Trojaner-Board - Rechner schaltet sich ohne Vorwarnung einfach aus

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Rechner schaltet sich ohne Vorwarnung einfach aus (https://www.trojaner-board.de/97224-rechner-schaltet-ohne-vorwarnung-einfach.html)

Rechner schaltet sich ohne Vorwarnung einfach aus

Heyho ich hoffe man kann mir hier weiter helfen.

Ich hab das problem das mein Rechner zu den unterschiedlichsten Zeiten bei den unterschiedlichsten Aktionen, egal ob ich nur im Internet surfe oder Games zocke, einfach aus geht. Sobald ich ihn wieder starte wird mir weder ein Fehler noch irgend etwas anderes angezeigt er funktioniert einwandfrei ohne Probleme bis er wieder aus geht. Manchmal dauert es ein paar Tage, manchmal auch nur ein paar Stunden.

Hab Malwarebytes durchlaufen lassen und das kam raus

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6291

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

07.04.2011 01:47:27
mbam-log-2011-04-07 (01-47-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169489
Laufzeit: 2 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Wo koennte der Fehler liegen?

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Nein gibt es nicht, hab mir Malwarebytes erst gestern runtergeladen und kurz durch laufen lassen.

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

So ich habs dann auch mal fertig..

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6291

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

07.04.2011 15:11:15
mbam-log-2011-04-07 (15-11-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 408404
Laufzeit: 1 Stunde(n), 4 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ich hoff ich hab das mit dem zip jetzt richtig hingekriegt

Was soll man mit diesen WPS-Dateien anfangen? Wieso kopierst du den Inhalt der für jedes System lesbaren TXT-Formate das extra um?! Das macht doch keinen Sinn!!

Poste bitte die Logs OTL.txt und Extras.txt im Orignalzustand ohne Umformatierungsunsinn!! :balla:

Huch sry, habs so gemacht wie es in der Erklaerung stand aber gut ich schau mal was sich machen laesstOTL Logfile:

Code:

OTL Extras logfile created on: 07.04.2011 14:15:07 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Puma\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 26,00% Memory free

8,00 Gb Paging File | 5,00 Gb Available in Paging File | 61,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 460,00 Gb Total Space | 295,12 Gb Free Space | 64,16% Space Free | Partition Type: NTFS

Drive D: | 459,79 Gb Total Space | 459,12 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

 

Computer Name: PUMA-PC | User Name: Puma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = BF F0 2A 43 3E 1C CB 01  [binary data]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption

"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)

"C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Launcher.atm" = C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2

"C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe" = C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP

"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption

"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)

"C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Launcher.atm" = C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2

"C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe" = C:\Program Files (x86)\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP

"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3950EBEC-5A1B-4B5D-9CE3-516EB4E2BBAE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 

"{5FAF56B7-4CCF-4C52-AA64-EF6A23FFFF4E}" = lport=49174 | protocol=6 | dir=in | name=akamai netsession interface | 

"{6240CC14-9F3A-4AF2-89F4-19675E7B4B15}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface | 

"{6A5428A9-E814-4D38-BB32-BBA777D9F1AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{9452B668-8529-48C3-B2AA-F6B293ADDFA4}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{A571DFAC-5CDF-46B7-A8B7-8FD8CEEF7032}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{001A53CA-346D-4459-9D05-3E63412E702D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 

"{088641C2-EAB6-4E71-ACDC-C49E2AF6F3C0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 

"{09D13F36-41A6-40FE-B3E7-9E8FDE08F0B3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 

"{100E2233-9966-411E-A0EF-AB3EEA5CA833}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 

"{16B3D735-D7DC-45F7-83DC-AC4625F7A8B8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 

"{1C2071A1-9660-4EA8-AACE-15406927B7DB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 

"{1C9FB18B-967D-430C-B169-14D1D93C58E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{20A5EC57-B14E-4A59-99D2-871FA0B1B762}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 

"{22437F08-2996-4975-9EB1-C92F60E0FF91}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 

"{24A76E72-55D5-4D6F-9A6E-FE0DBC7DB23D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 

"{2A3E4533-2074-4213-A516-432BED64F5F7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 

"{3008E684-4C61-48CA-911E-74F4573AFD93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{33793143-B004-4997-BB2A-8AB1C595ADF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{3FCBE840-EE3F-4D0B-87F4-E8DB5B97E1EA}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 

"{413E094F-1BB0-40CC-8C9B-0435A7CE9B2F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 

"{443EDBB4-3E5B-49A1-8243-E8DADF92854F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 

"{468C76AF-3C19-406E-A135-2D4B0030659F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 

"{4A2B63C7-5866-4D76-8C34-7B5F0244C57C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 

"{4E2A1909-4A3F-4DB8-8BCD-D2CFEDF0FB8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 

"{5333F88A-77DF-4DCE-A29A-F73D802BE100}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 

"{59CD088C-E99C-46A5-A85F-B02B686A9CF7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 

"{5A1395C5-3374-4E95-AB87-93D0A811BBB1}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 

"{64DA2708-E672-4F66-BFC4-1AE72E62D44F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 

"{71725025-0AA5-4AFD-AD83-C67DCB177A71}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{81851C5A-4EBA-4FEF-89AF-4B143B436010}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{823ECCDE-DC6C-464D-A1F7-AD8917EEBC49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{83A516F0-1C01-41E9-8059-F77C5CA1616E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 

"{86E0281D-9A12-48E3-AE14-41EAC4E604B9}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 

"{94DC8346-82FC-430D-80CD-7733286916E1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 

"{964BDBA2-E853-4415-92FF-6D48AC1E9C2B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{97822478-F338-4449-88BB-E0B3606E86CD}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{97C4769B-4D7F-4CA2-95DD-C8FC76DE2E74}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 

"{99C6D07D-6BC1-4B5A-8E14-A36229A0B0FA}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 

"{9F89B37B-9723-4FCE-9C5F-111E4C8876B2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 

"{A18E5735-1D8F-429D-B8B5-A1A38067B50B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 

"{A4306424-9E18-4F88-90AD-AA42557453FD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 

"{A6A68AB4-3CFB-4827-AD0A-2BA138A5CCFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 

"{A7CDF499-DC4C-478E-BEE4-825B195CA79E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 

"{A8B526D2-D6EF-46C7-8337-7B810F86ED60}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 

"{A9C21870-24E7-4148-978E-67D0E415478D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 

"{B09F36D6-199C-494B-B763-135E2097BCD0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 

"{B481F67E-B4B1-4AB5-8FE4-0D93E9BB8999}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 

"{BA6BCCB7-6BAB-4C5C-88F4-4F93B891DFAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 

"{BAD2C59F-C5F9-41DF-A769-5D58712BF15A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 

"{C2A1B3D7-B75C-4B57-A045-8951C33615B2}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 

"{C338D435-2B1C-4040-AF21-82D177B373BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{C33D5982-21DA-422F-A786-74F79D4D58E6}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 

"{CB2A1D15-711B-40E8-A403-E243D15B5230}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 

"{D017103A-D984-42DA-9BB0-0C986EC79360}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{DC649DC1-89C5-49EA-AE0E-DF7959EF63DA}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 

"{E504C940-8C19-4E86-B448-C2464B06615F}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 

"{E88369D8-33C2-482C-A57C-2D77658152E4}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 

"{EBAE139E-7E48-47E0-9F40-B0B2902E9AE5}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 

"{F258CAEF-A961-425D-B111-90B5D1645D6F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 

"{F5A5CD4B-CD70-4B8A-9FA3-B557704E7195}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 

"{F6DFBF62-2119-44C2-AE06-417D56AEC4F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 

"{FE302A65-A019-49D0-A61E-A3E93FD9B1CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 

"{FFC4A5B1-BB1B-450A-AD6C-ABFE8BCD1B48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 

"TCP Query User{03C1FE6E-AD55-4391-8683-A7FE9AB524E1}C:\users\puma\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\puma\downloads\fogdownloader-rom_3_0_1_2153.exe | 

"TCP Query User{0C9343A6-723A-4ED8-96F5-73B34ECC0FFF}C:\users\puma\appdata\local\temp\7zipsfx.001\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\puma\appdata\local\temp\7zipsfx.001\cf_downloader.exe | 

"TCP Query User{265A9198-DC09-413F-8FB2-69E58646DA89}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 

"TCP Query User{348A8338-F280-4BFF-AD81-386D201886F0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 

"TCP Query User{46ADA9DF-8061-4333-A5A0-8F2AFBDB9C7B}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 

"TCP Query User{6CE8B1AD-3C79-4BA6-9132-61CC21969264}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 

"TCP Query User{6F29CE30-155E-422E-9056-B27D6451D76F}C:\users\puma\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\puma\program files (x86)\dna\btdna.exe | 

"TCP Query User{7977820E-95CC-4BAC-969D-070FF1B76685}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | 

"TCP Query User{79F033C9-91EA-4CEE-BCE0-50A48FBD8AA3}C:\users\puma\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\puma\downloads\maestia-downloader.exe | 

"TCP Query User{7A635B04-1BD2-4826-90F2-4E2DABBE8029}C:\program files (x86)\jowood\dievölker\bin\dv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jowood\dievölker\bin\dv.exe | 

"TCP Query User{820155AF-01AE-4618-8B28-8AE3AB205FFC}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | 

"TCP Query User{8BE06EBA-8A6D-4806-9A08-26DC132D5396}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 

"TCP Query User{9083492F-AF5E-4B2B-8143-134D734E544B}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 

"TCP Query User{9DC88E02-CD32-47CE-B0A8-C0E580B2D961}C:\program files (x86)\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\patchget.dat | 

"TCP Query User{A00097A2-52C8-4858-85DF-9D2EE4D30E61}C:\program files (x86)\alaplaya\loco\system\loco.exe" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\loco\system\loco.exe | 

"TCP Query User{A00A5755-25BB-4A29-AA31-C9500F95662B}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 

"TCP Query User{A7F3368A-9353-4611-AA4B-2524C6E91F8C}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 

"TCP Query User{C26FA5AE-5B16-454E-90CE-6561657BAA86}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 

"TCP Query User{C49D9DF4-84D3-4E45-BFA2-DB0235CF01B1}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 

"TCP Query User{CDC9D6A7-E396-4917-8270-0812A2AB663F}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | 

"TCP Query User{CE84D17F-4063-43A2-B611-00251831D0BB}C:\users\puma\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\puma\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 

"UDP Query User{008E43FA-DF45-499A-8469-0E76DF02E10A}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | 

"UDP Query User{03B7528B-14C6-452C-BD8A-6C53E3889B53}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 

"UDP Query User{0B8B2A62-14D9-4B41-ACB7-857B64340D9C}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 

"UDP Query User{0EAAFB7E-BED2-48D1-9ACE-D626D0F6C422}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 

"UDP Query User{0FCE9B73-46BF-4A28-9501-4DC831DBF412}C:\users\puma\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\puma\downloads\maestia-downloader.exe | 

"UDP Query User{15BA46C0-5C5D-4955-95A8-6DAE2056231A}C:\program files (x86)\jowood\dievölker\bin\dv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jowood\dievölker\bin\dv.exe | 

"UDP Query User{1C0CABE3-94FF-4CC7-AAB4-9D32CDB59BD9}C:\users\puma\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\puma\downloads\fogdownloader-rom_3_0_1_2153.exe | 

"UDP Query User{1FA029B8-E476-4CA9-B43E-B9AEEDD6CD4D}C:\users\puma\appdata\local\temp\7zipsfx.001\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\puma\appdata\local\temp\7zipsfx.001\cf_downloader.exe | 

"UDP Query User{276CECD3-154C-4D1C-8884-7C485F212A9D}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 

"UDP Query User{31EC0575-326A-4C64-B720-23E0D592E496}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 

"UDP Query User{33CA4478-A3D3-420C-83BB-3F1BEEA68109}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 

"UDP Query User{692D07C6-CA55-42CD-94DF-854ACA10FC80}C:\users\puma\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\puma\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 

"UDP Query User{82543FDC-37A3-4161-830E-F584885FB160}C:\program files (x86)\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\patchget.dat | 

"UDP Query User{85F4FBDC-241E-4558-9381-5AFC80DCB342}C:\program files (x86)\alaplaya\loco\system\loco.exe" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\loco\system\loco.exe | 

"UDP Query User{9B291F56-9AC9-4208-ADCC-892940B52633}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | 

"UDP Query User{9B3E9889-C1C9-4684-83D5-3DAA3E9FC877}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 

"UDP Query User{A2C5C589-094B-4F4B-A13C-B9A7FFB8B27A}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | 

"UDP Query User{A853FB7F-9269-40FC-994C-20DCC4082FC9}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 

"UDP Query User{B156BEA7-3B3F-46C1-BC35-F5660AD1067A}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 

"UDP Query User{F101AD4D-69E7-4C39-A3A9-078765141C4A}C:\users\puma\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\puma\program files (x86)\dna\btdna.exe | 

"UDP Query User{FED90EC5-B52C-42B7-8745-61082FE02B12}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager

"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A792E67C-FDA4-A301-0C3C-53BA86EFBB5A}" = ccc-utility64

"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"HP Imaging Device Functions" = HP Imaging Device Functions 11.0

"HP Photosmart Essential" = HP Photosmart Essential 3.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 11.0

"HPOCR" = OCR Software by I.R.I.S. 11.0

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Drivers" = NVIDIA Drivers

"Shop for HP Supplies" = Shop for HP Supplies

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{023FFB0A-C5DB-4930-B3E4-D48266C21738}" = Der Hobbit

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min

"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect

"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01

"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24

"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II

"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD

"{47CAFF95-C3D8-ABF2-70BC-89DE00D8FB19}" = Catalyst Control Center Graphics Light

"{4962EBAC-AE7C-1B22-1EA0-0916A7E40954}" = Catalyst Control Center Graphics Full Existing

"{49A62E2B-B35C-941D-DF48-601207CF14C0}" = Catalyst Control Center Graphics Previews Common

"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help

"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FF50E1A-4E6D-454B-BA00-6E15D6216BFB}" = Wildlife Park Gold

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6A490E11-6C8A-777C-4E00-43F3CC16A1EC}" = CCC Help English

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77919701-C3E7-09AA-D2F7-DBF42CD7C13D}" = Catalyst Control Center HydraVision Full

"{78B2F09F-BDC7-7865-CF4C-233B64A3BE51}" = Catalyst Control Center Graphics Full New

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EAFDFA-C563-4B65-B6FA-92F1066E61EC}" = Wonderking

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 

"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software

"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software

"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine

"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator

"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan

"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}" = ccc-core-static

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management

"{D5C24E77-099E-9B84-5BE2-708E70B938A9}" = Catalyst Control Center Core Implementation

"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5

"{DC4757E2-BAE3-0BFE-C6E5-576CB911FF52}" = Catalyst Control Center Graphics Previews Vista

"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy

"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician

"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician

"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help

"AC3Filter_is1" = AC3Filter 1.63b

"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface

"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced

"avast" = avast! Free Antivirus

"AVMFBox" = AVM FRITZ!Box Dokumentation

"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss

"CABAL Online_is1" = CABAL Online

"Cross Fire_is1" = Cross Fire En

"DivX Setup.divx.com" = DivX-Setup

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Free Studio_is1" = Free Studio version 5.0.5

"Free YouTube Download_is1" = Free YouTube Download 2.9

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324

"FRITZ!DSL" = AVM FRITZ!DSL

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{023FFB0A-C5DB-4930-B3E4-D48266C21738}" = DER HOBBIT 

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"LOCO" = LOCO EU

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"MobMap_is1" = MobMap 4.04

"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)

"PhotoScape" = PhotoScape

"TuneUp Utilities 2011" = TuneUp Utilities 2011

"Uninstall_is1" = Uninstall 1.0.0.1

"Veoh Web Player Beta" = Veoh Web Player

"WinLiveSuite_Wave3" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 30.03.2011 20:15:14 | Computer Name = Puma-PC | Source = Perflib | ID = 1008

Description = 

 

Error - 30.03.2011 20:15:14 | Computer Name = Puma-PC | Source = Perflib | ID = 1005

Description = 

 

Error - 30.03.2011 20:15:14 | Computer Name = Puma-PC | Source = Perflib | ID = 1018

Description = 

 

Error - 30.03.2011 20:15:15 | Computer Name = Puma-PC | Source = Perflib | ID = 1008

Description = 

 

Error - 30.03.2011 20:21:36 | Computer Name = Puma-PC | Source = SideBySide | ID = 16842830

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Puma\Downloads\SoftonicDownloader_fuer_tuneup-utilities-2011.exe".

 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.

Die

 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

 

Error - 30.03.2011 20:24:28 | Computer Name = Puma-PC | Source = SideBySide | ID = 16842830

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Puma\Downloads\SoftonicDownloader_fuer_nero-burning-rom.exe".

 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.

Die

 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

 

Error - 30.03.2011 20:24:28 | Computer Name = Puma-PC | Source = SideBySide | ID = 16842830

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Puma\Downloads\SoftonicDownloader_fuer_tuneup-utilities-2011.exe".

 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.

Die

 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

 

Error - 30.03.2011 20:29:13 | Computer Name = Puma-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung PCMMediaSharing.exe, Version 0.0.0.0, Zeitstempel

 0x4663e046, fehlerhaftes Modul PCMMediaSharing.exe, Version 0.0.0.0, Zeitstempel

 0x4663e046, Ausnahmecode 0xc0000005, Fehleroffset 0x00007f86,  Prozess-ID 0x5c4, 

Anwendungsstartzeit 01cbef3aa7026726.

 

Error - 30.03.2011 20:29:48 | Computer Name = Puma-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 30.03.2011 20:36:29 | Computer Name = Puma-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60,

 Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, 

Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360,

Prozess-ID

 0xfe4, Anwendungsstartzeit 01cbef3aaee75686.

 

[ System Events ]

Error - 06.04.2011 07:28:10 | Computer Name = Puma-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 06.04.2011 07:28:10 | Computer Name = Puma-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 06.04.2011 16:58:18 | Computer Name = Puma-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 06.04.2011 um 22:56:24 unerwartet heruntergefahren.

 

Error - 06.04.2011 17:00:13 | Computer Name = Puma-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 06.04.2011 17:35:06 | Computer Name = Puma-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 06.04.2011 um 23:34:12 unerwartet heruntergefahren.

 

Error - 06.04.2011 17:36:50 | Computer Name = Puma-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 06.04.2011 17:36:59 | Computer Name = Puma-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 06.04.2011 18:27:42 | Computer Name = Puma-PC | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 07.04.2011 07:06:22 | Computer Name = Puma-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 07.04.2011 07:07:18 | Computer Name = Puma-PC | Source = Service Control Manager | ID = 7034

Description = 

 

[ TuneUp Events ]

Error - 30.03.2011 20:58:28 | Computer Name = Puma-PC | Source = TuneUp.UtilitiesSvc | ID = 300

Description = 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 07.04.2011 14:15:07 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Puma\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 26,00% Memory free

8,00 Gb Paging File | 5,00 Gb Available in Paging File | 61,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 460,00 Gb Total Space | 295,12 Gb Free Space | 64,16% Space Free | Partition Type: NTFS

Drive D: | 459,79 Gb Total Space | 459,12 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

 

Computer Name: PUMA-PC | User Name: Puma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Puma\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Users\Public\Games\World of Warcraft\WoW.exe (Blizzard Entertainment)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Puma\Downloads\OTL.exe (OldTimer Tools)

MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)

MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_a35e6b9.dll ()

SRV - (0176611302174426mcinstcleanup) McAfee Application Installer Cleanup (0176611302174426) -- C:\Windows\Temp\0176611302174426mcinst.exe (McAfee, Inc.)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (AVM IGD CTRL Service) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

SRV - (de_serv) -- C:\Program Files (x86)\Common Files\AVM\De_serv.exe (AVM Berlin)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atipmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)

DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)

DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)

DRV:64bit: - (WSVD) -- C:\Windows\SysNative\drivers\WSVD.sys (Wasay)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Page Not Found, however check out this great site!

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Page Not Found, however check out this great site!

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"

FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462

FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.17 23:13:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.04.07 13:19:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.26 20:28:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.26 20:00:41 | 000,000,000 | ---D | M]

 

[2010.06.30 21:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Puma\AppData\Roaming\mozilla\Extensions

[2011.04.06 23:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Puma\AppData\Roaming\mozilla\Firefox\Profiles\xbpkww3o.default\extensions

[2011.03.27 03:31:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Puma\AppData\Roaming\mozilla\Firefox\Profiles\xbpkww3o.default\extensions\engine@conduit.com

[2011.03.31 23:06:29 | 000,000,168 | ---- | M] () -- C:\Users\Puma\AppData\Roaming\Mozilla\Firefox\Profiles\xbpkww3o.default\searchplugins\icqplugin.gif

[2011.03.31 23:06:29 | 000,000,618 | ---- | M] () -- C:\Users\Puma\AppData\Roaming\Mozilla\Firefox\Profiles\xbpkww3o.default\searchplugins\icqplugin.src

[2011.04.03 13:37:17 | 000,001,056 | ---- | M] () -- C:\Users\Puma\AppData\Roaming\Mozilla\Firefox\Profiles\xbpkww3o.default\searchplugins\icqplugin.xml

[2010.08.13 14:44:31 | 000,001,379 | ---- | M] () -- C:\Users\Puma\AppData\Roaming\Mozilla\Firefox\Profiles\xbpkww3o.default\searchplugins\winamp-search.xml

[2011.03.26 20:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010.08.17 23:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.18 13:09:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.11.04 14:04:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.04 18:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.03.04 18:53:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011.04.07 13:19:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

() (No name found) -- C:\USERS\PUMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XBPKWW3O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI

() (No name found) -- C:\USERS\PUMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XBPKWW3O.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2010.07.03 02:32:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.04.01 03:09:59 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe (Egis Incorporated)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [WMPNSCFG]  File not found

O4 - Startup: C:\Users\Puma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Puma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Puma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Puma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Puma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found

O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Puma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Puma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O27:64bit: - HKLM IFEO\eperformance.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\eragent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\esettings.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\eperformance.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)

O27 - HKLM IFEO\eragent.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)

O27 - HKLM IFEO\esettings.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)

O27 - HKLM IFEO\hpwucli.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.07 01:23:28 | 000,000,000 | ---D | C] -- C:\Users\Puma\AppData\Roaming\Malwarebytes

[2011.04.07 01:23:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.04.07 01:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.07 01:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.07 01:23:14 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.04.07 01:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.03.31 23:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4

[2011.03.31 23:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4

[2011.03.31 02:26:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.03.31 02:25:06 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2011.03.31 02:25:05 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2011.03.31 02:25:05 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2011.03.31 02:25:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2011.03.31 02:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011

[2011.03.31 02:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011

[2011.03.31 02:24:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2011.03.26 20:12:49 | 000,000,000 | ---D | C] -- C:\Users\Puma\AppData\Local\PackageAware

[2011.03.14 01:16:51 | 000,505,176 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2010.06.29 17:34:57 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL

[2010.06.29 08:01:41 | 000,016,384 | ---- | C] ( ) -- C:\Windows\SysWow64\ClearEvent.exe

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.07 14:07:56 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2011.04.07 13:57:52 | 001,474,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.04.07 13:57:52 | 000,638,972 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.04.07 13:57:52 | 000,604,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.04.07 13:57:52 | 000,131,012 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.04.07 13:57:52 | 000,107,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.04.07 13:04:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.07 13:04:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.07 13:04:31 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2011.04.07 01:49:13 | 000,011,354 | ---- | M] () -- C:\Users\Puma\AppData\Roaming\wklnhst.dat

[2011.04.07 01:23:18 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.06 22:22:53 | 000,001,038 | ---- | M] () -- C:\Users\Puma\Desktop\DVDVideoSoft Free Studio.lnk

[2011.04.06 22:22:41 | 000,001,197 | ---- | M] () -- C:\Users\Puma\Desktop\Free YouTube to MP3 Converter.lnk

[2011.04.01 03:20:56 | 000,000,049 | ---- | M] () -- C:\Windows\wekacommon.ini

[2011.03.31 13:19:14 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk

[2011.03.31 02:33:14 | 000,000,693 | ---- | M] () -- C:\Users\Puma\Desktop\WinRAR.lnk

[2011.03.31 02:26:42 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk

[2011.03.31 02:26:42 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk

[2011.03.26 20:28:14 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.03.22 14:06:25 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011.03.16 14:15:14 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2011.03.16 14:10:40 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2011.03.16 14:10:38 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2011.03.16 14:10:34 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2011.03.16 14:10:30 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2011.03.16 13:38:29 | 000,007,052 | ---- | M] () -- C:\Users\Puma\AppData\Local\d3d9caps.dat

[2011.03.15 01:35:59 | 000,002,477 | ---- | M] () -- C:\Users\Public\Desktop\Wonderking.lnk

[2011.03.14 01:16:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.04.07 01:23:18 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.06 22:22:41 | 000,001,197 | ---- | C] () -- C:\Users\Puma\Desktop\Free YouTube to MP3 Converter.lnk

[2011.04.01 03:20:56 | 000,000,049 | ---- | C] () -- C:\Windows\wekacommon.ini

[2011.03.31 02:25:04 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk

[2011.03.31 02:25:04 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk

[2011.03.31 02:25:04 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk

[2011.03.26 20:28:14 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011.03.26 20:28:14 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010.12.13 19:19:09 | 000,000,092 | ---- | C] () -- C:\Users\Puma\AppData\Local\fusioncache.dat

[2010.12.13 19:17:53 | 001,502,086 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.11.06 02:15:12 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2010.10.19 00:17:09 | 000,023,604 | ---- | C] () -- C:\Users\Puma\AppData\Roaming\UserTile.png

[2010.10.18 13:23:23 | 000,001,022 | ---- | C] () -- C:\Windows\eReg.dat

[2010.08.28 20:35:58 | 000,000,174 | ---- | C] () -- C:\Windows\DieVölker.ini

[2010.08.18 01:20:45 | 000,007,052 | ---- | C] () -- C:\Users\Puma\AppData\Local\d3d9caps.dat

[2010.08.18 01:15:53 | 000,078,239 | ---- | C] () -- C:\Windows\hpqins05.dat

[2010.08.18 00:52:08 | 000,023,687 | ---- | C] () -- C:\Windows\hpqins15.dat.temp

[2010.08.17 23:35:00 | 000,157,487 | ---- | C] () -- C:\Windows\hpoins29.dat.temp

[2010.08.17 23:35:00 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp

[2010.08.09 20:05:24 | 000,003,584 | ---- | C] () -- C:\Users\Puma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.07.26 13:28:52 | 000,023,325 | ---- | C] () -- C:\Windows\hpqins15.dat

[2010.07.06 21:45:15 | 000,188,482 | ---- | C] () -- C:\Windows\hpoins29.dat

[2010.07.06 21:45:15 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat

[2010.07.06 21:14:40 | 000,011,354 | ---- | C] () -- C:\Users\Puma\AppData\Roaming\wklnhst.dat

[2010.07.03 12:18:45 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010.07.03 12:18:02 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010.07.03 12:17:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010.07.02 04:08:43 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2010.07.01 22:10:18 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.06.30 21:13:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.06.29 08:22:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.06.29 08:05:40 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2010.06.29 08:05:40 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2010.06.29 08:01:53 | 000,000,069 | ---- | C] () -- C:\Windows\eAPLauncher.ini

[2010.06.29 08:01:41 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\LauncheRyAgentUser.exe

[2009.10.26 21:06:06 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2008.08.13 10:05:55 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN4.dll

[2008.08.13 08:06:32 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini

[2008.08.13 08:06:32 | 000,000,136 | ---- | C] () -- C:\Windows\Alaunch.ini

[2008.08.13 00:20:54 | 000,015,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15_64.sys

[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006.11.02 17:37:05 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll

[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll

[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll

[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

 
 ========== LOP Check ==========

 

[2010.10.19 00:16:31 | 000,000,000 | -HSD | M] -- C:\Users\Puma\AppData\Roaming\.#

[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\Acer GameZone Console

[2011.01.25 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\Ashampoo

[2010.10.06 13:42:05 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\BlamGames

[2011.02.28 15:20:18 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\DeepBurner

[2011.03.04 22:43:57 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\DVDVideoSoft

[2011.02.25 01:15:13 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.07.01 02:05:10 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\eSobi

[2010.08.10 19:35:41 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\FOG Downloader

[2010.08.05 18:22:21 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\FRITZ!

[2010.08.13 12:51:42 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\GamesCafe

[2010.10.26 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\GetRightToGo

[2010.07.23 20:16:55 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\Gutscheinmieze

[2011.04.05 00:46:22 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\ICQ

[2010.09.13 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\IrfanView

[2010.07.19 14:24:35 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\LG Electronics

[2010.08.11 21:59:31 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien

[2011.02.20 01:04:34 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\MobMapUpdater

[2010.08.05 19:06:43 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\OCS

[2010.08.05 19:06:45 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\Opera

[2010.10.19 00:17:09 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\PeerNetworking

[2010.08.19 16:25:23 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\PhotoScape

[2010.10.06 13:43:23 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\PlayFirst

[2010.08.14 12:42:42 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\QIP

[2010.07.01 16:30:33 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\Raptr

[2010.07.01 21:36:31 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\TeamViewer

[2010.07.06 21:14:42 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\Template

[2010.07.01 14:02:32 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\The Hobbit

[2011.02.28 15:20:19 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\TS3Client

[2011.03.31 03:02:10 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\TuneUp Software

[2010.08.17 22:24:09 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\Ulead Systems

[2010.10.06 13:43:21 | 000,000,000 | ---D | M] -- C:\Users\Puma\AppData\Roaming\Zylom

[2011.04.07 02:55:18 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FF8F1AE3

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CE2C623F

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54
 

< End of report >

--- --- ---

So besser? Sry bin leider einer der vielen Menschen die so garkeine ahnung von soetwas haben.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FF8F1AE3

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CE2C623F

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54

[2010.10.19 00:16:31 | 000,000,000 | -HSD | M] -- C:\Users\Puma\AppData\Roaming\.#

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Da wurde kein Logfile geöffnet, kann ich das irgend wo finden?

Schau in C:\_OTL nach

Da ist niergends ein ordner mit OTL im Namen

Dann wiederhol den Fix bitte.

So nun hab ichs

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:FF8F1AE3 deleted successfully.
ADS C:\ProgramData\TEMP:CE2C623F deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
C:\Users\Puma\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Puma
->Temp folder emptied: 60159286 bytes
->Temporary Internet Files folder emptied: 1226140 bytes
->Java cache emptied: 86064194 bytes
->FireFox cache emptied: 71382691 bytes
->Flash cache emptied: 90392 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2391512 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2130243527 bytes

Total Files Cleaned = 2.243,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04072011_203905

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\uxt68B2.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hier ist es

2011/04/07 21:26:27.0008 4252 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/07 21:26:27.0445 4252 ================================================================================
2011/04/07 21:26:27.0445 4252 SystemInfo:
2011/04/07 21:26:27.0445 4252
2011/04/07 21:26:27.0445 4252 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/07 21:26:27.0445 4252 Product type: Workstation
2011/04/07 21:26:27.0445 4252 ComputerName: PUMA-PC
2011/04/07 21:26:27.0445 4252 UserName: Puma
2011/04/07 21:26:27.0445 4252 Windows directory: C:\Windows
2011/04/07 21:26:27.0445 4252 System windows directory: C:\Windows
2011/04/07 21:26:27.0445 4252 Running under WOW64
2011/04/07 21:26:27.0445 4252 Processor architecture: Intel x64
2011/04/07 21:26:27.0445 4252 Number of processors: 4
2011/04/07 21:26:27.0445 4252 Page size: 0x1000
2011/04/07 21:26:27.0445 4252 Boot type: Normal boot
2011/04/07 21:26:27.0445 4252 ================================================================================
2011/04/07 21:26:27.0866 4252 Initialize success
2011/04/07 21:26:36.0711 4284 ================================================================================
2011/04/07 21:26:36.0711 4284 Scan started
2011/04/07 21:26:36.0711 4284 Mode: Manual;
2011/04/07 21:26:36.0711 4284 ================================================================================
2011/04/07 21:26:38.0006 4284 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/04/07 21:26:38.0240 4284 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/04/07 21:26:38.0287 4284 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/04/07 21:26:38.0302 4284 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/04/07 21:26:38.0318 4284 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/04/07 21:26:38.0396 4284 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/04/07 21:26:38.0412 4284 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/04/07 21:26:38.0443 4284 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/04/07 21:26:38.0458 4284 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/04/07 21:26:38.0490 4284 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/04/07 21:26:38.0505 4284 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/04/07 21:26:38.0880 4284 amdkmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/04/07 21:26:39.0020 4284 amdkmdap (ebc963d8f5b04c98f5ef597aae79cddd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/07 21:26:39.0051 4284 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/04/07 21:26:39.0067 4284 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/04/07 21:26:39.0129 4284 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/07 21:26:39.0145 4284 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/07 21:26:39.0160 4284 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
2011/04/07 21:26:39.0207 4284 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
2011/04/07 21:26:39.0223 4284 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
2011/04/07 21:26:39.0254 4284 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
2011/04/07 21:26:39.0285 4284 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/07 21:26:39.0316 4284 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/04/07 21:26:39.0332 4284 AtiHdmiService (19aaa5fa3a9804b8722f7b95649fb6c9) C:\Windows\system32\drivers\AtiHdmi.sys
2011/04/07 21:26:39.0394 4284 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/04/07 21:26:39.0426 4284 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/07 21:26:39.0457 4284 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/07 21:26:39.0472 4284 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/04/07 21:26:39.0504 4284 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/04/07 21:26:39.0519 4284 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/04/07 21:26:39.0535 4284 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/07 21:26:39.0550 4284 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/04/07 21:26:39.0566 4284 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/04/07 21:26:39.0613 4284 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/07 21:26:39.0628 4284 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/07 21:26:39.0660 4284 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/04/07 21:26:39.0691 4284 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/04/07 21:26:39.0722 4284 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/04/07 21:26:39.0738 4284 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/04/07 21:26:39.0753 4284 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/07 21:26:39.0800 4284 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/04/07 21:26:39.0847 4284 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/04/07 21:26:39.0894 4284 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/07 21:26:39.0909 4284 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/07 21:26:39.0940 4284 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/07 21:26:39.0956 4284 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/07 21:26:40.0096 4284 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/07 21:26:40.0159 4284 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/04/07 21:26:40.0190 4284 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/04/07 21:26:40.0237 4284 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/04/07 21:26:40.0268 4284 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/04/07 21:26:40.0330 4284 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/04/07 21:26:40.0362 4284 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/04/07 21:26:40.0377 4284 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/07 21:26:40.0408 4284 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/04/07 21:26:40.0424 4284 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/04/07 21:26:40.0440 4284 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/07 21:26:40.0471 4284 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/04/07 21:26:40.0502 4284 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/07 21:26:40.0518 4284 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/07 21:26:40.0549 4284 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/07 21:26:40.0580 4284 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/07 21:26:40.0611 4284 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/04/07 21:26:40.0658 4284 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/07 21:26:40.0689 4284 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/04/07 21:26:40.0705 4284 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/04/07 21:26:40.0736 4284 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/07 21:26:40.0752 4284 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/04/07 21:26:40.0814 4284 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/04/07 21:26:40.0830 4284 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/04/07 21:26:40.0876 4284 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/07 21:26:40.0908 4284 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/04/07 21:26:40.0923 4284 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/04/07 21:26:41.0001 4284 int15 (91b61589bb2915e81d436efe07548507) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/04/07 21:26:41.0079 4284 IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/07 21:26:41.0110 4284 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/04/07 21:26:41.0142 4284 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/07 21:26:41.0173 4284 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/07 21:26:41.0204 4284 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/07 21:26:41.0235 4284 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/07 21:26:41.0251 4284 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/04/07 21:26:41.0266 4284 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/04/07 21:26:41.0329 4284 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/07 21:26:41.0344 4284 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/04/07 21:26:41.0360 4284 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/04/07 21:26:41.0391 4284 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/07 21:26:41.0407 4284 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/07 21:26:41.0454 4284 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/07 21:26:41.0469 4284 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/04/07 21:26:41.0516 4284 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/07 21:26:41.0547 4284 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/07 21:26:41.0563 4284 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/07 21:26:41.0578 4284 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/07 21:26:41.0594 4284 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/04/07 21:26:41.0625 4284 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/04/07 21:26:41.0656 4284 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/04/07 21:26:41.0703 4284 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/04/07 21:26:41.0719 4284 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/07 21:26:41.0750 4284 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/07 21:26:41.0766 4284 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/07 21:26:41.0781 4284 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/07 21:26:41.0797 4284 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/04/07 21:26:41.0828 4284 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/07 21:26:41.0844 4284 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/07 21:26:41.0890 4284 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/07 21:26:41.0922 4284 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/07 21:26:41.0953 4284 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/07 21:26:41.0968 4284 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/07 21:26:41.0984 4284 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/04/07 21:26:42.0015 4284 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/04/07 21:26:42.0062 4284 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/04/07 21:26:42.0078 4284 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/04/07 21:26:42.0109 4284 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/07 21:26:42.0124 4284 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/07 21:26:42.0140 4284 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/04/07 21:26:42.0187 4284 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/04/07 21:26:42.0218 4284 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/07 21:26:42.0234 4284 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/04/07 21:26:42.0265 4284 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/04/07 21:26:42.0312 4284 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/07 21:26:42.0358 4284 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/04/07 21:26:42.0390 4284 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/07 21:26:42.0405 4284 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/07 21:26:42.0452 4284 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/07 21:26:42.0468 4284 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/04/07 21:26:42.0514 4284 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/07 21:26:42.0546 4284 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/07 21:26:42.0592 4284 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/04/07 21:26:42.0608 4284 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/04/07 21:26:42.0670 4284 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/07 21:26:42.0702 4284 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/04/07 21:26:42.0748 4284 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/04/07 21:26:42.0780 4284 NVENETFD (99ed33f7fe39026a477893d92aea5ef0) C:\Windows\system32\DRIVERS\nvmfdx64.sys
2011/04/07 21:26:42.0826 4284 NVHDA (87a7e98a682b0b20820be781c7758b94) C:\Windows\system32\drivers\nvhda64v.sys
2011/04/07 21:26:43.0045 4284 nvlddmkm (15c9645fbc3ca28bd44eb1ec5418a8fc) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/07 21:26:43.0185 4284 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/04/07 21:26:43.0201 4284 nvrd64 (081601b398ded2fbc6ff62ae2042c38a) C:\Windows\system32\drivers\nvrd64.sys
2011/04/07 21:26:43.0216 4284 nvsmu (f6c6d8298dd85507f680437ec2e6899c) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/04/07 21:26:43.0248 4284 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/04/07 21:26:43.0279 4284 nvstor64 (1f27f53013b40565c8bd1d787ea5ec6a) C:\Windows\system32\drivers\nvstor64.sys
2011/04/07 21:26:43.0310 4284 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/04/07 21:26:43.0388 4284 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/07 21:26:43.0419 4284 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/04/07 21:26:43.0450 4284 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/04/07 21:26:43.0466 4284 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/04/07 21:26:43.0497 4284 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/04/07 21:26:43.0513 4284 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/04/07 21:26:43.0544 4284 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/04/07 21:26:43.0653 4284 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/07 21:26:43.0684 4284 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/04/07 21:26:43.0731 4284 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/07 21:26:43.0747 4284 PSDFilter (e4f35efd9962a3c80365e029e5acbc92) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/04/07 21:26:43.0762 4284 PSDNServ (41031289856ab4c99a49218e6c4e9f46) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/04/07 21:26:43.0794 4284 psdvdisk (c33fb61864c5096b0bf4b9dbc01bb5a9) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/04/07 21:26:43.0825 4284 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/04/07 21:26:43.0872 4284 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/04/07 21:26:43.0918 4284 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/07 21:26:43.0934 4284 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/07 21:26:43.0965 4284 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/07 21:26:43.0996 4284 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/07 21:26:44.0028 4284 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/07 21:26:44.0074 4284 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/07 21:26:44.0090 4284 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/07 21:26:44.0121 4284 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/04/07 21:26:44.0152 4284 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/07 21:26:44.0199 4284 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/04/07 21:26:44.0246 4284 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/07 21:26:44.0277 4284 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/07 21:26:44.0308 4284 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/07 21:26:44.0340 4284 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/07 21:26:44.0355 4284 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/04/07 21:26:44.0386 4284 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/04/07 21:26:44.0418 4284 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/04/07 21:26:44.0433 4284 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/07 21:26:44.0449 4284 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/07 21:26:44.0480 4284 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/04/07 21:26:44.0496 4284 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/04/07 21:26:44.0527 4284 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/04/07 21:26:44.0574 4284 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/04/07 21:26:44.0605 4284 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/04/07 21:26:44.0667 4284 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2011/04/07 21:26:44.0698 4284 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/07 21:26:44.0714 4284 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/07 21:26:44.0745 4284 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/07 21:26:44.0792 4284 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/04/07 21:26:44.0823 4284 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/04/07 21:26:44.0839 4284 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/04/07 21:26:44.0995 4284 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/04/07 21:26:45.0088 4284 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/07 21:26:45.0135 4284 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/07 21:26:45.0151 4284 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/04/07 21:26:45.0166 4284 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/04/07 21:26:45.0213 4284 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/07 21:26:45.0260 4284 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/07 21:26:45.0322 4284 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/07 21:26:45.0510 4284 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
2011/04/07 21:26:45.0556 4284 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/07 21:26:45.0588 4284 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/07 21:26:45.0619 4284 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/04/07 21:26:45.0650 4284 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/07 21:26:45.0697 4284 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/07 21:26:45.0728 4284 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/04/07 21:26:45.0744 4284 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/04/07 21:26:45.0775 4284 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/04/07 21:26:45.0806 4284 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/07 21:26:45.0853 4284 usbbus (58b3891ea8a2396d69d1f52924598bdb) C:\Windows\system32\DRIVERS\lgx64bus.sys
2011/04/07 21:26:45.0884 4284 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/07 21:26:45.0900 4284 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/04/07 21:26:45.0931 4284 UsbDiag (ef3bcebbfdd4d37ec6b6a3d182004b7e) C:\Windows\system32\DRIVERS\lgx64diag.sys
2011/04/07 21:26:46.0040 4284 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/07 21:26:46.0087 4284 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/07 21:26:46.0118 4284 USBModem (dec50411e7aa8da12c8675f36d961f29) C:\Windows\system32\DRIVERS\lgx64modem.sys
2011/04/07 21:26:46.0149 4284 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/07 21:26:46.0165 4284 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/07 21:26:46.0212 4284 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/07 21:26:46.0274 4284 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/07 21:26:46.0305 4284 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/07 21:26:46.0336 4284 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/07 21:26:46.0383 4284 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/04/07 21:26:46.0399 4284 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/04/07 21:26:46.0446 4284 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/04/07 21:26:46.0477 4284 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/04/07 21:26:46.0508 4284 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/04/07 21:26:46.0539 4284 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/04/07 21:26:46.0570 4284 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/04/07 21:26:46.0586 4284 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 21:26:46.0617 4284 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 21:26:46.0648 4284 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/04/07 21:26:46.0695 4284 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/07 21:26:46.0789 4284 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/07 21:26:46.0867 4284 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/07 21:26:46.0960 4284 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/07 21:26:47.0007 4284 WSVD (339d31047af8bdf960142d88a30d0b29) C:\Windows\system32\drivers\WSVD.sys
2011/04/07 21:26:47.0038 4284 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/07 21:26:47.0272 4284 ================================================================================
2011/04/07 21:26:47.0272 4284 Scan finished
2011/04/07 21:26:47.0272 4284 ================================================================================

Mittlerweile eine Ahnung oder vermutung woran es liegen koennte?

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Logfile:

Code:

ComboFix 11-04-07.08 - Puma 08.04.2011  13:03:10.1.4 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2530 [GMT 2:00]

ausgeführt von:: c:\users\Puma\Desktop\cofi.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

c:\users\Puma\AppData\Roaming\Microsoft\Windows\Recent\desktop_65584755.ico

c:\users\Puma\Documents\Der Hobbit 

c:\users\Puma\Documents\Der Hobbit \Drüber hin und drunter durch - 1.hobbit

c:\users\Puma\Documents\Der Hobbit \Drüber hin und drunter durch - 1.xbmp

c:\users\Puma\Documents\Der Hobbit \Drüber hin und drunter durch - 2.hobbit

c:\users\Puma\Documents\Der Hobbit \Drüber hin und drunter durch - 2.xbmp

c:\users\Puma\Documents\Der Hobbit \Ein unerwartetes Fest - 1.hobbit

c:\users\Puma\Documents\Der Hobbit \Ein unerwartetes Fest - 1.xbmp

c:\users\Puma\Documents\Der Hobbit \Fliegen und Spinnen - 1.hobbit

c:\users\Puma\Documents\Der Hobbit \Fliegen und Spinnen - 1.xbmp

c:\users\Puma\Documents\Der Hobbit \Fliegen und Spinnen - 2.hobbit

c:\users\Puma\Documents\Der Hobbit \Fliegen und Spinnen - 2.xbmp

c:\users\Puma\Documents\Der Hobbit \Fässerflucht - 1.hobbit

c:\users\Puma\Documents\Der Hobbit \Fässerflucht - 1.xbmp

c:\users\Puma\Documents\Der Hobbit \Hammelbraten - 1.hobbit

c:\users\Puma\Documents\Der Hobbit \Hammelbraten - 1.xbmp

c:\users\Puma\Documents\Der Hobbit \Rätsel im Dunkeln - 1.hobbit

c:\users\Puma\Documents\Der Hobbit \Rätsel im Dunkeln - 1.xbmp

c:\users\Puma\Documents\Der Hobbit \Trollhöhle - 1.hobbit

c:\users\Puma\Documents\Der Hobbit \Trollhöhle - 1.xbmp

c:\users\Puma\Documents\Der Hobbit \Trollhöhle - 2.hobbit

c:\users\Puma\Documents\Der Hobbit \Trollhöhle - 2.xbmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-08 bis 2011-04-08  ))))))))))))))))))))))))))))))

.

.

2011-04-08 11:11 . 2011-04-08 11:11        --------        d-----w-        c:\users\Puma\AppData\Local\temp

2011-04-08 11:11 . 2011-04-08 11:11        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-04-08 10:32 . 2011-03-15 05:17        8424784        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{99C11CA4-787C-48A9-ADAD-4A24A565B72A}\mpengine.dll

2011-04-07 18:39 . 2011-04-07 18:39        --------        d-----w-        C:\_OTL

2011-04-07 13:19 . 2011-04-07 13:19        --------        d-----w-        c:\program files (x86)\7-Zip

2011-04-06 23:23 . 2011-04-06 23:23        --------        d-----w-        c:\users\Puma\AppData\Roaming\Malwarebytes

2011-04-06 23:23 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-06 23:23 . 2011-04-06 23:23        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-06 23:23 . 2011-04-06 23:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-04-06 23:23 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-03-31 21:06 . 2011-03-31 21:06        --------        d-----w-        c:\program files (x86)\ICQ7.4

2011-03-31 00:25 . 2011-03-16 12:15        34624        ----a-w-        c:\windows\system32\TURegOpt.exe

2011-03-31 00:25 . 2011-03-16 12:10        25920        ----a-w-        c:\windows\system32\authuitu.dll

2011-03-31 00:25 . 2011-03-16 12:10        21312        ----a-w-        c:\windows\SysWow64\authuitu.dll

2011-03-31 00:25 . 2011-03-16 12:10        29504        ----a-w-        c:\windows\SysWow64\uxtuneup.dll

2011-03-31 00:24 . 2011-03-31 00:26        --------        d-----w-        c:\program files (x86)\TuneUp Utilities 2011

2011-03-31 00:24 . 2011-03-31 00:24        --------        d-sh--w-        c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-03-31 00:23 . 2011-03-31 00:23        0        ----a-w-        c:\windows\system32\uxt68B2.tmp

2011-03-26 18:12 . 2011-03-26 18:12        --------        d-----w-        c:\users\Puma\AppData\Local\PackageAware

2011-03-23 12:42 . 2011-02-22 14:47        479744        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-03-23 12:42 . 2011-02-22 13:53        1149440        ----a-w-        c:\windows\system32\FntCache.dll

2011-03-23 12:42 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\SysWow64\DWrite.dll

2011-03-23 12:42 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2011-03-23 12:42 . 2011-02-22 13:53        1555968        ----a-w-        c:\windows\system32\DWrite.dll

2011-03-13 23:16 . 2011-02-23 14:57        505176        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-03-09 15:12 . 2010-12-17 17:34        2425344        ----a-w-        c:\windows\system32\mstscax.dll

2011-03-09 15:12 . 2010-12-17 15:45        2067968        ----a-w-        c:\windows\SysWow64\mstscax.dll

2011-03-09 15:12 . 2010-12-17 15:41        731136        ----a-w-        c:\windows\system32\mstsc.exe

2011-03-09 15:12 . 2010-12-17 13:54        677888        ----a-w-        c:\windows\SysWow64\mstsc.exe

2011-03-09 15:12 . 2010-12-29 19:01        416768        ----a-w-        c:\windows\system32\sbe.dll

2011-03-09 15:12 . 2010-12-29 19:01        559616        ----a-w-        c:\windows\system32\EncDec.dll

2011-03-09 15:12 . 2010-12-29 18:59        226816        ----a-w-        c:\windows\system32\mpg2splt.ax

2011-03-09 15:12 . 2010-12-29 18:28        429056        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-03-09 15:12 . 2010-12-29 19:01        210944        ----a-w-        c:\windows\system32\sbeio.dll

2011-03-09 15:12 . 2010-12-29 18:28        322560        ----a-w-        c:\windows\SysWow64\sbe.dll

2011-03-09 15:12 . 2010-12-29 18:28        153088        ----a-w-        c:\windows\SysWow64\sbeio.dll

2011-03-09 15:12 . 2010-12-29 18:26        177664        ----a-w-        c:\windows\SysWow64\mpg2splt.ax

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-16 12:10 . 2010-09-13 18:26        36160        ----a-w-        c:\windows\system32\uxtuneup.dll

2011-02-23 15:04 . 2010-08-10 20:37        40648        ----a-w-        c:\windows\avastSS.scr

2011-02-23 15:04 . 2010-08-10 20:37        190016        ----a-w-        c:\windows\SysWow64\aswBoot.exe

2011-02-23 15:04 . 2011-02-28 13:28        238968        ----a-w-        c:\windows\system32\aswBoot.exe

2011-02-23 14:57 . 2010-08-10 20:37        280408        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2011-02-23 14:55 . 2010-08-10 20:37        53592        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2011-02-23 14:55 . 2010-08-10 20:37        31064        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2011-02-23 14:55 . 2010-08-10 20:37        64344        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2011-02-23 14:54 . 2010-08-10 20:37        22360        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2011-02-02 20:40 . 2010-06-30 23:52        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-02-02 17:11 . 2010-06-30 23:45        270720        ------w-        c:\windows\system32\MpSigStub.exe

2011-01-20 16:46 . 2011-02-10 11:48        900480        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:17 . 2011-02-10 11:48        366592        ----a-w-        c:\windows\system32\winspool.drv

2011-01-20 16:17 . 2011-02-10 11:48        625152        ----a-w-        c:\windows\system32\dxgi.dll

2011-01-20 16:16 . 2011-02-10 11:48        287232        ----a-w-        c:\windows\system32\d3d10core.dll

2011-01-20 16:16 . 2011-02-10 11:48        327680        ----a-w-        c:\windows\system32\d3d10_1core.dll

2011-01-20 16:16 . 2011-02-10 11:48        196096        ----a-w-        c:\windows\system32\d3d10_1.dll

2011-01-20 16:16 . 2011-02-10 11:48        1268224        ----a-w-        c:\windows\system32\d3d10.dll

2011-01-20 16:16 . 2011-02-10 11:48        748544        ----a-w-        c:\windows\system32\stobject.dll

2011-01-20 16:16 . 2011-02-10 11:48        47104        ----a-w-        c:\windows\system32\cdd.dll

2011-01-20 16:16 . 2011-02-10 11:48        3548672        ----a-w-        c:\windows\system32\mf.dll

2011-01-20 16:16 . 2011-02-10 11:48        35840        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:14 . 2011-02-10 11:48        278528        ----a-w-        c:\windows\system32\mfplat.dll

2011-01-20 16:14 . 2011-02-10 11:48        195072        ----a-w-        c:\windows\system32\mfps.dll

2011-01-20 16:08 . 2011-02-10 11:48        478720        ----a-w-        c:\windows\SysWow64\dxgi.dll

2011-01-20 16:08 . 2011-02-10 11:48        219648        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-10 11:48        160768        ----a-w-        c:\windows\SysWow64\d3d10_1.dll

2011-01-20 16:08 . 2011-02-10 11:48        1029120        ----a-w-        c:\windows\SysWow64\d3d10.dll

2011-01-20 16:08 . 2011-02-10 11:48        189952        ----a-w-        c:\windows\SysWow64\d3d10core.dll

2011-01-20 16:07 . 2011-02-10 11:48        258048        ----a-w-        c:\windows\SysWow64\winspool.drv

2011-01-20 16:07 . 2011-02-10 11:48        586240        ----a-w-        c:\windows\SysWow64\stobject.dll

2011-01-20 16:06 . 2011-02-10 11:48        2873344        ----a-w-        c:\windows\SysWow64\mf.dll

2011-01-20 16:04 . 2011-02-10 11:48        209920        ----a-w-        c:\windows\SysWow64\mfplat.dll

2011-01-20 16:04 . 2011-02-10 11:48        98816        ----a-w-        c:\windows\SysWow64\mfps.dll

2011-01-20 15:01 . 2011-02-10 11:48        3068416        ----a-w-        c:\windows\system32\xpsservices.dll

2011-01-20 15:01 . 2011-02-10 11:48        1653760        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-01-20 14:59 . 2011-02-10 11:48        1032192        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:58 . 2011-02-10 11:48        1461760        ----a-w-        c:\windows\system32\OpcServices.dll

2011-01-20 14:57 . 2011-02-10 11:48        231936        ----a-w-        c:\windows\system32\XpsRasterService.dll

2011-01-20 14:42 . 2011-02-10 11:48        1257984        ----a-w-        c:\windows\system32\MFH264Dec.dll

2011-01-20 14:41 . 2011-02-10 11:48        428544        ----a-w-        c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:40 . 2011-02-10 11:48        345088        ----a-w-        c:\windows\system32\mfreadwrite.dll

2011-01-20 14:40 . 2011-02-10 11:48        34304        ----a-w-        c:\windows\system32\mfpmp.exe

2011-01-20 14:40 . 2011-02-10 11:48        377344        ----a-w-        c:\windows\system32\mfmp4src.dll

2011-01-20 14:37 . 2011-02-10 11:48        2002944        ----a-w-        c:\windows\system32\d3d10warp.dll

2011-01-20 14:35 . 2011-02-10 11:48        566272        ----a-w-        c:\windows\system32\d3d10level9.dll

2011-01-20 14:28 . 2011-02-10 11:48        1554432        ----a-w-        c:\windows\SysWow64\xpsservices.dll

2011-01-20 14:27 . 2011-02-10 11:48        876032        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2011-01-20 14:25 . 2011-02-10 11:48        847360        ----a-w-        c:\windows\SysWow64\OpcServices.dll

2011-01-20 14:24 . 2011-02-10 11:48        135680        ----a-w-        c:\windows\SysWow64\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-10 11:48        979456        ----a-w-        c:\windows\SysWow64\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-10 11:48        357376        ----a-w-        c:\windows\SysWow64\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-10 11:48        302592        ----a-w-        c:\windows\SysWow64\mfmp4src.dll

2011-01-20 14:14 . 2011-02-10 11:48        261632        ----a-w-        c:\windows\SysWow64\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-10 11:48        1172480        ----a-w-        c:\windows\SysWow64\d3d10warp.dll

2011-01-20 14:11 . 2011-02-10 11:48        486400        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

2011-01-20 14:06 . 2011-02-10 11:48        834048        ----a-w-        c:\windows\system32\d2d1.dll

2011-01-20 13:47 . 2011-02-10 11:48        683008        ----a-w-        c:\windows\SysWow64\d2d1.dll

2011-01-18 20:44 . 2011-01-18 20:44        51200        ----a-w-        c:\windows\system32\dxdiagnd.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38        121392        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]

.

c:\users\Puma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2010-11-29 0]

wkcalrem.LNK - c:\program files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-19 21504]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ASETRES.EXE [2008-4-14 20480]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-8-12 535336]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"

.

R2 0176611302174426mcinstcleanup;McAfee Application Installer Cleanup (0176611302174426);c:\windows\TEMP\017661~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-16 2026304]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]

R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x]

R3 X6va002;X6va002;c:\users\Puma\AppData\Local\Temp\002FF40.tmp [x]

R3 X6va003;X6va003;c:\users\Puma\AppData\Local\Temp\003FB15.tmp [x]

R3 X6va005;X6va005;c:\users\Puma\AppData\Local\Temp\005DDEB.tmp [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-02-16 101048]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04        134384        ----a-w-        c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:39        51248        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]

"NvSvc"="c:\windows\system32\nvsvc64.dll" [2007-11-27 88064]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-27 10721312]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-27 74752]

"RtHDVCpl"="RAVCpl64.exe" [2008-03-25 6150656]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-03-04 560688]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 315936]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0610&m=aspire_m5641

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchURL,(Default) = hxxp://www.searchgateway.net/search/%s

IE: Free YouTube Download - c:\users\Puma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Puma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe

FF - ProfilePath - c:\users\Puma\AppData\Roaming\Mozilla\Firefox\Profiles\xbpkww3o.default\

FF - prefs.js: browser.search.selectedEngine - Sichere Suche

FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul

FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: browser.xul.error_pages.enabled - false

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 600000

FF - user.js: nglayout.initialpaint.delay - 600

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va002]

"ImagePath"="\??\c:\users\Puma\AppData\Local\Temp\002FF40.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va003]

"ImagePath"="\??\c:\users\Puma\AppData\Local\Temp\003FB15.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]

"ImagePath"="\??\c:\users\Puma\AppData\Local\Temp\005DDEB.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-04-08  13:14:55

ComboFix-quarantined-files.txt  2011-04-08 11:14

.

Vor Suchlauf: 21 Verzeichnis(se), 311.034.810.368 Bytes frei

Nach Suchlauf: 25 Verzeichnis(se), 308.691.648.512 Bytes frei

.

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11

- - End Of File - - 5845DEAEF0EC9CED463D0E570A215B98

--- --- ---

ziemlich lang

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va002]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va003]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
 

File::

c:\users\Puma\AppData\Local\Temp\002FF40.tmp

c:\users\Puma\AppData\Local\Temp\003FB15.tmp

c:\users\Puma\AppData\Local\Temp\005DDEB.tmp
 

Driver::

X6va002

X6va003

X6va005

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ComboFix 11-04-07.08 - Puma 08.04.2011 16:04:45.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2720 [GMT 2:00]
ausgeführt von:: C:\Users\Puma\Desktop\cofi.exe
Benutzte Befehlsschalter :: C:\Users\Puma\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\Puma\AppData\Local\Temp\002FF40.tmp"
"c:\users\Puma\AppData\Local\Temp\003FB15.tmp"
"c:\users\Puma\AppData\Local\Temp\005DDEB.tmp"

Log ist unvollständig!

Mehr steht dort leider nicht

Nagut. Dann bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER Logfile:

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-04-08 18:31:19

Windows 6.0.6002 Service Pack 2 

Running: ny1q61n9.exe
 
 

---- Files - GMER 1.0.15 ----
 

File  C:\## aswSnx private storage                                                                                                                           0 bytes

File  C:\## aswSnx private storage\r35                                                                                                                       0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}                                                                        0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}\image                                                                  0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}\image\_OTL                                                             0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}\image\_OTL\MovedFiles                                                  0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}\image\_OTL\MovedFiles\04072011_165619                                  0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}\image\_OTL\MovedFiles\04072011_165619\C_Users                          0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}\image\_OTL\MovedFiles\04072011_165619\C_Users\Puma                     0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}\image\_OTL\MovedFiles\04072011_165619\C_Users\Puma\AppData             0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}\image\_OTL\MovedFiles\04072011_165619\C_Users\Puma\AppData\Roaming     0 bytes

File  C:\## aswSnx private storage\r35\OTL.exe_{c8699845-6106-11e0-9e5a-0024210f4d11}\image\_OTL\MovedFiles\04072011_165619\C_Users\Puma\AppData\Roaming\.#  0 bytes
 

---- EOF - GMER 1.0.15 ----

--- --- ---

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M5641
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 152):
0x03048000 \SystemRoot\system32\ntoskrnl.exe
0x03002000 \SystemRoot\system32\hal.dll
0x0060F000 \SystemRoot\system32\kdcom.dll
0x00619000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00654000 \SystemRoot\system32\PSHED.dll
0x00668000 \SystemRoot\system32\CLFS.SYS
0x006C5000 \SystemRoot\system32\CI.dll
0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F4000 \SystemRoot\system32\drivers\acpi.sys
0x0094A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00953000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095D000 \SystemRoot\system32\drivers\pci.sys
0x0098D000 \SystemRoot\System32\drivers\partmgr.sys
0x009A2000 \SystemRoot\system32\drivers\volmgr.sys
0x00777000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B6000 \SystemRoot\system32\drivers\nvrd64.sys
0x00A0F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A3B000 \SystemRoot\system32\drivers\pciide.sys
0x00A42000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A52000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A65000 \SystemRoot\system32\drivers\nvraid.sys
0x00A88000 \SystemRoot\system32\drivers\atapi.sys
0x00A90000 \SystemRoot\system32\drivers\ataport.SYS
0x00AB4000 \SystemRoot\system32\drivers\nvstor64.sys
0x00ADE000 \SystemRoot\system32\drivers\storport.sys
0x00B3B000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B82000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B96000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x00C02000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E06000 \SystemRoot\system32\drivers\ndis.sys
0x00C89000 \SystemRoot\system32\drivers\msrpc.sys
0x00CD9000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118C000 \SystemRoot\system32\drivers\wd.sys
0x01194000 \SystemRoot\system32\drivers\volsnap.sys
0x011D8000 \SystemRoot\System32\Drivers\spldr.sys
0x011E0000 \SystemRoot\System32\Drivers\mup.sys
0x00FC9000 \SystemRoot\System32\drivers\ecache.sys
0x00D32000 \SystemRoot\system32\drivers\disk.sys
0x011F2000 \SystemRoot\system32\drivers\crcdisk.sys
0x00D7E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00FF5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00D8B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x00D9E000 \SystemRoot\system32\DRIVERS\serial.sys
0x00DBB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x00DDD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x00DE9000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x00DF3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00B9F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00BE5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0280E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x028FB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x0290D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x0291D000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x02E06000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x0346A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0354D000 \SystemRoot\System32\drivers\watchdog.sys
0x0355D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03579000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02C03000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x02D6C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02D75000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02DAE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02DBB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03586000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DEA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x035B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x035D5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x035ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02951000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02DFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0295F000 \SystemRoot\system32\DRIVERS\ks.sys
0x02993000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0299E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x029AE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02800000 \SystemRoot\System32\drivers\vga.sys
0x03806000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0382B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0383E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03852000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x039AB000 \SystemRoot\system32\drivers\portcls.sys
0x007DD000 \SystemRoot\system32\drivers\drmk.sys
0x039E6000 \SystemRoot\system32\drivers\ksthunk.sys
0x039EC000 \SystemRoot\system32\drivers\nvhda64v.sys
0x04204000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04226000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x042A6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x042B0000 \SystemRoot\System32\Drivers\Null.SYS
0x042C4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x042CC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x042E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x042EB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x042F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x042FF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04310000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04408000 \SystemRoot\System32\drivers\tcpip.sys
0x0457E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x045AA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x045C7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x045D7000 \SystemRoot\system32\DRIVERS\smb.sys
0x04319000 \SystemRoot\system32\drivers\afd.sys
0x045F2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x04384000 \SystemRoot\System32\DRIVERS\netbt.sys
0x043C8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x043E6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x009E2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04808000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04855000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04861000 \SystemRoot\System32\Drivers\dfsc.sys
0x0487E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x048C9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x048E1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x048E3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x048F1000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x048FB000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x04925000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04941000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0494A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0495C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04967000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x04972000 \SystemRoot\System32\drivers\Dxapi.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x0497E000 \SystemRoot\system32\drivers\luafv.sys
0x049A0000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x049DA000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x05A02000 \SystemRoot\system32\drivers\spsys.sys
0x05A9C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05AB0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05AC8000 \SystemRoot\system32\drivers\HTTP.sys
0x05B6B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05B94000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05BB2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05BCC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06209000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06252000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06271000 \SystemRoot\System32\DRIVERS\srv2.sys
0x062A3000 \SystemRoot\System32\DRIVERS\srv.sys
0x06337000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x06C0C000 \SystemRoot\system32\drivers\peauth.sys
0x06CC2000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x06CCB000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x06CDE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06CE9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06CF9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06D19000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x06D2F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x06D4B000 \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
0x77950000 \Windows\System32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
512 C:\Windows\System32\smss.exe
580 csrss.exe
612 C:\Windows\System32\wininit.exe
628 csrss.exe
668 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\winlogon.exe
956 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\atiesrxx.exe
528 C:\Windows\System32\svchost.exe
584 C:\Windows\System32\svchost.exe
660 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\audiodg.exe
1076 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\SLsvc.exe
1132 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1376 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1404 C:\Windows\System32\atieclxx.exe
1684 C:\Windows\System32\dwm.exe
2040 C:\Windows\System32\spoolsv.exe
1088 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\taskeng.exe
2084 C:\Windows\System32\taskeng.exe
2248 C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2280 C:\Windows\SysWOW64\svchost.exe
2316 C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
2360 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2392 C:\Windows\SysWOW64\svchost.exe
2572 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2596 C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe
2612 C:\Windows\System32\svchost.exe
2680 C:\Windows\System32\svchost.exe
2708 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2736 C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
2760 C:\Windows\System32\svchost.exe
2820 C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
2848 C:\Windows\System32\svchost.exe
2996 WUDFHost.exe
3040 C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
3152 C:\Windows\System32\rundll32.exe
3164 C:\Windows\SysWOW64\rundll32.exe
3520 C:\Windows\explorer.exe
3648 C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe
3784 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
3864 C:\Program Files\Windows Media Player\wmpnscfg.exe
3944 C:\Windows\System32\wbem\unsecapp.exe
4012 WmiPrvSE.exe
3624 C:\Program Files\Windows Media Player\wmpnetwk.exe
1704 C:\Windows\System32\svchost.exe
4760 C:\Windows\splwow64.exe
5076 C:\Windows\System32\notepad.exe
5692 dllhost.exe
5864 dllhost.exe
1484 C:\Users\Puma\Desktop\MBRCheck.exe
4844 C:\Windows\SysWOW64\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`eda00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000075`edf00000 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC44

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 344F87B2912363A28715EE6719860BF7B9EA2661

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Zitat:

931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 344F87B2912363A28715EE6719860BF7B9EA2661

Das sieht weniger gut aus. hast du eine Vista-DVD zur hand? 64-Bit, KEINE Recovery-Sch...!

Vista war nachdem der Rechner gekauft wurde schon auf dem Rechner installiert... ein guter Bekannter hat mir dann eine Cd vom Rechner aus erstellt womit ich Notfalls alles neu installieren kann, bzw wenn ich den Rechner komplett neu aufsetzen will benutzen kann.
Also Vista hat ein Programm oder sowas drauf, mit dem ich mir Cds mit den Treibern Anwendungen etc machen kann.

Wir müssen den MBR fixen. Normalerweise geht das ohne Probleme, aber in einigen Fällen bootet Windows danach nicht mehr. mach daher erstmal ein Komplettbackup aller noch etwaigen nicht gesicherten Daten auf eine externe Platte oder so. Du kannst auch ein Abbild der gesamten C-Partition erstellen => Drive Snapshot - Disk Image Backup leicht gemacht
Sag Bescheid wenn du durch bist.

Drive Snapshot muss ich mir das erst runterladen oder gibt es das Programm schon auf dem Rechner..
bzw hab ich nichtmal eine externe Festplatte oder einen Riesen großen Usb stick wo ich ein Backup drauf machen koennte

Zitat:

Drive Snapshot muss ich mir das erst runterladen oder gibt es das Programm schon auf dem Rechner..

Muss man runterladen. Ist ein kleines Tool, nur 250 kB!

Zitat:

bzw hab ich nichtmal eine externe Festplatte oder einen Riesen großen Usb stick wo ich ein Backup drauf machen koennte

Ja, wenn dir deine Daten nichts Wert sind, sichert man sie halt eben nie!
Regelmäßige Datensicherung macht man immer, nicht nur jetzt weil es einen Eingriff ins System gibt! Auch ohne Anlass macht man regelmäßige Sicherungen!

Hab ich das richtig verstanden, dass Drive Snapshot das jetzt auf eine Cd macht?
Wenn dem so waere und der Rechner nicht mehr richtig bootet kann es doch auch sein das er garnicht mehr aufs Laufwerk zugreifen kann.. und dann bleibt mein Rechner gecrashed

Zitat:

dass Drive Snapshot das jetzt auf eine Cd macht?

nein. Es speichert in eine Image-Datei. Du musst den Ort auswählen. Das kann nur eine andere Festplatte sein, weil die Imagedateine recht groß werden, ca. die Hälfte der Belegung der zu sichernden Partition.

Warum liest du nicht einfach mal den Artikel den ich velrinkt hab??

Zitat:

Zitat von cosinus (Beitrag 637852)

Das kann nur eine andere Festplatte sein, weil die Imagedateine recht groß werden, ca. die Hälfte der Belegung der zu sichernden Partition.

Also bleibt mir garnicht die möglichkeit dies zu machen, da es auf einer anderen Festplatte sein muss die ich nicht habe?

Ich hab den Link gelesen mich aber wohl verlesen oder es auch nicht ganz verstanden, deswegen frag ich ja nach!

Entschuldige bitte, ich bin leicht verwirrt

Zitat:

Also bleibt mir garnicht die möglichkeit dies zu machen, da es auf einer anderen Festplatte sein muss die ich nicht habe?

Wieso nicht? Wie sicherst du deine Daten? Garnicht?
Was machst du bei einem versehentlichen löschen der Daten?
Mal ehrlich, wo ist das Problem sich eine externe Festplatte zu besorgen?

Ich bin 17 Jahre alt, geh zur Schule und hab im leben noch nie Taschengeld gekriegt. Grund genug?

Zitat:

Zitat von Kadriya (Beitrag 637882)

Grund genug?

Schon verstanden. Deine Daten sind dir also nichts wert.
Aber wehe du heulst rum, wenn nichts mehr da ist. :balla:

Oder du lässt es einfach sein, hoffst dass deine Daten NIEMALS verloren gehen und überlässt den PC so wie er jetzt ist in einem undefinerten Zustand.

Mmh.. Dann wuensch ich dir noch nen Schoenen Abend
Ich hab dann schon ne Variante wies wieder laeuft

Danke nochmal fuers versuchen.

BB

Wie gesagt wir können aes auch ohne Datensicherung versuchen. Aber willst du das wirklich?
Wenn deine Daten wirklich noch niemals gesichert wurden, solltest du dir schleunigst mal eine externe Platte holen. 1TB-Platten gibt es doch schon für ~50 EUR