in dem Ordner C:/Flo/Desktop...
Wenn ich aber im Arbeitsplatz danach suche, ist mein gesamter ,,Benutzer´´ gelöscht. Das Benutzerkonto meiner Schwester hingegen ist noch vollständig.
Ich hoffe ihr versteht halbwegs, was ich versuche zu erklären.
Ich habe bereits einen Malware Durchgang am laufen und google mich durch das Thema, doch so richtig verstehen tue ich nichts.
Tut mir Leid, wenn das Thema bereits vorher diskutiert wurde, aber villeicht könnte mir jemand eine Idiotenanleitung zum Entfernen des Trojaners geben oder zumindest wo ich meine verlorenen Daten wieder finden kann.

Gruß,
Swaggy

Alt 22.03.2011, 15:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 22.03.2011, 19:51   #3
Swaggy
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Danke für die Schnelle Antwort erstmal,
also den Malware Scan habe ich schon angefangen, als ich den Beutrag geschrieben habe und er läuft immernoch durch (mittlerweile seit über 5 Stunden). Ist das normal???
OTL läuft auch gerade durch.

Gruß,
Swaggy


Edit:

hier sind die OTL Ergebnisse:
OTL Logfile:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.03.2011 20:04:14 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Flo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3067 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 171,08 Gb Free Space | 38,38% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,43 Gb Free Space | 42,19% Space Free | Partition Type: FAT32
 
Computer Name: STANDPC2 | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Flo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Programme\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_Engine.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Users\Flo\Desktop\Neuer Ordner\RPGXP.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Flo\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (QualityManager) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel(R) Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (DHTRACE) Intel(R) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (NMSCore) Intel(R) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsl129d48fe) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4E52491-CC8A-4EAB-BC2C-F3AA7F2E7E72}\MpKsl129d48fe.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\HomeCinema\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "softonic-de3 Customized Web Search"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.08 11:08:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.22 13:55:58 | 000,000,000 | ---D | M]
 
[2010.11.10 18:28:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Extensions
[2010.11.10 18:28:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.03.22 14:07:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions
[2010.04.18 19:51:12 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.14 14:27:13 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.11 15:20:42 | 000,000,000 | -H-D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.05.17 18:11:16 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.30 09:41:45 | 000,000,000 | -H-D | M] (softonic-de3 Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.11.11 15:20:41 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\engine@conduit.com
[2010.06.08 10:29:10 | 000,000,927 | -H-- | M] () -- C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\rbpipver.default\searchplugins\conduit.xml
[2011.03.22 14:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.28 19:41:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.14 14:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.22 14:05:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.04.28 19:41:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.04.26 15:31:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2011.03.14 14:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.22 14:05:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.11 20:48:22 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.11 20:48:22 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.11 20:48:22 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.11 20:48:22 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.11 20:48:22 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000 begin_of_the_skype_highlighting**************075-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************075-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************075-444553540000******end_of_the_skype_highlighting} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{255fb5a1-ec12-11df-8f60-001d9220ecf6}\Shell - "" = Autorun
O33 - MountPoints2\{255fb5a1-ec12-11df-8f60-001d9220ecf6}\Shell\downloadsb\command - "" = C:\Windows\explorer.exe -- [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell\install\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.22 14:33:48 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Malwarebytes
[2011.03.22 14:33:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.22 14:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.22 14:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.22 14:33:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.22 14:33:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.22 14:05:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.22 14:05:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.22 14:05:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.21 22:50:24 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Roaming\Uniblue
[2011.03.21 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011.03.21 22:50:15 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.03.21 22:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.03.21 22:50:02 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Local\PackageAware
[2011.03.21 22:49:00 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Local\Conduit
[2011.03.21 21:57:09 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
[2011.03.21 16:48:53 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Desktop\RPG-Atelier
[2011.03.21 15:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011.03.21 15:45:39 | 000,000,000 | ---D | C] -- C:\Programme\Xvid
[2011.03.21 15:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\ClickPotatoLiteSA
[2011.03.21 15:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2011.03.19 00:31:43 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Desktop\Tilesets
[2011.03.14 14:29:19 | 000,000,000 | ---D | C] -- C:\Windows\TempAA03F409-4FF2-156F-E542-88CD5B33D85E-Signatures
[2011.03.14 14:28:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2011.03.14 14:27:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.14 14:27:44 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.03.14 14:26:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.03.13 15:40:17 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Documents\RPGXP
[2011.03.13 15:36:11 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Desktop\Neuer Ordner
[2011.03.09 14:14:18 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 14:14:18 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 14:14:18 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 14:14:18 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.26 22:17:51 | 000,000,000 | ---D | C] -- C:\Programme\hamachi_save
[2011.02.26 22:14:37 | 000,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2011.02.26 22:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi
[2011.02.25 18:33:31 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Roaming\mIRC
[2011.02.25 18:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2011.02.25 18:33:30 | 000,000,000 | ---D | C] -- C:\Programme\mIRC
[2011.02.24 16:01:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.24 16:00:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.24 15:59:57 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.24 15:59:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.24 15:59:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.24 15:59:56 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.24 15:59:56 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.24 15:59:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.24 15:59:55 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.24 15:59:55 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.24 15:59:55 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.24 15:59:55 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.24 15:59:49 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.24 15:59:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.24 15:59:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.24 15:59:49 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.24 15:59:48 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.22 20:05:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.22 19:52:49 | 000,001,890 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2011.03.22 19:50:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.22 19:41:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 19:41:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 19:40:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.22 14:17:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.22 13:58:27 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.21 22:50:23 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.03.21 21:57:10 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43638536r
[2011.03.21 21:57:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43638536
[2011.03.21 21:57:09 | 000,000,591 | -H-- | M] () -- C:\Users\Flo\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:57:05 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43638536
[2011.03.21 21:13:12 | 000,002,623 | -H-- | M] () -- C:\Users\Flo\Desktop\Microsoft Word.lnk
[2011.03.20 21:26:28 | 000,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.03.20 21:07:02 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.03.18 15:35:52 | 000,000,056 | RHS- | M] () -- C:\Windows\System32\9CD804905C.sys
[2011.03.14 14:30:14 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.03.14 14:29:35 | 000,635,148 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.14 14:29:35 | 000,601,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.14 14:29:35 | 000,130,386 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.14 14:29:35 | 000,107,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.09 21:06:24 | 000,030,208 | -H-- | M] () -- C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.26 22:14:37 | 000,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2011.02.26 02:19:32 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2011.02.25 21:55:31 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.21 22:50:25 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.21 22:50:16 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.03.21 21:57:10 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43638536r
[2011.03.21 21:57:10 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43638536
[2011.03.21 21:57:09 | 000,000,591 | -H-- | C] () -- C:\Users\Flo\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:57:05 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43638536
[2011.03.21 15:45:40 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.21 15:45:40 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011.03.21 15:45:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.03.20 21:03:59 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.03.14 14:30:14 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.03.13 15:39:20 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\9CD804905C.sys
[2011.03.13 15:39:18 | 000,001,890 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011.03.13 15:36:50 | 000,001,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker XP.lnk
[2011.02.26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.02.24 15:59:50 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.24 15:59:50 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.24 15:59:50 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.03 20:38:53 | 000,024,206 | -H-- | C] () -- C:\Users\Flo\AppData\Roaming\UserTile.png
[2011.01.01 21:27:01 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.11.04 17:09:07 | 000,942,080 | ---- | C] () -- C:\Windows\System32\NewFlyff.exe
[2010.10.01 12:56:46 | 000,000,000 | -H-- | C] () -- C:\Users\Flo\AppData\Roaming\Default.PLS
[2010.05.25 12:55:24 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.05.25 12:55:21 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.05.17 17:58:52 | 000,000,680 | -H-- | C] () -- C:\Users\Flo\AppData\Local\d3d9caps.dat
[2010.05.07 11:28:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.05.06 12:35:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.05.06 12:35:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.04.28 19:46:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.24 15:50:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.04.20 17:27:51 | 000,022,328 | -H-- | C] () -- C:\Users\Flo\AppData\Roaming\PnkBstrK.sys
[2010.04.20 17:27:51 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.04.20 17:27:35 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.04.20 17:27:35 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.04.18 20:22:56 | 000,030,208 | -H-- | C] () -- C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.17 14:54:25 | 000,000,000 | -H-- | C] () -- C:\Users\Flo\AppData\Roaming\wklnhst.dat
[2010.04.17 14:40:33 | 000,000,091 | -H-- | C] () -- C:\Users\Flo\AppData\Local\fusioncache.dat
[2010.04.17 13:58:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.10.22 12:49:01 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.10.22 12:49:01 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.10.15 17:38:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.15 15:45:53 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.15 15:45:52 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.09 22:26:24 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.10.09 16:05:23 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 16:33:31 | 000,635,148 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,130,386 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,372,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,601,550 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,686 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll

< End of report >
         
--- --- ---



Zitat:
OTL Extras logfile created on: 22.03.2011 20:04:14 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Flo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 171,08 Gb Free Space | 38,38% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,43 Gb Free Space | 42,19% Space Free | Partition Type: FAT32

Computer Name: STANDPC2 | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A0479D-6FEC-44EC-AE35-A11F3555DF76}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{769EEBF4-D87F-40D9-AB62-F6416984AC0B}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C23F63-1C82-4C9A-83AD-3F12F37539EC}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{05356D01-672A-456F-A2C4-74761E1863FF}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{0E4F2913-904F-407F-B3BF-E5C43AACAFAE}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{11A0AE7E-F2EB-42C8-9D13-DC2C76618033}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{13AD2E8B-1AD6-47CD-975D-FB6A7EF6B8B1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{158BF91F-0B1D-470C-A221-130CC11B9281}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{1B5C7D3A-1771-45D7-BDA6-99B3E41A7CB4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1CCB7BF5-B15E-4320-877E-8171A3F7911E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{33ABE7A4-CF36-4B45-9525-F09B92AE249D}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{3F7F48AC-EB90-4271-9DBD-FFCA649CCBC0}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{42EB9F43-0124-42F9-9321-BC37976883A3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{461FE70D-8F58-4C97-AF32-F4E0B65CA2D8}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4AD3F761-D1D6-4EC8-B75A-AE79C1858339}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{4AEB1195-588B-42CE-A336-7A9B47E099AC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{50873C55-0DBC-4F25-B32E-0A21D6C82643}" = protocol=17 | dir=in | app=c:\users\flo\downloads\mediaplayer_setup.exe |
"{5A656C86-B245-43C6-908B-2AD4B0310CC4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{5F81C531-2EFA-48A0-B165-EB065BC4A00A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{64DCE4E0-BE06-4BB5-8602-7760B09F65F3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{68EA7529-C076-4D04-85EF-E35A71E5025D}" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe |
"{75496CE1-C10D-48ED-8378-019476EB3842}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{7CD61BFE-B7B5-4252-840F-F7F31D78E18F}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{7D3CF706-04B0-4A39-84FC-3B34E4017780}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{802811EB-B6AA-4427-A50A-00FC9929FDA9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{83196D6B-44CC-480B-8792-211301773BFF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{850910A5-D139-443D-A3AA-3E0634B56C91}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{89396C45-DE66-4A24-9F77-B089F209464D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93B2C3B4-DFFB-4649-81E6-ADCCDB7139DB}" = protocol=6 | dir=in | app=c:\users\flo\downloads\mediaplayer_setup.exe |
"{9935C6BA-B50F-478F-9FBA-765885DACCDA}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{A3761320-D9B9-4DDD-AA01-6D5D6152C94D}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{A66F1099-CF28-4513-BD4F-43278966A05D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{AE5AC8EC-7E53-4920-9426-17DEEB789B70}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{B04217C0-D122-41C9-922D-760233DA4838}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{BCD03BFB-4564-41A0-9C52-9AC938F13D76}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D383F04C-5757-4FE6-90E7-B48D22CB8919}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{E2D3FE62-EE8D-43CA-9F4F-35627E1A60E8}" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe |
"{F57992BE-DF49-4577-A209-45D313905303}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{FAE57EDA-E71F-4905-976F-FF8091FB39CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{FB768641-55FC-4FAF-9D9C-CBFD9E74F821}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{FCFE3580-EA9A-43B6-914E-B7B8D3FDCF15}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{FE87A4D1-DF76-4A03-A68D-B1715D734D9E}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"TCP Query User{08B1E237-74BA-42F3-BD26-975FF0E962F2}C:\users\flo\desktop\spiele\gut\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\gut\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{0BEFEA3E-8315-4359-9548-1144CBB5C7BC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{0DC07DAC-74D6-4E6D-80E7-6E4B276C147C}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{1F57A4F1-F64D-4FC4-8B00-AFA4E8C80D16}C:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe |
"TCP Query User{253307BC-98B3-40DC-AE6D-C41409F712A5}C:\users\flo\desktop\american wasteland\game\thaw.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\american wasteland\game\thaw.exe |
"TCP Query User{2865E1C4-92A3-46DA-8FC3-FD5E15BB60C6}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"TCP Query User{2C8364E2-A516-4FBB-A8C5-7280977F14ED}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{525D34CF-2869-4295-A384-0B02C7EDB007}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{54788931-6B50-4A03-BDF8-4FB6C90126D9}C:\users\flo\desktop\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{5B177E1B-BD8A-4CCE-A15F-0C607CDAE1F7}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{5CC43536-0B0C-43FB-924E-D7D83AA4029E}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{64AE24CB-8D14-41FE-BEDB-6233E6BB7261}C:\users\flo\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\flo\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{80198EDC-9515-48A5-836E-7BAF633B8241}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{854E88E8-1C6E-49A4-A45E-B51F54E45332}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{93E78370-031C-48D2-B1D2-8938D1220D63}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{B750E615-8BC5-4F17-90B5-4CF351232C96}C:\users\flo\desktop\spiele\kahlert\der herr der ringe® - die eroberung™\conquest.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\der herr der ringe® - die eroberung™\conquest.exe |
"TCP Query User{B896ECAA-4AF0-4F51-8D08-55DB891AAAA7}C:\users\flo\desktop\spiele\spiele\langames\cs1.6\cs16\hl.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\spiele\langames\cs1.6\cs16\hl.exe |
"TCP Query User{B9BDA077-20CC-49DF-973D-FC1B61D8108C}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"TCP Query User{BAA86FCC-B37B-4518-A780-420BB8129FD9}C:\users\flo\desktop\siedler iii\s3.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\siedler iii\s3.exe |
"TCP Query User{C0D616D9-1F1A-4A95-91A7-46567D182E09}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{C1BBE6EE-5AAD-4CD1-8345-8754E9340B59}C:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe |
"TCP Query User{C6CAB7AB-E4C7-40B7-9F26-F12A8903DF3A}C:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{04B17415-44B8-4547-BF6A-AC4C81A08675}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0A92B3F4-763D-4A9C-9B0B-CE218011F9BE}C:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe |
"UDP Query User{0AE73B9F-76FF-46CA-B035-CF64A447E700}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{162CC796-D5C4-42F6-B37D-A49F624F3162}C:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{1D8FAE52-8EF8-4272-A3E3-71AF92FB7722}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{24AF71CB-B4CC-40D8-9788-A5DA38FBD2A8}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{2B34DBF0-7276-4309-B208-C66DB88AE17B}C:\users\flo\desktop\spiele\spiele\langames\cs1.6\cs16\hl.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\spiele\langames\cs1.6\cs16\hl.exe |
"UDP Query User{2FCBE9A3-9FBF-4B4A-8649-AAC0921755B1}C:\users\flo\desktop\american wasteland\game\thaw.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\american wasteland\game\thaw.exe |
"UDP Query User{2FCE028C-5FAA-4A6F-A650-02985EFDF3CF}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"UDP Query User{3A2F7198-F9E2-4D84-B414-177ED3331FC3}C:\users\flo\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\flo\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{59DE64E3-F770-44C2-9C9C-EE3A076DEF71}C:\users\flo\desktop\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{5BD41A4B-BC8E-4979-B42D-5E956B719207}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{78024E9C-ED45-4D40-8F69-AFAAF11A3823}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{7D32B4C8-3EAE-4AD1-A612-67FE322BB563}C:\users\flo\desktop\spiele\gut\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\gut\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{887699DE-D65E-4A4E-9398-8D13B39C0813}C:\users\flo\desktop\siedler iii\s3.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\siedler iii\s3.exe |
"UDP Query User{8B6CF88C-BB4B-4FB8-965B-1A41759B7421}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{93DA37AC-50B2-4AE0-90ED-DF401524F6C7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{C127EA0A-7C72-48A8-8969-FB7D466302F6}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"UDP Query User{C43D652D-F67D-42D0-9A64-008D2C8E1394}C:\users\flo\desktop\spiele\kahlert\der herr der ringe® - die eroberung™\conquest.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\der herr der ringe® - die eroberung™\conquest.exe |
"UDP Query User{CC2AA366-B5B4-4A40-ABE9-3D8AF043216C}C:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{E207595F-3EB7-4657-B5F4-6DDF129B8B46}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{F863B4FB-9226-4988-85C7-F72EB81E6E65}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"conduitEngine" = Conduit Engine
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"FormatFactory" = FormatFactory 2.60
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Studio_is1" = Free Studio version 4.9
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Google Chrome" = Google Chrome
"Gothic II" = Gothic II
"Hamachi" = Hamachi 1.0.2.3
"ICQToolbar" = ICQ Toolbar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
--- --- ---


Ich hoffe ich hab jetzt keinen riesen Beitrag gemacht und die OTL Ergebnisse in so ein Scroll-Fenster gepackt.
Das kommt mir übrigens ziemlich viel vor, was der da rausgefunden hat. Ist das auch normal, oder ist mein Pc einfach extrem vollgemüllt (was durchaus sein kann) ???
__________________

Geändert von Swaggy (22.03.2011 um 20:10 Uhr) Grund: OTL Scan

Alt 23.03.2011, 16:11   #4
Swaggy
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Hallo zusammen,
ich bin inzwischen etwas weiter gekommen mit mienem Problem.
Ich habe das angewandt, was in diesem Thema empfohlen wurde:
http://www.trojaner-board.de/96721-s...erstellen.html
Es hat funktioniert. Mein alter Desktop ist wieder da, mit allen Daten.
Allerdings ist noch ein Windows Diagnostic Icon drauf und die alten Symbole sind , wie unter einer Folie, verblasst. Die neuen hingegen (Mozilla Firefox, Icq...) sind nicht blass. Es ist, als würde ein zweiter Desktop über dem ersten liegen.
Aber wie bekomme ich diesen ,,2. Desktop´´ samt Windows Diagnostic jetzt weg???

Gruß,
Swaggy

Alt 23.03.2011, 16:22   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Du hast Malwarebytes vergessen. Die Logs, alle Logs, will ich sehen.

__________________
Logs bitte immer in CODE-Tags posten

Alt 23.03.2011, 21:57   #6
Swaggy
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



hä?
die hatte ich eigentlich schon gepostet...ich mach jetzt keinen neuen durchgang mehr, das dauert mir zu lange. Aber bei zitiert sind noch logs...
die post ich einfach mal, villeicht könnt ihr was damit anfangen:

Edit: ups, das sind ja die OTL extra logs...dann kommen die malware erst moregn...sorry

Gruß,
Swaggy

Alt 23.03.2011, 22:00   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Ist ja nicht schlimm. Poste bitte einfach alle Logs, die bei Malwarebytes im Reiter Logdateien zu sehen sind.
__________________
Logs bitte immer in CODE-Tags posten

Alt 24.03.2011, 18:07   #8
Swaggy
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Ich glaube ich habe den letzten 5 Stunden Scan unterbrochen, weil der PC abgestürtzt ist, aber dieser hat nur 1,5 Std. gedauert.
Anscheinend hatte Clickpotato etwas damit zu tun, das hat ein Freund gedownloaded um mir ein Video zu zeigen. Angeblich ist das ein Video-Player (keine Ahnung wie man das nennt), aber funktioniert hat es nicht.
Das war mir von Anfang an nicht geheuer.

Es ist zuerst eine Liste mit Fehlern aufgegangen und dann hat sich ein Log geöffnet...ich poste einfach mal alles.

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6131

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

24.03.2011 17:33:37
mbam-log-2011-03-24 (17-33-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 436430
Laufzeit: 1 Stunde(n), 31 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 21
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\$RECYCLE.BIN\s-1-5-21-3066033664-364462659-1142755021-1004\$R57ORKN\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-3066033664-364462659-1142755021-1004\$R57ORKN\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Flo\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
und hier die fehler, die es gefunden hat:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6131

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

24.03.2011 17:33:37
mbam-log-2011-03-24 (17-33-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 436430
Laufzeit: 1 Stunde(n), 31 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 21
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\$RECYCLE.BIN\s-1-5-21-3066033664-364462659-1142755021-1004\$R57ORKN\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-3066033664-364462659-1142755021-1004\$R57ORKN\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Flo\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Gruß,

Swaggy

Alt 24.03.2011, 18:42   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{255fb5a1-ec12-11df-8f60-001d9220ecf6}\Shell - "" = Autorun
O33 - MountPoints2\{255fb5a1-ec12-11df-8f60-001d9220ecf6}\Shell\downloadsb\command - "" = C:\Windows\explorer.exe -- [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell\install\command - "" = E:\autorun.exe
[2011.03.21 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011.03.21 15:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2011.03.14 14:29:19 | 000,000,000 | ---D | C] -- C:\Windows\TempAA03F409-4FF2-156F-E542-88CD5B33D85E-Signatures
[2011.03.21 21:57:10 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43638536r
[2011.03.21 21:57:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43638536
[2011.03.21 21:57:09 | 000,000,591 | -H-- | M] () -- C:\Users\Flo\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:57:05 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43638536
[2011.03.18 15:35:52 | 000,000,056 | RHS- | M] () -- C:\Windows\System32\9CD804905C.sys
[2010.11.04 17:09:07 | 000,942,080 | ---- | C] () -- C:\Windows\System32\NewFlyff.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logs bitte immer in CODE-Tags posten

Alt 24.03.2011, 18:50   #10
Swaggy
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Ich glaube es hat funktioniert. Also das Windows Diagnostic Icon ist zumindest vom Desktop und Fhelermeldungen kommen auch keine mehr.
Soll ich jetzt nochmal einen Scan mit z.B. RegisteryBooster machen?

Dieses log hat mir OTL geöffnet, nachdem ich es wegen einer Fehlermeldung geschlossen habe:

Zitat:
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj03.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Allerdings wird ,,Flo´´ immernoch nicht als Benutzer angezeigt und mein Ordner Flo ist auf einmal auch leer.
Komisch. Ich werde es einfach nochmal versuchen und schreiben, obs geklappt hat.

Gruß,
Swaggy

Alt 24.03.2011, 18:55   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logs bitte immer in CODE-Tags posten

Alt 24.03.2011, 20:13   #12
Swaggy
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Anscheinend sind unter anderem meine RPG Daten weg, was mich grade wirklich aufregt, weil ich da wirklich viel Arbeit reingesteckt habe.
Ich kann zwar, durch die zuletz verwendet Funktion, noch auf Teile der alten Maps zurück greifen, aber es wird lange dauern die ganzen Einstellungen neu zu machen.
Auch mein ,,Flo´´ Benutzer ist immernoch verschwunden.
Hat jemand eine Idee wir ich ihn wieder finde oder wieder sichtbar machen kann???


Gruß,
Swaggy

Alt 24.03.2011, 21:02   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Seit wann ist das verschwunden?
__________________
Logs bitte immer in CODE-Tags posten

Alt 24.03.2011, 21:56   #14
Swaggy
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



ich glaube seit ich eben mit otl den Fix ausgeführt habe.
Kann es sein, dass noch Virenscanner an waren oder so.
Ich habe jetzt auch diese CF durchgeführt, aber ich erkenne keinen Unterschied, außer dass ich plötzlich 10GB mehr Speicherplatz habe, also 10GB verschwunden sind...
Hier ist dr log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-24.01 - Flo 24.03.2011  21:14:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2045.1235 [GMT 1:00]
ausgeführt von:: c:\users\Flo\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Uninstall Windows Diagnostic.lnk
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Windows Diagnostic.lnk
c:\windows\system32\midas.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))
.
.
2011-03-24 20:25 . 2011-03-24 20:45	--------	d-----w-	c:\users\Flo\AppData\Local\temp
2011-03-24 17:09 . 2011-03-24 17:09	--------	d-----w-	c:\programdata\WindowsSearch
2011-03-24 14:49 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A939DA71-3847-48C9-854F-2AF03E930FC6}\mpengine.dll
2011-03-23 14:59 . 2011-03-23 14:59	--------	d-----w-	C:\_OTL
2011-03-23 13:23 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-03-23 13:23 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-03-23 13:23 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-03-22 13:33 . 2011-03-22 13:33	--------	d-----w-	c:\users\Flo\AppData\Roaming\Malwarebytes
2011-03-22 13:33 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-22 13:33 . 2011-03-22 13:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-22 13:33 . 2011-03-22 13:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-03-22 13:33 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-21 21:50 . 2011-03-21 21:50	--------	d--h--w-	c:\users\Flo\AppData\Roaming\Uniblue
2011-03-21 21:50 . 2011-03-21 21:50	--------	d-----w-	c:\program files\Uniblue
2011-03-21 21:50 . 2011-03-21 21:50	--------	d--h--w-	c:\users\Flo\AppData\Local\PackageAware
2011-03-21 21:49 . 2011-03-21 21:49	--------	d--h--w-	c:\users\Flo\AppData\Local\Conduit
2011-03-21 14:45 . 2008-12-13 19:01	77824	----a-w-	c:\windows\system32\xvid.ax
2011-03-21 14:45 . 2008-12-04 20:42	815104	----a-w-	c:\windows\system32\xvidcore.dll
2011-03-21 14:45 . 2011-03-21 14:45	--------	d-----w-	c:\program files\Xvid
2011-03-21 14:45 . 2008-12-04 20:46	180224	----a-w-	c:\windows\system32\xvidvfw.dll
2011-03-20 20:03 . 2011-03-20 20:26	103736	---ha-w-	c:\windows\system32\PnkBstrB.exe
2011-03-14 13:54 . 2011-03-14 13:54	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{883F5FA3-00FF-41B1-A2EC-1322D554DFDB}\gapaengine.dll
2011-03-14 13:28 . 2011-03-14 13:30	--------	d-----w-	c:\program files\Microsoft Security Client
2011-03-14 13:27 . 2011-03-14 13:27	--------	d-----w-	c:\program files\Common Files\Java
2011-03-14 13:27 . 2010-04-05 20:00	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2011-03-14 13:26 . 2011-02-02 20:40	472808	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-14 13:26 . 2011-02-02 20:40	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-03-13 14:39 . 2011-03-24 19:25	1890	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2011-03-09 13:14 . 2010-12-29 18:28	322560	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 13:14 . 2010-12-29 18:28	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-09 13:14 . 2010-12-29 18:28	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 13:14 . 2010-12-29 18:26	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 13:14 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 13:14 . 2010-12-17 13:54	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-02-26 21:17 . 2011-02-26 21:18	--------	d-----w-	c:\program files\hamachi_save
2011-02-26 21:14 . 2011-02-26 21:14	25280	----a-w-	c:\windows\system32\drivers\hamachi.sys
2011-02-26 01:19 . 2011-02-26 01:19	41872	----a-w-	c:\windows\system32\xfcodec.dll
2011-02-25 17:33 . 2011-03-01 18:01	--------	d--h--w-	c:\users\Flo\AppData\Roaming\mIRC
2011-02-25 17:33 . 2011-02-25 17:33	--------	d-----w-	c:\program files\mIRC
2011-02-24 15:00 . 2009-10-09 21:56	2048	----a-w-	c:\windows\system32\winrsmgr.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 20:26 . 2010-04-20 16:27	103736	---ha-w-	c:\windows\system32\PnkBstrB.ex0
2011-03-20 20:07 . 2010-04-20 16:27	22328	---ha-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-02-25 20:55 . 2010-04-20 16:29	271200	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-02-10 21:54 . 2010-04-18 11:23	5943120	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-20 16:37 . 2011-02-16 16:22	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-16 16:22	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-16 16:22	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-16 16:22	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-16 16:22	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-16 16:22	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-16 16:22	37376	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-16 16:22	258048	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-16 16:22	586240	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-16 16:22	2873344	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-16 16:22	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-16 16:22	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-16 16:22	98816	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-16 16:22	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-16 16:22	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-16 16:22	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-16 16:22	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-16 16:22	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-16 16:22	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-16 16:22	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-16 16:22	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-16 16:22	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-16 16:22	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-16 16:22	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-16 16:22	683008	----a-w-	c:\windows\system32\d2d1.dll
2011-01-19 08:26 . 2011-01-19 08:26	86016	----a-w-	c:\windows\system32\frapsvid.dll
2011-01-08 14:09 . 2010-04-20 16:27	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2011-01-08 08:47 . 2011-02-16 16:21	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-16 16:21	292352	----a-w-	c:\windows\system32\atmfd.dll
2011-01-01 20:57 . 2010-04-20 16:27	22328	---ha-w-	c:\users\Flo\AppData\Roaming\PnkBstrK.sys
2010-12-31 13:57 . 2011-02-16 16:22	2039808	----a-w-	c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 13:05	413696	----a-w-	c:\windows\system32\odbc32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsof0.dll" [2010-10-18 3908192]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\program files\Softonic_Deutsch_FF\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54	175912	----a-w-	c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Softonic_Deutsch_FF\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\softonic-de3\tbsof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 09:06	2355224	----a-w-	c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsof0.dll" [2010-10-18 3908192]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\program files\Softonic_Deutsch_FF\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsof0.dll" [2010-10-18 3908192]
"{9D81AF43-DE53-48D0-A199-42C2A226B24C}"= "c:\program files\Softonic_Deutsch_FF\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2010-02-12 5933912]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-27 375296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 08:14	202024	----a-w-	c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57	153136	----a-w-	c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-12 08:58	8497696	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-12 08:58	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-12 08:58	86016	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-09-06 23:26	172032	----a-w-	c:\program files\HomeCinema\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-17 11:27	4702208	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 13:54	16896	----a-w-	c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast]
2007-08-07 22:12	797696	----a-w-	c:\program files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-10-19 15:42	155648	------w-	c:\program files\HomeCinema\TV Enhance\TVEService.exe
.
R1 bcmpikdd;bcmpikdd;c:\windows\system32\drivers\bcmpikdd.sys [x]
R1 MpKsl6b61d8cb;MpKsl6b61d8cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6E8D2A4-27EC-4E42-91C6-29754EF1F460}\MpKsl6b61d8cb.sys [x]
R1 MpKsl8c3a74af;MpKsl8c3a74af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA119E0A-D5F0-4243-BA02-F582C844AB7E}\MpKsl8c3a74af.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1cae702751500b0;Google Update Service (gupdate1cae702751500b0);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 133104]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-28 3522800]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [2007-10-11 41456]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-10-19 290909]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2007-10-19 114779]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-08-22 1242976]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-15 5632]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 18:41]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 18:41]
.
2011-03-24 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
mSearch Bar = hxxp://www.google.com/ie
IE: Free YouTube Download - c:\users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\rbpipver.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic-de3 Customized Web Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Softonic Deutsch FF Community Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - %profile%\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FormatFactory - c:\users\Flo\Desktop\Neuer Ordner\FormatFactory\uninst.exe
AddRemove-Fraps - c:\users\Flo\Desktop\fraps\uninstall.exe
AddRemove-Hamachi - c:\program files\uninstall.exe
AddRemove-S2TNG - c:\users\Flo\Desktop\Siedler II\Die Siedler II - Die nächste Generation\uninstall.exe
AddRemove-Uniblue RegistryBooster - c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}\rbia.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}\rbia.exe
AddRemove-ChillOutFly - c:\users\Flo\Desktop\Neuer Ordner (2)\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-24 21:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3066033664-364462659-1142755021-1004\Software\SecuROM\License information*]
"datasecu"=hex:99,fb,c9,d4,16,fa,af,3d,8b,f9,f3,2a,88,3a,3f,55,69,b8,72,e6,58,
   f5,4b,f3,02,00,86,0a,e0,5f,94,20,14,d2,03,92,af,8f,b8,fe,86,54,b0,5e,76,26,\
"rkeysecu"=hex:6b,9c,1a,9c,91,ef,0f,35,a5,5f,ff,e8,3f,b1,e8,ce
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-24  21:48:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-24 20:48
.
Vor Suchlauf: 6 Verzeichnis(se), 189.049.585.664 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 202.748.043.264 Bytes frei
.
- - End Of File - - 2C279100900F450339E92876E51563B4
         
--- --- ---


Kann ich jetzt wieder eine Datensicherung mit einer externen festplatte machen, oder ist der Trojaner immernoch auf meinem PC und könnte auf die Externe wandern???

Gruß,
Swaggy

Alt 24.03.2011, 22:02   #15
Swaggy
 
Windows Diagnostic - richtig entfernt? - Standard

Windows Diagnostic - richtig entfernt?



Huch!!!
Ich habe gerade das log Fenster von CF geschlossen und plötzlich gibt es bei C:/Benutzer wieder einen Flo Ordner und folgende: Default, Öffentlich und IUSR_NMPR

Meine Daten sind jetzt auch wieder komplett, nur eine kleine RPG Map fehlt, die ich wegen des Trojaners irgendwie nicht richtig speichern konnte, aber das ist nicht weiter schlimm.

Also wenn der Trojaner jetzt komplett und endgültig vom Pc gelöscht ist, alle Daten wieder da sind und auch der Desktop wieder vollständig ist, wär die Sache ja gegessen.
Die beiden letzteren Dinge treffen zu, nur ob der Trojaner wirklich weg ist, da bin ich mir noch nicht ganz sicher.

Wenn so ist bedank ich mich schonmal ganz herzlich bei den Helfern:

DANKE!!!

Gruß,
Swaggy

Antwort

Themen zu Windows Diagnostic - richtig entfernt?
anleitung, arbeitsplatz, benutzerkonto, datenverlust, desktop, entfernen, entfernt?, fehlermeldungen, firefox, leerer ordner, malware, microsoft, microsoft security, papierkorb, plötzlich, schnell, security, tool, trojaner, verschwunden, virus, windows, windows diagnostic



Ähnliche Themen: Windows Diagnostic - richtig entfernt?


  1. TR/Crypt.XPACK.Gen - wie entfernt man ihn richtig?
    Plagegeister aller Art und deren Bekämpfung - 31.01.2014 (9)
  2. GVU Trojaner nicht richtig entfernt...
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (17)
  3. GVU Trojaner 2.07 richtig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (1)
  4. BOO/TDss.M - Richtig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 02.09.2011 (12)
  5. BKA Trojaner nicht richtig entfernt
    Log-Analyse und Auswertung - 09.08.2011 (1)
  6. BKA Trojaner richtig entfernt?
    Log-Analyse und Auswertung - 09.08.2011 (1)
  7. HDD Diagnostic entfernt,Desktop ist fast leer u. kein Zugriff auf Programme u. Dateien
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (36)
  8. Windows Diagnostic - Verzeichnisse unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 07.04.2011 (15)
  9. Windows Diagnostic, Daten wiederherstellen
    Log-Analyse und Auswertung - 02.04.2011 (28)
  10. Dateien nach Windows Diagnostic
    Plagegeister aller Art und deren Bekämpfung - 01.04.2011 (15)
  11. Windows Diagnostic - Opfer -
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (6)
  12. Windows Diagnostic wirklich entfernt? - Log files
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (16)
  13. Windows Diagnostic und Folgen
    Log-Analyse und Auswertung - 24.03.2011 (8)
  14. System Diagnostic entfernt - Icons und C:// wiederherstellen
    Log-Analyse und Auswertung - 23.03.2011 (7)
  15. Windows Diagnostic - entfernt oder nicht?
    Log-Analyse und Auswertung - 22.03.2011 (1)
  16. Windows Diagnostic entfernen
    Anleitungen, FAQs & Links - 18.03.2011 (2)
  17. Anti Malware Doctor auf WIN 7 gehabt und entfernt. Richtig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (13)

Zum Thema Windows Diagnostic - richtig entfernt? - Hallo zusammen, gestern Abend bemerkte ich ein neues ,,angebliches´´ Windows Tool, names Windows Diagnostic, welches mir permanent dubiose Fehlermeldungen und Warnungen zeigte. Auch mein Dekstop war plötzlich leer. Als ich - Windows Diagnostic - richtig entfernt?...
Archiv
Du betrachtest: Windows Diagnostic - richtig entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.