MS Recovery - Alle Programme sind weg!

TheDudeAllin · 02.06.2011, 17:00

Guten Abend liebe Computerfreunde,

ich bin neu hier und versuche mal alle gewünschten Details zu meinem Problem online zu stellen. Verzeiht mir bitte, wenn was fehlt. Ist für mich Neuland!

Ich hatte auf meinem PC den "Virus" oder "Trojaner" MS Recovery. Mithilfe von Avira habe ich den wieder runterbekommen, jedenfalls erscheint er nicht mehr. Der Computer läuft demnach wieder normal. Leider sind alle Programme weg. Sowohl unter Start -> Programme als auch unter Arbeitsplatz -> Laufwerk D -> LEER! Auch mein Taskmanager war weg. Den habe ich aber per Regedit wieder herzaubern können.

Bei den fehlenden Programmen kann ich noch hinzufügen, dass alle Programme laufen und auch ausgeführt werden. Wenn ich den internet explorer z.b. unter start suche, dann findet er ihn auch. Wie man sieht funktioniert er sogar. Wenn ich dann im Internet eine Datei speichern möchte, sehe ich komischerweise alle Programme unter D. Also sind sie noch da, nur für mich so nicht sichtbar.

Ich bitte demnach um eure Hilfe. Ich werde gleich mal diese Malwarebytes und OTL durchlaufen lassen. Habe gelesen das ich das machen soll. Ich hoffe das ist richtig. ;-)

So, hier der Bericht von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6753

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02.06.2011 17:58:01
mbam-log-2011-06-02 (17-57-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 367090
Laufzeit: 36 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Und hier die Berichte von OTL:

NR.1OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 02.06.2011 17:25:02 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\TheGoopster\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,86% Memory free
8,22 Gb Paging File | 6,09 Gb Available in Paging File | 74,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 36,36 Gb Free Space | 37,23% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 314,80 Gb Free Space | 85,52% Space Free | Partition Type: NTFS
 
Computer Name: GAMER-PC | User Name: TheGoopster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\System32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 26 1D DF 68 43 41 CB 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F233DE-576C-40B9-82FA-ED8CA03AC9C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{08495C62-9C40-4F5D-91F1-12F868F5DB6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{12EC7771-3A40-4E27-80BF-F955F0B01240}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1D9FDEBF-F4B1-4CDE-8367-B8B7547FE35E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1E5B95B8-8F86-4B30-851F-AEB78134E72E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{253BE536-7918-45C3-A411-37C6FA353973}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5AA3C175-95FD-4327-8E4F-6D9F58E446ED}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6EAD2F63-13DB-4302-9D83-4C42A2F8CC32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{724DC247-14DA-4D45-92D2-043EA9A89BC2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{78547440-1BAD-43B6-8FFE-6C95307BB55B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{8844EA7C-264D-4A05-BC6D-AAB1E3287818}" = lport=445 | protocol=6 | dir=in | app=system | 
"{90AA92AF-A02F-4866-AC94-3C4590DAD37C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{92E62B1E-71EF-43CA-B872-0C33C1C30508}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A7568F45-393A-4359-9FE2-95D3BE3B8EC9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A801F22D-5951-4EAB-8D4C-9DF44868B414}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B09B5433-B10B-458B-B260-1C2604B787EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B93B3D91-60DF-4BF9-9E47-C92ADC6740EB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BCB5C70F-DFF5-426A-858D-66535165AC51}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D967966C-E691-4F19-B78C-1BABA1856B09}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E69C0A65-5D60-4079-B13A-04E79B39A3F4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E7FFBC97-8A1E-409F-967F-9889557E4C80}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11313770-AFF2-4E85-83B2-E859E0C6B504}" = protocol=17 | dir=in | app=d:\spiele\tc rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{1C83AA94-06C5-48F5-A040-B3493EE118E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{27805026-D1FE-4B2C-B251-E007A868F3C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{33920773-F01C-43EC-B64A-5F8E64148C7F}" = protocol=17 | dir=in | app=d:\programme\icq7.2\aolload.exe | 
"{33E1E4AF-9705-4BE6-9F68-B3DB968493E2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{36402DCF-E0D0-4498-81EC-A15D0AA7E3A1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{3B1F36C8-7503-4F09-803A-947CA8146A8E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{45FF232F-136C-4585-9747-4DA318DE177A}" = protocol=6 | dir=in | app=d:\spiele\tc rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{4C0EF1E2-43D5-4E92-B5CC-FA42B26B14F8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{54C13C9E-2A90-4AFB-B0E0-C8655230B9EB}" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe | 
"{5B926451-BE4B-4C76-B04C-2F6C7209355B}" = protocol=6 | dir=in | app=d:\programme\1und1\webwaigd.exe | 
"{5D93A5E1-1846-4C94-8852-1D0D1B987654}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{67EAA0B4-9464-4C4D-9474-9F806C367DC0}" = protocol=6 | dir=in | app=d:\spiele\tc rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{72D8E219-9CF2-4909-955D-40A9093803F1}" = protocol=6 | dir=in | app=d:\programme\icq7.2\aolload.exe | 
"{73453028-8741-426A-8508-9217C48A8F43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{76716CD3-BF2C-40D0-BAAC-EC1EEF06AC22}" = protocol=6 | dir=in | app=d:\programme\icq7.2\aolload.exe | 
"{7B688827-FDCB-42C6-9E42-DD1621D0A7B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{83A98970-A79D-4328-AA88-914FEBCE13E5}" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe | 
"{856B052C-3289-4D70-88F9-425AC5F9A488}" = protocol=6 | dir=in | app=d:\programme\1und1\igdctrl.exe | 
"{893E90BF-EA24-49BF-A43A-AE71B169AB4D}" = protocol=17 | dir=in | app=d:\programme\1und1\fboxupd.exe | 
"{8A6A3ABA-E4B1-4219-B7A1-B00490C4E155}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8F196E0A-92C3-40F4-93BE-8E33A5F94CC9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{93949C20-7B3B-41ED-8B8A-5AFCF6C12C1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9BE13CDA-B54C-4286-8F8E-99F3DA77278C}" = protocol=6 | dir=in | app=d:\programme\1und1\fboxupd.exe | 
"{A1C2D565-119B-4BA3-89FB-7337EA7A5D8E}" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe | 
"{A9495430-609C-4C91-8576-42BD40261AA4}" = protocol=17 | dir=in | app=d:\programme\1und1\igdctrl.exe | 
"{AE7751F2-355C-4036-BA09-9D0562951FA3}" = protocol=17 | dir=in | app=d:\programme\icq7.2\aolload.exe | 
"{B4424AED-EEBF-42C4-B13B-F9BF3CC41797}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BE7C2586-7231-4476-B853-C318577A99B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C61F268C-5CC2-4DC1-8E57-61D9DE594F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D2DA67D6-6052-4AA3-BEFC-5717178B191D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D6BAAC0E-2E80-414C-8A5F-243EA3FDB294}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E305A197-678D-4FE4-A1F0-71CC066ACD4F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E9C93E16-298E-49B9-A135-361E05076803}" = protocol=17 | dir=in | app=d:\programme\1und1\webwaigd.exe | 
"{EA8B6238-C4B5-481E-B841-67389775B7F0}" = dir=in | app=d:\programme\itunes\itunes.exe | 
"{EAC40E52-C191-49AF-8F4C-1A3A56C0E309}" = protocol=17 | dir=in | app=d:\spiele\tc rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{F0287C31-E826-4D16-AB0E-8D5BCD6CA278}" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe | 
"{FDD4854F-725D-49CC-B297-B188DE54CEAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"TCP Query User{0ACA0E33-8FBF-4906-807A-EC17236FF57E}D:\spiele\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 09\fifa09.exe | 
"TCP Query User{265DFB38-BC64-45C4-BDFE-2831034002C1}D:\spiele\tc rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=d:\spiele\tc rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"TCP Query User{293A316A-8E98-4E51-A839-5807FC419E20}D:\spiele\empires\empires_dmw.exe" = protocol=6 | dir=in | app=d:\spiele\empires\empires_dmw.exe | 
"TCP Query User{354CEAE1-6580-4AA1-897F-656A65E44339}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{4B68D562-541E-47E0-9FF1-29B192B1AEEE}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe | 
"TCP Query User{7B711B21-33B1-43B2-8CB7-EECA4A2C7092}D:\spiele\empires\empires_dmw.exe" = protocol=6 | dir=in | app=d:\spiele\empires\empires_dmw.exe | 
"TCP Query User{8B15B11F-525B-49E7-85E6-7E628204D36D}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe | 
"TCP Query User{90C53616-5357-4F81-AFBF-EBDD6C0F1458}D:\programme\icq7.2\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe | 
"TCP Query User{B6390B36-E639-4F04-A67B-060D394A8019}D:\spiele\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=d:\spiele\world series of poker toc\wsoptoc.exe | 
"TCP Query User{C178A89A-831A-47CE-8583-76EB7DD13DB8}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{D181FF27-22AA-4C8D-8043-9E66DE113FBA}D:\spiele\fifa 06\fifa06.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 06\fifa06.exe | 
"TCP Query User{F380B624-D69E-4319-BDCE-5B8A585D42EC}D:\spiele\splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=d:\spiele\splinter cell double agent\scda-offline\system\splintercell4.exe | 
"TCP Query User{F6012F94-0530-4B0D-AE4E-8559F3830EEB}D:\spiele\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=d:\spiele\world series of poker toc\wsoptoc.exe | 
"UDP Query User{1B6F27A8-AD7B-429E-839E-BBDA00C074D3}D:\spiele\empires\empires_dmw.exe" = protocol=17 | dir=in | app=d:\spiele\empires\empires_dmw.exe | 
"UDP Query User{29B55A94-D555-4AA1-AA6E-B3C798775670}D:\spiele\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=d:\spiele\world series of poker toc\wsoptoc.exe | 
"UDP Query User{2A6B4FA0-1F32-44AC-B45B-279C06515111}D:\spiele\tc rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=d:\spiele\tc rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"UDP Query User{36434CEA-8D41-4DED-9F51-295F4940C42F}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe | 
"UDP Query User{3E0F1781-D0B2-4200-9A81-5894E2ECD8B5}D:\spiele\fifa 06\fifa06.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 06\fifa06.exe | 
"UDP Query User{4CA2A658-8F7D-43C7-ACCC-0FFE7E61434A}D:\spiele\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=d:\spiele\world series of poker toc\wsoptoc.exe | 
"UDP Query User{4D0C39AA-94CF-46AD-8DE9-76DC77FB779B}D:\spiele\splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=d:\spiele\splinter cell double agent\scda-offline\system\splintercell4.exe | 
"UDP Query User{77BDE19F-77B6-4EB5-87E1-B2132FF05F05}D:\spiele\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 09\fifa09.exe | 
"UDP Query User{975725F4-05B2-40C8-9174-70FF7D8A1E86}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{ABFA5974-E43E-41ED-B9ED-83B24E068205}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe | 
"UDP Query User{B2A1F1E2-3492-4D19-8D80-F37F2E3DD461}D:\programme\icq7.2\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe | 
"UDP Query User{CC49181A-5F2B-40C8-A6B0-F50E108BD81E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{D2021A7C-1DE9-45BB-83F2-5FB2D4DB7070}D:\spiele\empires\empires_dmw.exe" = protocol=17 | dir=in | app=d:\spiele\empires\empires_dmw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 263.14
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 263.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 263.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.12.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-185C
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{827B97A9-B347-4110-9F89-37AF2B758F94}" = NHL™ 09
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"Active GIF Creator 3.4" = Active GIF Creator 3.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Age of Emerald" = Age of Emerald
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Beetle Ju 3 (VOLLVERSION)" = Beetle Ju 3 (VOLLVERSION)
"conduitEngine" = Conduit Engine 
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download 2.9
"InnoGames Toolbar" = InnoGames Toolbar
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Luxor - Quest For The Afterlife" = Luxor - Quest For The Afterlife
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mein Gartenparadies" = Mein Gartenparadies
"Mirador" = Mirador
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Music Editor Free" = Music Editor Free
"MySSID_is1" = EXPERTool 7.16
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pizza Syndicate" = Pizza Syndicate deinstallieren
"PunkBusterSvc" = PunkBuster Services
"Ulead GIF Animator Lite Edition 1.0" = Ulead GIF Animator Lite Edition 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"World Series of Poker TOC" = World Series of Poker: TOC
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.05.2011 07:06:31 | Computer Name = Gamer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.05.2011 07:24:35 | Computer Name = Gamer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Adobe_Flash_Player.exe, Version 1.7.8800.0, 
Zeitstempel 0x4d776bb8, fehlerhaftes Modul Adobe_Flash_Player.exe, Version 1.7.8800.0,
 Zeitstempel 0x4d776bb8, Ausnahmecode 0xc0000005, Fehleroffset 0x00001149,  Prozess-ID
 0x13c4, Anwendungsstartzeit 01cc154e2a4c3032.
 
Error - 18.05.2011 07:49:02 | Computer Name = Gamer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.05.2011 07:50:13 | Computer Name = Gamer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.06.2011 08:35:47 | Computer Name = Gamer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.06.2011 08:37:01 | Computer Name = Gamer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.06.2011 10:25:29 | Computer Name = Gamer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.06.2011 10:26:43 | Computer Name = Gamer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.06.2011 11:20:00 | Computer Name = Gamer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.06.2011 11:20:00 | Computer Name = Gamer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 09.12.2010 09:11:44 | Computer Name = Gamer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 673
 seconds with 600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.05.2011 07:48:20 | Computer Name = Gamer-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.05.2011 07:50:13 | Computer Name = Gamer-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.06.2011 08:35:09 | Computer Name = Gamer-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 02.06.2011 08:37:01 | Computer Name = Gamer-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.06.2011 10:24:51 | Computer Name = Gamer-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 02.06.2011 10:26:43 | Computer Name = Gamer-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.06.2011 10:53:39 | Computer Name = Gamer-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 02.06.2011 10:53:50 | Computer Name = Gamer-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 02.06.2011 10:53:55 | Computer Name = Gamer-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 02.06.2011 10:53:57 | Computer Name = Gamer-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >

--- --- ---

Nr.2OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.06.2011 17:25:02 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\TheGoopster\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,86% Memory free
8,22 Gb Paging File | 6,09 Gb Available in Paging File | 74,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 36,36 Gb Free Space | 37,23% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 314,80 Gb Free Space | 85,52% Space Free | Partition Type: NTFS
 
Computer Name: GAMER-PC | User Name: TheGoopster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\TheGoopster\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Gainward Co.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\TheGoopster\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IGDCTRL) -- D:\Programme\1und1\IGDCTRL.EXE (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn2.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.01 17:55:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.05.01 17:55:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\TheGoopster\AppData\Roaming\mozilla\Extensions
[2011.05.01 17:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
[2010.08.21 16:26:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (InnoGames Toolbar) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - C:\Program Files (x86)\InnoGames\prxtbInn2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\TheGoopster\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\TheGoopster\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.02 17:22:05 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\TheGoopster\Desktop\OTL.exe
[2011.06.02 17:10:33 | 000,000,000 | ---D | C] -- C:\Users\TheGoopster\AppData\Roaming\Malwarebytes
[2011.06.02 17:10:28 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.06.02 17:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.02 17:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.02 17:10:24 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.06.02 15:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.05.18 13:33:48 | 000,000,000 | -H-D | C] -- C:\Users\TheGoopster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.02 17:26:09 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{787519C8-E432-419A-A699-8F567DBE395A}.job
[2011.06.02 17:21:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\TheGoopster\Desktop\OTL.exe
[2011.06.02 17:10:28 | 000,000,684 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.02 17:01:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.02 16:57:14 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.02 16:57:14 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.02 16:42:55 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.02 16:41:13 | 000,012,538 | ---- | M] () -- C:\Users\TheGoopster\hallo.reg
[2011.06.02 16:32:28 | 001,427,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.02 16:32:28 | 000,621,714 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.02 16:32:28 | 000,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.02 16:32:28 | 000,123,646 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.02 16:32:28 | 000,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.02 16:25:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.02 14:35:51 | 000,002,032 | -H-- | M] () -- C:\Users\TheGoopster\AppData\Local\d3d9caps.dat
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.18 13:39:11 | 000,000,400 | ---- | M] () -- C:\ProgramData\43769592
[2011.05.18 13:33:49 | 000,000,136 | ---- | M] () -- C:\ProgramData\~43769592r
[2011.05.18 13:33:49 | 000,000,112 | ---- | M] () -- C:\ProgramData\~43769592
[2011.05.18 13:33:48 | 000,000,595 | -H-- | M] () -- C:\Users\TheGoopster\Desktop\Windows Vista Recovery.lnk
[2011.05.18 13:07:36 | 000,002,759 | -H-- | M] () -- C:\Users\TheGoopster\Desktop\Microsoft Office Outlook 2007.lnk
[2011.05.17 21:03:27 | 006,989,566 | -H-- | M] () -- C:\Users\TheGoopster\Desktop\pietro_lombardi_-_call_my_name.mp3
[2011.05.17 21:02:49 | 008,973,904 | -H-- | M] () -- C:\Users\TheGoopster\Desktop\sarah_engels_-_call_my_name.mp3
[2011.05.17 20:46:29 | 191,654,780 | -H-- | M] () -- C:\Users\TheGoopster\Desktop\ESC11.rar
[2011.05.17 20:05:38 | 003,130,932 | -H-- | M] () -- C:\Users\TheGoopster\Desktop\Pirates_of_the_Carribean_theme_remix.MP3
[2011.05.04 14:21:59 | 000,027,136 | -H-- | M] () -- C:\Users\TheGoopster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.02 17:10:28 | 000,000,684 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.02 16:42:21 | 000,012,538 | ---- | C] () -- C:\Users\TheGoopster\hallo.reg
[2011.05.18 13:33:49 | 000,000,136 | ---- | C] () -- C:\ProgramData\~43769592r
[2011.05.18 13:33:48 | 000,000,595 | -H-- | C] () -- C:\Users\TheGoopster\Desktop\Windows Vista Recovery.lnk
[2011.05.18 13:33:48 | 000,000,112 | ---- | C] () -- C:\ProgramData\~43769592
[2011.05.18 13:33:44 | 000,000,400 | ---- | C] () -- C:\ProgramData\43769592
[2011.05.17 21:03:26 | 006,989,566 | -H-- | C] () -- C:\Users\TheGoopster\Desktop\pietro_lombardi_-_call_my_name.mp3
[2011.05.17 21:02:49 | 008,973,904 | -H-- | C] () -- C:\Users\TheGoopster\Desktop\sarah_engels_-_call_my_name.mp3
[2011.05.17 20:46:27 | 191,654,780 | -H-- | C] () -- C:\Users\TheGoopster\Desktop\ESC11.rar
[2011.05.17 20:05:32 | 003,130,932 | -H-- | C] () -- C:\Users\TheGoopster\Desktop\Pirates_of_the_Carribean_theme_remix.MP3
[2011.01.24 20:13:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.23 07:56:49 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2010.12.18 21:04:01 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2010.11.20 20:29:59 | 001,448,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.21 16:55:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.08.21 16:55:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.08.21 16:37:57 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.08.21 16:17:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.08.21 16:17:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.08.21 16:16:52 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.08.21 16:16:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.03.13 22:01:55 | 000,002,032 | -H-- | C] () -- C:\Users\TheGoopster\AppData\Local\d3d9caps.dat
[2010.03.13 22:00:32 | 000,000,760 | -H-- | C] () -- C:\Users\TheGoopster\AppData\Roaming\setup_ldm.iss
[2009.04.01 21:00:31 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009.04.01 20:41:23 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2008.11.16 20:52:28 | 000,000,733 | ---- | C] () -- C:\Windows\Edofma.INI
[2008.09.06 18:09:02 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008.09.06 18:08:54 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008.08.31 20:06:08 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2008.08.31 20:06:08 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2008.08.20 19:37:09 | 000,000,702 | ---- | C] () -- C:\Windows\eReg.dat
[2008.08.10 18:58:54 | 000,027,136 | -H-- | C] () -- C:\Users\TheGoopster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.10 14:24:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.08.10 14:21:24 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008.08.10 13:48:23 | 000,000,732 | -H-- | C] () -- C:\Users\TheGoopster\AppData\Local\d3d9caps64.dat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2008.08.14 15:26:06 | 000,000,000 | -H-D | M] -- C:\Users\TheGoopster\AppData\Roaming\Atari
[2010.10.03 11:02:44 | 000,000,000 | -H-D | M] -- C:\Users\TheGoopster\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.11 18:23:27 | 000,000,000 | -H-D | M] -- C:\Users\TheGoopster\AppData\Roaming\Get from YouTube
[2010.12.18 20:08:22 | 000,000,000 | -H-D | M] -- C:\Users\TheGoopster\AppData\Roaming\GetRightToGo
[2011.05.03 11:47:10 | 000,000,000 | -H-D | M] -- C:\Users\TheGoopster\AppData\Roaming\ICQ
[2010.11.11 18:22:31 | 000,000,000 | -H-D | M] -- C:\Users\TheGoopster\AppData\Roaming\Import Audio from Video
[2008.12.10 19:08:12 | 000,000,000 | -H-D | M] -- C:\Users\TheGoopster\AppData\Roaming\Leadertech
[2010.11.11 21:25:42 | 000,000,000 | -H-D | M] -- C:\Users\TheGoopster\AppData\Roaming\Music Editor Free
[2009.01.31 18:44:16 | 000,000,000 | -H-D | M] -- C:\Users\TheGoopster\AppData\Roaming\Wildlife Park 2
[2011.06.02 16:14:58 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.02 17:26:09 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{787519C8-E432-419A-A699-8F567DBE395A}.job
 
========== Purity Check ==========
 
 
 
< End of report >

--- --- ---

Vielen Dank für alle Hinweise!

Falls ihr die Avira Reports auch haben wollt, sagt einfach bescheid!

Anmerkung: Soeben sind (wohl nach Malwarebytesdurchlauf) alle Desktopsymbole zurückgekehrt, also Ordner, etc. Allerdings fehlen Arbeitsplatz, Papierkorb etc.! Die Symbole die nun auf dem Desktop sind, sind auch nicht voll da. Es sieht so aus als wären die leicht durchsichtig! Anklicken und funktioniern tun sie aber!

Der Rest ist wie gehabt. Programme sind leider weg!

So, letzte Meldung von mir. Habs jetzt ein bisschen weiter allein geschafft, aber nun bin ich mit meinem Latein am Ende. Es sind Dank dem Programm Unhide.exe alle Desktopsymbole wieder ganz normal da. Auch Festplatte D ist unbeschadet zurück!

Zwei Fehler sind noch da, ich nicht zu lösen weiß:
(1) Ich sehe nun Ordner wie: $RECYCLE.BIN! Auch leicht durchsichtig, aber die waren unter C oder D vorher nicht da!
(2) Unter Start -> Programme sind zwar alle Ordner wieder da, aber alle leer!

Frohen Vatertag allen Vätern hier und ich hoffe auf baldige Hilfe!

cosinus · 03.06.2011, 12:45

Zitat:

Falls ihr die Avira Reports auch haben wollt, sagt einfach bescheid!

Ja bitte alles posten, auch von Malwarebytes.

MS Recovery - Alle Programme sind weg!

Log-Analyse und Auswertung: MS Recovery - Alle Programme sind weg!

MS Recovery - Alle Programme sind weg!

MS Recovery - Alle Programme sind weg!

Ähnliche Themen: MS Recovery - Alle Programme sind weg!