Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC langsam / seltsame Fehler (https://www.trojaner-board.de/97649-pc-langsam-seltsame-fehler.html)

Randi 18.04.2011 16:56
PC langsam / seltsame Fehler
 
Hallo Experten,
Ich wusste nicht genau wie ich meinen Threadtitel auswählen sollte und versuche hier noch einmal mein Problem zu schildern.

Seit ein paar Tagen läuft mein System nicht mehr so wie es sollte, es läuft langsam und hat z.B ständig Probleme meine Opere.exe zu öffnen (Ja, ich benutze Opera als Webbrowser).
Mein Opera Problem sieht wie folgt aus:
Damit Opera auch irgendwann startet, muss ich es mehrmals versuchen zu starten, d.h. irgendwann befinden sich auch mehrere opera einträge im task-manager, nur starten tut es nicht, selbst wenn ich es als admin ausführe (vista 32bit system), irgendwann wird es jedoch gestartet.

Desweiteren kann ich keine Windows-Updates machen, wenn ich es versuche kommt eine "80072EFE" fehlermeldung.
Im Laufe meiner Zeit am Rechner kommt zwischen durch eine Fehlermeldung ( ich weiß nicht genau wie sie heisst) "Hostprozesse für Windowsdienste wurde beendet".

Ich werde mal meine Logfiles posten.

Malwarebytes:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6390

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

18.04.2011 17:41:21
mbam-log-2011-04-18 (17-41-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164757
Laufzeit: 3 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL:
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 18.04.2011 17:44:54 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\sushikiste\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 137,79 Gb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,84 Gb Free Space | 58,37% Space Free | Partition Type: NTFS
Drive E: | 636,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SUSHIKISTE-PC | User Name: sushikiste | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{134958DB-DFD9-43F6-87AF-F711B35F8DBF}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher |
"{14176646-394A-41C4-8C2D-7486E00146E3}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{161F70BC-06EC-4EF9-96D8-3729DD28E876}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{174032D4-5922-4FD3-B911-C93DEE7D08DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22C8603C-8F7D-4AA5-BD3D-89E18D04AB6C}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |
"{2D52D9CD-4917-4356-878F-52F25D639227}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{300A04D8-A4A3-4E05-BE8E-1382D42C422F}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{316170C2-B6EF-478D-ACAB-5735C24AE569}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{32B94D00-1164-4F0B-8D87-B403C9C7230A}" = lport=6908 | protocol=17 | dir=in | name=league of legends launcher |
"{32D59CD5-85DA-44AF-B7FB-71712020A41C}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{395B5EF4-D9A0-436C-A858-9CFDFD1266C2}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |
"{41621D54-DB13-4E66-8663-3B298BA7A275}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{434802E4-14D3-47A6-93BF-B5E18D5D1664}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher |
"{4619CF0E-A1E7-4F9E-8E7B-693026BFFCD1}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{578754C2-1F38-4284-9877-43D746C3FD89}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{6C1BA13D-5C86-49E4-B08D-3A2CB8EF18A4}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{7957E408-9DD5-4B54-A6F7-7826F19B5F39}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{87E2E196-89F8-43CC-A1D9-C74231FBEFB8}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{895B5833-ACBB-44EB-BBDB-23A957760230}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8A455C22-9424-432E-B188-E7CB0F59C182}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher |
"{8B920C42-3DB4-4989-A33E-FB076FC96DB3}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{8FB0EE13-C11F-48B9-94E9-6585739004F1}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{8FD5C8D7-ED5F-48FD-8FD8-349E8EDD01A7}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{9561D2F1-D0E0-4F82-9573-2B7B3FEC1D8F}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher |
"{9DC76A25-C7E6-4E98-98EE-A4027CEE54DC}" = lport=6908 | protocol=6 | dir=in | name=league of legends launcher |
"{A0AE6E0E-96BE-42A3-A4EE-530DAB8367B9}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher |
"{A101703D-12EE-4407-AD2E-BF1DB1C8AC95}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{AD52F745-60A2-419A-AC14-F381C8FAA30E}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{BDED8C30-F196-4F7A-8590-80EAED1EE10E}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{C454E5BB-604B-4D36-91DC-CF788C27A198}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher |
"{C553120F-62D6-4B1F-8FD6-58BF057CB91F}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{CCE15F3E-75BA-4D78-A261-FC83995DA834}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher |
"{D70089E2-E681-4D7B-98E7-BF53995529A3}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher |
"{D8D98E1B-5880-42F9-A299-E7F1FDAF028B}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{DE80B1E0-BAE0-4895-9F7F-1A10DAEC1D30}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher |
"{F37EBBF7-0B35-441D-BD8B-C30B8DA466CC}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{F5635713-4D86-4B36-99B1-5BBD8BF5DC35}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{F60C41CA-EFDA-428A-8629-10AB282DD9CC}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{F8F0952F-BBB7-4A09-80D4-BCF73D573D09}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{F903F641-E43C-42DB-A795-57340AAD9FF6}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher |
"{FCB3E0E7-6CEA-48B6-90CF-6DBB741A0DBC}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{FDA7C0E0-306B-4751-8C58-3432C2DECED2}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E95800-5724-409A-AB51-249DFD858CB2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{0D73330A-79DB-4557-B596-664052D93D8B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{1CC92585-F9C1-4BEB-893F-E12F6530687B}" = protocol=6 | dir=in | app=c:\program files\game\league of legends.exe |
"{2933756A-4B30-49CE-9342-B4E8F6A2771D}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{2DEDA199-9F24-4AAE-BD0D-58390412D977}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{3342639A-A1A6-4025-BBEC-5193D5B5CA40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E7C95C6-EAFA-4060-893B-2D18ABDD5927}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{410821A2-EF28-4CDD-A2DC-257E97C64D5A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{472B86F3-FE39-47C9-ABC3-A5FEDAA8FF33}" = protocol=17 | dir=in | app=c:\program files\air\lolclient.exe |
"{55668923-92AD-4071-8F65-1AC6146D6675}" = protocol=17 | dir=in | app=c:\program files\game\league of legends.exe |
"{59D014BB-DA4B-41F7-B4FA-2F824616A502}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7D2C5C15-D284-4E18-B4FE-FE28F81DB722}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{8B752F90-3DA3-4145-BBFF-705350D49530}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{94D98139-93C4-4AE7-A701-8BB96D145453}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{A7BEBE6F-3F91-48BB-BD2F-D9CA3257599B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AD51EDD3-FAB6-47B0-AE47-397CABE3FABC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD7D7896-4C5B-4ECE-B807-5CE2ED46D306}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{B08F4550-2409-44EB-9ABB-A1225CA55428}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B268C401-25FB-4570-9177-4D0DABDACA88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B634123A-FDEF-4720-9C26-4B2FD8263097}" = protocol=6 | dir=in | app=c:\program files\air\lolclient.exe |
"{BB21382E-6AB3-4E39-AA02-DBAE3D5B681A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BE23A2C2-1DCD-4599-9A05-884083ACD78A}" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"{C1FFA3C9-594E-452A-9115-00F6405E6228}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C8A2F66C-23B1-47E5-BB86-E1918C0ECD91}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{CF2B2289-F165-4DEC-A10D-A02B52C556BB}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D2286D3D-0B96-4317-9566-62E6FC9F5583}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D7676590-6A95-4380-8879-EB47F0F6228B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{DEA1C3EC-5E58-46AF-916B-5F0AEF700848}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E14D4D6D-D925-4C9B-85B2-D4FA6DBF94E6}" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"{F55A049C-E8C6-4CFE-AFD1-79F74E89363E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F70A21E5-86F3-4250-91C8-713138D17FEB}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{F8503D22-A725-4AA5-8B92-4909AED843EC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1F6D77E3-ECBA-484B-A637-6FDE926D6EE7}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{3A518229-DE3C-47B4-95C4-7C9EE6155B39}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{4DBB2CA4-39ED-43E6-AD47-AE9143F3F2F6}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{624BB05E-22DE-4C1B-85E0-451DABB921D4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{636C2056-CDFA-4039-A5D9-F93762DD95F5}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{665CCF3B-AD33-4637-BD66-2022FFC4DF2F}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{789EA55B-22FD-45FE-B7B5-26B361BE5C74}C:\users\sushikiste\desktop\wow offi\launcher.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"TCP Query User{A52B9186-E3DB-4CE2-8A4B-FD83D9337C01}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D391F10B-9D60-4DE7-8C1E-AFB77423F92F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{ECDFBF2D-1729-4B09-99B8-FBC2B3449C6C}C:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{30DA3827-0A79-46D3-A2D0-684433F92CC8}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5DF47BED-0E00-44E5-85F8-D1E32FF6A91A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{740D67FE-DD54-4047-8030-93E3221A00EE}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{97403973-67F3-46A8-ABC9-D4DCC70FAA62}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{A0C4FCB3-75A4-4229-AD04-C27FFA028820}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A2647C15-25DF-44EC-8E7D-0B9F1C41B033}C:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{A502E949-1F50-41A8-B86A-9277DC96F046}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B2C53353-F6AC-4A8E-B2AF-4DDCDB6B3AD3}C:\users\sushikiste\desktop\wow offi\launcher.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"UDP Query User{B91EB6C5-F877-496D-9AC1-77F7C8ACAD55}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{FE2E8CD0-47F3-44E0-BCE5-3C14D41E2960}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57C36BD9-856B-4070-8F9C-0D01DC69C8F0}_is1" = Click & Learn 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA796D95-C706-4BB9-BDDE-FF228D13D28A}" = Livestream Procaster
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DB52432E-3AD8-41A5-A586-0F065FB6A31E}" = Game Cam
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"1EC636D2DBA2D9924E02E10DA797DEC16306C1A9" = Windows Driver Package - Logitech HIDClass  (10/16/2006 1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.10.2092" = Opera 11.10
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"f031ef6ac137efc5" = Dell Driver Download Manager
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2011 20:07:26 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:26 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:37 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:37 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 22:14:38 | Computer Name = sushikiste-PC | Source = Application Hang | ID = 1002
Description = Programm WoW.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1424  Anfangszeit: 01cbfca52aa9cc9b  Zeitpunkt der Beendigung:
 157
 
Error - 17.04.2011 10:10:04 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x42c, Anwendungsstartzeit
 01cbfcf7be59d189.
 
Error - 17.04.2011 21:10:03 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x47c, Anwendungsstartzeit
 01cbfd5950137d14.
 
Error - 18.04.2011 00:50:17 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x6c8, Anwendungsstartzeit
 01cbfd658e3802bc.
 
Error - 18.04.2011 10:10:03 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x434, Anwendungsstartzeit
 01cbfdccfa982681.
 
Error - 18.04.2011 11:10:01 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x1364, Anwendungsstartzeit
 01cbfdd26dc4dc9b.
 
[ System Events ]
Error - 10.06.2010 09:34:22 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2010 09:58:58 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 09:58:58 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 10:00:56 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.06.2010 08:22:22 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:22:22 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:24:20 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.06.2010 08:37:55 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:37:55 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:39:53 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---



Ich hoffe ich habe so viel Information wie möglich geliefert.

cosinus 18.04.2011 17:17
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Bitte auch mal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Randi 18.04.2011 18:17
Ok, ich habe das kaspersky tool ausgeführt und es wurde 1 "rootkit" entfernt glaube ich, jedenfalls gab es 1 fund, allerdings habe ich vergessen das logfile zu kopieren, weil ich den pc neustarten sollte, kann ich das logfile noch finden? oder meinst du das logfile von malwarebytes, welches ich nach der anwendung von tdsskiller ausführen soll (wie im tdsskiller thread beschrieben)?

erst einmal meine alten logfiles von malwarebytes seit dem 11.4 (das nächst ältere ist vom 10.10.2010, falls dir das auch wichtig ist bitte bescheid sagen)

11.4.2011
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6333

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

11.04.2011 19:22:11
mbam-log-2011-04-11 (19-22-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Durchsuchte Objekte: 319581
Laufzeit: 1 Stunde(n), 26 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\sushikiste\AppData\Local\temp\22CC.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Windows\temp\0.035133400434813944.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
13.4.2011
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6348

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

13.04.2011 05:47:05
mbam-log-2011-04-13 (05-47-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Durchsuchte Objekte: 300244
Laufzeit: 1 Stunde(n), 14 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
und das von heute, welches ich schon gepostet hab
hier nochmal das logfile von malwarebytes nach dem scan von tdsskiller:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6391

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

18.04.2011 19:16:52
mbam-log-2011-04-18 (19-16-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164455
Laufzeit: 3 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 18.04.2011 18:18
Zitat:
Ok, ich habe das kaspersky tool ausgeführt und es wurde 1 "rootkit" entfernt glaube ich
Edit: Da wurde wahrscheinlich der TDL4/TDSS erkannt und entfernt. Bitte Windows neu starten und zur Kontrolle ein neues Log mit dem Kaspersky-TDSS-Killer machen. Du musst auf den Button Report klicken!

Randi 18.04.2011 18:25
hier das logfile:
Code:
2011/04/18 19:22:41.0000 3000        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 19:22:41.0290 3000        ================================================================================
2011/04/18 19:22:41.0290 3000        SystemInfo:
2011/04/18 19:22:41.0290 3000       
2011/04/18 19:22:41.0290 3000        OS Version: 6.0.6000 ServicePack: 0.0
2011/04/18 19:22:41.0290 3000        Product type: Workstation
2011/04/18 19:22:41.0290 3000        ComputerName: SUSHIKISTE-PC
2011/04/18 19:22:41.0290 3000        UserName: sushikiste
2011/04/18 19:22:41.0290 3000        Windows directory: C:\Windows
2011/04/18 19:22:41.0290 3000        System windows directory: C:\Windows
2011/04/18 19:22:41.0290 3000        Processor architecture: Intel x86
2011/04/18 19:22:41.0290 3000        Number of processors: 2
2011/04/18 19:22:41.0291 3000        Page size: 0x1000
2011/04/18 19:22:41.0291 3000        Boot type: Normal boot
2011/04/18 19:22:41.0291 3000        ================================================================================
2011/04/18 19:22:47.0690 3000        Initialize success
2011/04/18 19:22:49.0861 3472        ================================================================================
2011/04/18 19:22:49.0861 3472        Scan started
2011/04/18 19:22:49.0861 3472        Mode: Manual;
2011/04/18 19:22:49.0861 3472        ================================================================================
2011/04/18 19:22:51.0205 3472        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/18 19:22:51.0276 3472        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/18 19:22:51.0330 3472        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/18 19:22:51.0377 3472        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/18 19:22:51.0408 3472        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/18 19:22:51.0477 3472        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/18 19:22:51.0539 3472        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/18 19:22:51.0608 3472        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/18 19:22:51.0684 3472        aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/04/18 19:22:51.0715 3472        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/18 19:22:51.0733 3472        amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/04/18 19:22:51.0760 3472        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/18 19:22:51.0799 3472        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/18 19:22:51.0895 3472        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/18 19:22:51.0965 3472        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/18 19:22:52.0034 3472        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 19:22:52.0079 3472        atapi          (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/04/18 19:22:52.0116 3472        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/18 19:22:52.0198 3472        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/18 19:22:52.0278 3472        BCM43XV        (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/18 19:22:52.0301 3472        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/18 19:22:52.0359 3472        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 19:22:52.0407 3472        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/18 19:22:52.0437 3472        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/18 19:22:52.0513 3472        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/18 19:22:52.0576 3472        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/18 19:22:52.0638 3472        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/18 19:22:52.0662 3472        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/18 19:22:52.0688 3472        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/18 19:22:52.0801 3472        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 19:22:52.0852 3472        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 19:22:52.0901 3472        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/18 19:22:52.0957 3472        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/18 19:22:53.0024 3472        cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/04/18 19:22:53.0050 3472        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/18 19:22:53.0071 3472        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/18 19:22:53.0101 3472        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/18 19:22:53.0166 3472        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 19:22:53.0236 3472        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/18 19:22:53.0284 3472        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 19:22:53.0315 3472        DXGKrnl        (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 19:22:53.0368 3472        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/18 19:22:53.0395 3472        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/18 19:22:53.0479 3472        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/18 19:22:53.0532 3472        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 19:22:53.0571 3472        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 19:22:53.0617 3472        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 19:22:53.0659 3472        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 19:22:53.0684 3472        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 19:22:53.0703 3472        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 19:22:53.0761 3472        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 19:22:53.0798 3472        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/18 19:22:53.0863 3472        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/18 19:22:53.0927 3472        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/18 19:22:54.0006 3472        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 19:22:54.0052 3472        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 19:22:54.0093 3472        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/18 19:22:54.0123 3472        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/18 19:22:54.0168 3472        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 19:22:54.0212 3472        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/18 19:22:54.0273 3472        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 19:22:54.0318 3472        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/18 19:22:54.0386 3472        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 19:22:54.0419 3472        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/18 19:22:54.0505 3472        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/18 19:22:54.0619 3472        IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/18 19:22:54.0685 3472        intelide        (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/04/18 19:22:54.0718 3472        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 19:22:54.0782 3472        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 19:22:54.0837 3472        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/18 19:22:54.0872 3472        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/18 19:22:54.0896 3472        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/18 19:22:54.0929 3472        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/18 19:22:59.0204 3472        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 19:22:59.0248 3472        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/18 19:22:59.0275 3472        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/18 19:22:59.0446 3472        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 19:22:59.0466 3472        kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 19:22:59.0525 3472        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 19:22:59.0605 3472        LGBusEnum      (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
2011/04/18 19:22:59.0641 3472        LGVirHid        (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
2011/04/18 19:22:59.0685 3472        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 19:22:59.0753 3472        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/18 19:22:59.0842 3472        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/18 19:22:59.0903 3472        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/18 19:22:59.0924 3472        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/18 19:23:00.0149 3472        LVPr2Mon        (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/18 19:23:00.0396 3472        LVRS            (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/18 19:23:00.0494 3472        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/18 19:23:00.0575 3472        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/18 19:23:00.0626 3472        monitor        (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 19:23:00.0660 3472        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 19:23:00.0714 3472        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 19:23:00.0750 3472        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 19:23:00.0834 3472        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/18 19:23:00.0891 3472        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 19:23:00.0950 3472        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/18 19:23:01.0029 3472        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 19:23:01.0063 3472        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 19:23:01.0090 3472        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 19:23:01.0113 3472        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 19:23:01.0189 3472        msahci          (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/04/18 19:23:01.0262 3472        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/18 19:23:01.0296 3472        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 19:23:01.0342 3472        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/04/18 19:23:01.0441 3472        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 19:23:01.0466 3472        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 19:23:01.0497 3472        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 19:23:01.0545 3472        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 19:23:01.0594 3472        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 19:23:01.0630 3472        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 19:23:01.0676 3472        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/18 19:23:01.0776 3472        NativeWifiP    (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 19:23:01.0820 3472        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/18 19:23:01.0895 3472        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 19:23:01.0916 3472        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 19:23:01.0938 3472        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 19:23:01.0969 3472        NDProxy        (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 19:23:01.0992 3472        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 19:23:02.0019 3472        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 19:23:02.0084 3472        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/18 19:23:02.0110 3472        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 19:23:02.0160 3472        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 19:23:02.0217 3472        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 19:23:02.0294 3472        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/18 19:23:02.0389 3472        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/18 19:23:02.0455 3472        NVENETFD        (19055a1c1076ef48e738d26ea7fb8017) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/18 19:23:02.0729 3472        nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/18 19:23:02.0818 3472        NVR0Dev        (61d6b1c71ad94f8485e966bebc36d092) C:\Windows\nvoclock.sys
2011/04/18 19:23:02.0879 3472        nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/04/18 19:23:02.0936 3472        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/04/18 19:23:03.0052 3472        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/18 19:23:03.0215 3472        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/18 19:23:03.0348 3472        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/18 19:23:03.0372 3472        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 19:23:03.0428 3472        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/18 19:23:03.0476 3472        pci            (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/04/18 19:23:03.0528 3472        pciide          (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/04/18 19:23:03.0594 3472        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/18 19:23:03.0661 3472        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/18 19:23:03.0735 3472        pepifilter      (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
2011/04/18 19:23:03.0893 3472        PID_PEPI        (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/04/18 19:23:04.0151 3472        PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 19:23:04.0225 3472        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/18 19:23:04.0370 3472        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 19:23:04.0460 3472        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/18 19:23:04.0545 3472        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/18 19:23:04.0611 3472        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 19:23:04.0658 3472        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 19:23:04.0712 3472        Rasl2tp        (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 19:23:04.0745 3472        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 19:23:05.0277 3472        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 19:23:05.0396 3472        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 19:23:05.0481 3472        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/18 19:23:05.0658 3472        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 19:23:05.0877 3472        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 19:23:06.0002 3472        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 19:23:06.0137 3472        RTL8187B        (872c4e777bedcd7f99dc09016b5e6f39) C:\Windows\system32\DRIVERS\wg111v3.sys
2011/04/18 19:23:06.0661 3472        s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/04/18 19:23:06.0721 3472        s0016mdfl      (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/04/18 19:23:06.0771 3472        s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/04/18 19:23:06.0856 3472        s0016mgmt      (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/04/18 19:23:06.0904 3472        s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/04/18 19:23:06.0944 3472        s0016obex      (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/04/18 19:23:06.0988 3472        s0016unic      (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/04/18 19:23:07.0091 3472        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/18 19:23:07.0162 3472        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 19:23:07.0223 3472        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/18 19:23:07.0313 3472        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/18 19:23:07.0357 3472        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/18 19:23:07.0442 3472        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/18 19:23:07.0562 3472        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/18 19:23:07.0594 3472        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/18 19:23:07.0661 3472        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/18 19:23:07.0695 3472        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/18 19:23:07.0782 3472        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/18 19:23:07.0870 3472        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/18 19:23:07.0961 3472        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/18 19:23:08.0023 3472        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 19:23:08.0067 3472        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/18 19:23:08.0284 3472        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/18 19:23:08.0284 3472        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/18 19:23:08.0291 3472        sptd - detected Locked file (1)
2011/04/18 19:23:08.0353 3472        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 19:23:08.0493 3472        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 19:23:08.0629 3472        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 19:23:08.0765 3472        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/18 19:23:09.0203 3472        SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/18 19:23:09.0735 3472        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 19:23:10.0177 3472        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/18 19:23:10.0513 3472        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/18 19:23:10.0731 3472        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/18 19:23:10.0922 3472        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 19:23:11.0032 3472        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 19:23:11.0349 3472        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 19:23:11.0973 3472        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 19:23:12.0504 3472        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 19:23:13.0356 3472        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 19:23:14.0184 3472        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 19:23:14.0417 3472        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 19:23:14.0576 3472        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/18 19:23:14.0823 3472        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 19:23:15.0015 3472        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/18 19:23:15.0443 3472        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 19:23:16.0641 3472        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/18 19:23:17.0777 3472        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/18 19:23:18.0829 3472        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/18 19:23:19.0709 3472        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/18 19:23:19.0946 3472        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 19:23:20.0174 3472        USBAAPL        (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/18 19:23:20.0238 3472        usbaudio        (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/04/18 19:23:20.0337 3472        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 19:23:20.0384 3472        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/18 19:23:20.0440 3472        usbehci        (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 19:23:20.0589 3472        usbhub          (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 19:23:20.0718 3472        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/18 19:23:20.0871 3472        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/18 19:23:21.0037 3472        USBSTOR        (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 19:23:21.0204 3472        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 19:23:21.0382 3472        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 19:23:21.0499 3472        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/18 19:23:21.0612 3472        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/18 19:23:21.0761 3472        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/18 19:23:22.0058 3472        viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/04/18 19:23:22.0151 3472        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/04/18 19:23:22.0174 3472        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 19:23:22.0224 3472        volsnap        (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/18 19:23:22.0367 3472        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/18 19:23:22.0527 3472        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/18 19:23:22.0602 3472        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 19:23:22.0662 3472        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 19:23:22.0708 3472        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/18 19:23:23.0150 3472        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 19:23:23.0391 3472        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/18 19:23:23.0641 3472        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 19:23:23.0717 3472        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 19:23:23.0844 3472        ================================================================================
2011/04/18 19:23:23.0844 3472        Scan finished
2011/04/18 19:23:23.0844 3472        ================================================================================
2011/04/18 19:23:23.0856 3156        Detected object count: 1
2011/04/18 19:23:33.0089 3156        Locked file(sptd) - User select action: Skip
Edit: der PC startet schon merkbar schneller neu und ist auch allgemein schneller mit dem öffnen von opera z.B.

cosinus 18.04.2011 18:38
Poste bitte neue OTL-Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Randi 18.04.2011 18:42
OTL
OTL Logfile:
Code:
OTL logfile created on: 18.04.2011 19:39:44 - Run 5
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\sushikiste\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 137,76 Gb Free Space | 47,83% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,84 Gb Free Space | 58,37% Space Free | Partition Type: NTFS
Drive E: | 636,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SUSHIKISTE-PC | User Name: sushikiste | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\sushikiste\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\sushikiste\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SearchAnonymizer) -- C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NVR0Dev) -- C:\Windows\nvoclock.sys (NVidia Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                          )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 23:35:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.15 03:05:00 | 000,000,000 | ---D | M]
 
[2010.09.16 23:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Extensions
[2011.04.11 18:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions
[2011.02.08 08:32:44 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.09.17 19:38:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.11 18:24:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.28 19:53:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.28 19:53:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.11 02:04:25 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.03.11 02:04:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com
[2011.03.11 02:04:39 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com
[2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\Mozilla\Firefox\Profiles\aumc5ur9.default\searchplugins\conduit.xml
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\Mozilla\Firefox\Profiles\aumc5ur9.default\searchplugins\icqplugin.xml
[2011.02.22 15:52:49 | 000,001,196 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\Mozilla\Firefox\Profiles\aumc5ur9.default\searchplugins\winamp-search.xml
[2011.04.11 22:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.26 18:26:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.11 22:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.11 22:46:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.04.12 19:20:57 | 000,001,382 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} -  File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: ({DLL_Str}) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\unlgluhp\dtasvuqg.exe) -  File not found
O24 - Desktop WallPaper: C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.18 18:54:24 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\sushikiste\Desktop\tdsskiller.exe
[2011.04.18 16:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.04.18 16:11:04 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011.04.18 16:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Fraps
[2011.04.18 16:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.04.18 16:10:27 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.04.18 02:06:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe
[2011.04.18 01:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.15 03:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.04.13 01:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\lol-cb3.game_p
[2011.04.13 01:37:35 | 000,194,376 | ---- | C] (Solid State Networks) -- C:\Program Files\patcher_update_tmp.exe
[2011.04.13 01:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\lol-cb3.patcher_15
[2011.04.13 01:36:25 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011.04.13 01:36:25 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011.04.13 01:36:23 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011.04.13 01:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\html
[2011.04.13 01:29:53 | 000,114,688 | ---- | C] (TODO: <Company name>) -- C:\Program Files\CRiotInternetSecurityManagerCom.dll
[2011.04.13 01:29:53 | 000,110,592 | ---- | C] (Solid State Networks) -- C:\Program Files\CRiotLauncherElevateCOM.dll
[2011.04.13 01:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\air
[2011.04.13 01:29:51 | 000,421,888 | ---- | C] (Solid State Networks) -- C:\Program Files\lol.launcher.exe
[2011.04.13 01:29:51 | 000,194,376 | ---- | C] (Solid State Networks) -- C:\Program Files\patcher_update.exe
[2011.04.13 01:29:51 | 000,176,968 | ---- | C] (Solid State Networks) -- C:\Program Files\patcher_lib.decode.dll
[2011.04.13 01:29:51 | 000,118,784 | ---- | C] (Solid State Networks) -- C:\Program Files\launcher.maestro.dll
[2011.04.13 01:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\game
[2011.04.13 01:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011.04.12 22:32:14 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Desktop\League of Legends
[2011.04.12 22:30:59 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Local\PMB Files
[2011.04.12 22:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011.04.12 19:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.04.11 22:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.04.11 22:46:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.11 22:46:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.11 22:46:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.11 22:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.04.11 18:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.04.11 18:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.4
[2011.04.11 18:14:34 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011.04.11 18:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak3
[2011.04.11 15:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\unlgluhp
[2011.04.03 12:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.04.03 12:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.03.28 19:53:21 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Local\Conduit
[2011.03.21 18:23:37 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\Sun
[2011.02.12 17:09:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5285.dll
[2011.02.12 17:03:44 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3F8.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\sushikiste\*.tmp files -> C:\Users\sushikiste\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.18 19:28:14 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.18 19:28:14 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.18 19:28:14 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.18 19:28:14 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.18 19:22:36 | 000,037,397 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.18 19:22:36 | 000,037,397 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.18 19:21:59 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 19:21:59 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 19:21:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.18 18:54:27 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\sushikiste\Desktop\tdsskiller.exe
[2011.04.18 18:52:11 | 000,000,127 | ---- | M] () -- C:\Program Files\launcher_options.ini
[2011.04.18 16:59:22 | 000,109,568 | ---- | M] () -- C:\Users\sushikiste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 16:40:12 | 858,282,968 | ---- | M] () -- C:\Users\sushikiste\Documents\KarimZappex.avi
[2011.04.18 16:11:04 | 000,000,730 | ---- | M] () -- C:\Users\sushikiste\Desktop\Fraps.lnk
[2011.04.18 16:10:06 | 001,530,725 | ---- | M] () -- C:\Users\sushikiste\Desktop\wrar400d.exe
[2011.04.18 02:06:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe
[2011.04.18 01:53:32 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.15 16:53:39 | 000,000,190 | ---- | M] () -- C:\Program Files\lol-cb3.game.version
[2011.04.15 16:53:38 | 000,000,020 | ---- | M] () -- C:\Program Files\gameversion_Live_04_11_2011_01
[2011.04.15 16:50:43 | 000,000,010 | ---- | M] () -- C:\Program Files\airversion_v1.33.22
[2011.04.15 03:05:01 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.04.15 02:59:10 | 000,001,574 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.04.13 01:37:43 | 000,000,190 | ---- | M] () -- C:\Program Files\lol-cb3.patcher.version
[2011.04.13 01:37:40 | 000,001,693 | ---- | M] () -- C:\Program Files\launcher_config.xml
[2011.04.13 01:36:26 | 000,001,513 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2011.04.12 22:29:40 | 002,257,408 | ---- | M] () -- C:\Users\sushikiste\Desktop\LeagueofLegends.exe
[2011.04.11 22:46:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.04.11 22:46:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.11 22:46:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.11 22:46:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.11 18:24:17 | 000,001,569 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.04.11 18:14:34 | 000,000,863 | ---- | M] () -- C:\Users\sushikiste\Desktop\TeamSpeak 3 Client.lnk
[2011.04.09 13:17:10 | 000,002,032 | ---- | M] () -- C:\Users\sushikiste\AppData\Local\d3d9caps.dat
[2011.04.03 12:57:36 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2011.03.28 19:52:50 | 000,001,151 | ---- | M] () -- C:\Users\sushikiste\Desktop\Free YouTube to MP3 Converter.lnk
[2011.03.28 10:45:36 | 000,300,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\sushikiste\*.tmp files -> C:\Users\sushikiste\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.18 16:39:20 | 858,282,968 | ---- | C] () -- C:\Users\sushikiste\Documents\KarimZappex.avi
[2011.04.18 16:11:04 | 000,000,730 | ---- | C] () -- C:\Users\sushikiste\Desktop\Fraps.lnk
[2011.04.18 16:10:06 | 001,530,725 | ---- | C] () -- C:\Users\sushikiste\Desktop\wrar400d.exe
[2011.04.18 01:53:32 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.15 16:53:38 | 000,000,020 | ---- | C] () -- C:\Program Files\gameversion_Live_04_11_2011_01
[2011.04.15 16:50:43 | 000,000,010 | ---- | C] () -- C:\Program Files\airversion_v1.33.22
[2011.04.15 03:05:01 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.04.15 03:05:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.04.15 02:59:11 | 000,001,586 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.04.15 02:59:10 | 000,001,574 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.04.13 01:36:26 | 000,001,513 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2011.04.13 01:29:51 | 000,192,512 | ---- | C] () -- C:\Program Files\xdelta.exe
[2011.04.13 01:29:51 | 000,059,904 | ---- | C] () -- C:\Program Files\zlib1.dll
[2011.04.13 01:29:51 | 000,001,693 | ---- | C] () -- C:\Program Files\launcher_config.xml
[2011.04.13 01:29:51 | 000,000,190 | ---- | C] () -- C:\Program Files\lol-cb3.patcher.version
[2011.04.13 01:29:51 | 000,000,190 | ---- | C] () -- C:\Program Files\lol-cb3.game.version
[2011.04.13 01:29:51 | 000,000,127 | ---- | C] () -- C:\Program Files\launcher_options.ini
[2011.04.13 01:29:50 | 000,954,368 | ---- | C] () -- C:\Program Files\launcher.lib.dll
[2011.04.13 01:29:50 | 000,057,344 | ---- | C] () -- C:\Program Files\launcher.lang-fr.dll
[2011.04.13 01:29:50 | 000,057,344 | ---- | C] () -- C:\Program Files\launcher.lang-es.dll
[2011.04.13 01:29:50 | 000,057,344 | ---- | C] () -- C:\Program Files\launcher.lang-de.dll
[2011.04.13 01:29:50 | 000,053,248 | ---- | C] () -- C:\Program Files\launcher.lang-en.dll
[2011.04.12 22:29:37 | 002,257,408 | ---- | C] () -- C:\Users\sushikiste\Desktop\LeagueofLegends.exe
[2011.04.11 18:24:17 | 000,001,569 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.03.28 19:52:50 | 000,001,151 | ---- | C] () -- C:\Users\sushikiste\Desktop\Free YouTube to MP3 Converter.lnk
[2011.01.13 18:41:25 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.10.05 14:54:28 | 000,037,397 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.10.05 14:54:25 | 000,037,397 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.08.08 21:02:18 | 000,017,408 | ---- | C] () -- C:\Users\sushikiste\AppData\Local\WebpageIcons.db
[2010.07.28 15:44:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.24 16:49:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.06.24 16:49:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.06.24 16:49:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.06.24 16:49:16 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.06.24 16:49:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.06.13 18:35:09 | 000,139,152 | ---- | C] () -- C:\Users\sushikiste\AppData\Roaming\PnkBstrK.sys
[2010.04.22 10:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\I531_1013.INI
[2010.04.21 18:51:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.04.21 13:45:51 | 000,109,568 | ---- | C] () -- C:\Users\sushikiste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.20 20:49:23 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.04.20 20:43:37 | 000,002,032 | ---- | C] () -- C:\Users\sushikiste\AppData\Local\d3d9caps.dat
[2009.10.07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2007.03.12 12:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006.11.02 17:33:31 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,300,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,609,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,726 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Zeug:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Musik:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---


Extras
OTL Logfile:
Code:
OTL Extras logfile created on: 18.04.2011 19:39:44 - Run 5
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\sushikiste\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 137,76 Gb Free Space | 47,83% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,84 Gb Free Space | 58,37% Space Free | Partition Type: NTFS
Drive E: | 636,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SUSHIKISTE-PC | User Name: sushikiste | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{134958DB-DFD9-43F6-87AF-F711B35F8DBF}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher |
"{14176646-394A-41C4-8C2D-7486E00146E3}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{161F70BC-06EC-4EF9-96D8-3729DD28E876}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{174032D4-5922-4FD3-B911-C93DEE7D08DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22C8603C-8F7D-4AA5-BD3D-89E18D04AB6C}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |
"{2D52D9CD-4917-4356-878F-52F25D639227}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{300A04D8-A4A3-4E05-BE8E-1382D42C422F}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{316170C2-B6EF-478D-ACAB-5735C24AE569}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{32B94D00-1164-4F0B-8D87-B403C9C7230A}" = lport=6908 | protocol=17 | dir=in | name=league of legends launcher |
"{32D59CD5-85DA-44AF-B7FB-71712020A41C}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{395B5EF4-D9A0-436C-A858-9CFDFD1266C2}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |
"{41621D54-DB13-4E66-8663-3B298BA7A275}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{434802E4-14D3-47A6-93BF-B5E18D5D1664}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher |
"{4619CF0E-A1E7-4F9E-8E7B-693026BFFCD1}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{578754C2-1F38-4284-9877-43D746C3FD89}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{6C1BA13D-5C86-49E4-B08D-3A2CB8EF18A4}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{7957E408-9DD5-4B54-A6F7-7826F19B5F39}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{87E2E196-89F8-43CC-A1D9-C74231FBEFB8}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{895B5833-ACBB-44EB-BBDB-23A957760230}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8A455C22-9424-432E-B188-E7CB0F59C182}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher |
"{8B920C42-3DB4-4989-A33E-FB076FC96DB3}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{8FB0EE13-C11F-48B9-94E9-6585739004F1}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{8FD5C8D7-ED5F-48FD-8FD8-349E8EDD01A7}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{9561D2F1-D0E0-4F82-9573-2B7B3FEC1D8F}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher |
"{9DC76A25-C7E6-4E98-98EE-A4027CEE54DC}" = lport=6908 | protocol=6 | dir=in | name=league of legends launcher |
"{A0AE6E0E-96BE-42A3-A4EE-530DAB8367B9}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher |
"{A101703D-12EE-4407-AD2E-BF1DB1C8AC95}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{AD52F745-60A2-419A-AC14-F381C8FAA30E}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{BDED8C30-F196-4F7A-8590-80EAED1EE10E}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{C454E5BB-604B-4D36-91DC-CF788C27A198}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher |
"{C553120F-62D6-4B1F-8FD6-58BF057CB91F}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{CCE15F3E-75BA-4D78-A261-FC83995DA834}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher |
"{D70089E2-E681-4D7B-98E7-BF53995529A3}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher |
"{D8D98E1B-5880-42F9-A299-E7F1FDAF028B}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{DE80B1E0-BAE0-4895-9F7F-1A10DAEC1D30}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher |
"{F37EBBF7-0B35-441D-BD8B-C30B8DA466CC}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{F5635713-4D86-4B36-99B1-5BBD8BF5DC35}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{F60C41CA-EFDA-428A-8629-10AB282DD9CC}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{F8F0952F-BBB7-4A09-80D4-BCF73D573D09}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{F903F641-E43C-42DB-A795-57340AAD9FF6}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher |
"{FCB3E0E7-6CEA-48B6-90CF-6DBB741A0DBC}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{FDA7C0E0-306B-4751-8C58-3432C2DECED2}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E95800-5724-409A-AB51-249DFD858CB2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{0D73330A-79DB-4557-B596-664052D93D8B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{1CC92585-F9C1-4BEB-893F-E12F6530687B}" = protocol=6 | dir=in | app=c:\program files\game\league of legends.exe |
"{2933756A-4B30-49CE-9342-B4E8F6A2771D}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{2DEDA199-9F24-4AAE-BD0D-58390412D977}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{3342639A-A1A6-4025-BBEC-5193D5B5CA40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E7C95C6-EAFA-4060-893B-2D18ABDD5927}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{410821A2-EF28-4CDD-A2DC-257E97C64D5A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{472B86F3-FE39-47C9-ABC3-A5FEDAA8FF33}" = protocol=17 | dir=in | app=c:\program files\air\lolclient.exe |
"{55668923-92AD-4071-8F65-1AC6146D6675}" = protocol=17 | dir=in | app=c:\program files\game\league of legends.exe |
"{59D014BB-DA4B-41F7-B4FA-2F824616A502}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7D2C5C15-D284-4E18-B4FE-FE28F81DB722}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{8B752F90-3DA3-4145-BBFF-705350D49530}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{94D98139-93C4-4AE7-A701-8BB96D145453}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{A7BEBE6F-3F91-48BB-BD2F-D9CA3257599B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AD51EDD3-FAB6-47B0-AE47-397CABE3FABC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD7D7896-4C5B-4ECE-B807-5CE2ED46D306}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{B08F4550-2409-44EB-9ABB-A1225CA55428}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B268C401-25FB-4570-9177-4D0DABDACA88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B634123A-FDEF-4720-9C26-4B2FD8263097}" = protocol=6 | dir=in | app=c:\program files\air\lolclient.exe |
"{BB21382E-6AB3-4E39-AA02-DBAE3D5B681A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BE23A2C2-1DCD-4599-9A05-884083ACD78A}" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"{C1FFA3C9-594E-452A-9115-00F6405E6228}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C8A2F66C-23B1-47E5-BB86-E1918C0ECD91}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{CF2B2289-F165-4DEC-A10D-A02B52C556BB}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D2286D3D-0B96-4317-9566-62E6FC9F5583}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D7676590-6A95-4380-8879-EB47F0F6228B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{DEA1C3EC-5E58-46AF-916B-5F0AEF700848}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E14D4D6D-D925-4C9B-85B2-D4FA6DBF94E6}" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"{F55A049C-E8C6-4CFE-AFD1-79F74E89363E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F70A21E5-86F3-4250-91C8-713138D17FEB}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{F8503D22-A725-4AA5-8B92-4909AED843EC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1F6D77E3-ECBA-484B-A637-6FDE926D6EE7}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{3A518229-DE3C-47B4-95C4-7C9EE6155B39}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{4DBB2CA4-39ED-43E6-AD47-AE9143F3F2F6}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{624BB05E-22DE-4C1B-85E0-451DABB921D4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{636C2056-CDFA-4039-A5D9-F93762DD95F5}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{665CCF3B-AD33-4637-BD66-2022FFC4DF2F}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{789EA55B-22FD-45FE-B7B5-26B361BE5C74}C:\users\sushikiste\desktop\wow offi\launcher.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"TCP Query User{A52B9186-E3DB-4CE2-8A4B-FD83D9337C01}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D391F10B-9D60-4DE7-8C1E-AFB77423F92F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{ECDFBF2D-1729-4B09-99B8-FBC2B3449C6C}C:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{30DA3827-0A79-46D3-A2D0-684433F92CC8}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5DF47BED-0E00-44E5-85F8-D1E32FF6A91A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{740D67FE-DD54-4047-8030-93E3221A00EE}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{97403973-67F3-46A8-ABC9-D4DCC70FAA62}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{A0C4FCB3-75A4-4229-AD04-C27FFA028820}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A2647C15-25DF-44EC-8E7D-0B9F1C41B033}C:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{A502E949-1F50-41A8-B86A-9277DC96F046}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B2C53353-F6AC-4A8E-B2AF-4DDCDB6B3AD3}C:\users\sushikiste\desktop\wow offi\launcher.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"UDP Query User{B91EB6C5-F877-496D-9AC1-77F7C8ACAD55}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{FE2E8CD0-47F3-44E0-BCE5-3C14D41E2960}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57C36BD9-856B-4070-8F9C-0D01DC69C8F0}_is1" = Click & Learn 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA796D95-C706-4BB9-BDDE-FF228D13D28A}" = Livestream Procaster
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DB52432E-3AD8-41A5-A586-0F065FB6A31E}" = Game Cam
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"1EC636D2DBA2D9924E02E10DA797DEC16306C1A9" = Windows Driver Package - Logitech HIDClass  (10/16/2006 1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.10.2092" = Opera 11.10
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"f031ef6ac137efc5" = Dell Driver Download Manager
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2011 20:07:26 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:37 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:37 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 22:14:38 | Computer Name = sushikiste-PC | Source = Application Hang | ID = 1002
Description = Programm WoW.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1424  Anfangszeit: 01cbfca52aa9cc9b  Zeitpunkt der Beendigung:
 157
 
Error - 17.04.2011 10:10:04 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x42c, Anwendungsstartzeit
 01cbfcf7be59d189.
 
Error - 17.04.2011 21:10:03 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x47c, Anwendungsstartzeit
 01cbfd5950137d14.
 
Error - 18.04.2011 00:50:17 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x6c8, Anwendungsstartzeit
 01cbfd658e3802bc.
 
Error - 18.04.2011 10:10:03 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x434, Anwendungsstartzeit
 01cbfdccfa982681.
 
Error - 18.04.2011 11:10:01 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x1364, Anwendungsstartzeit
 01cbfdd26dc4dc9b.
 
Error - 18.04.2011 12:10:01 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x430, Anwendungsstartzeit
 01cbfddc5d7bec78.
 
[ System Events ]
Error - 10.06.2010 09:32:24 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 09:34:22 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2010 09:58:58 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 09:58:58 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 10:00:56 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.06.2010 08:22:22 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:22:22 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:24:20 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.06.2010 08:37:55 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:37:55 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >
--- --- ---

cosinus 18.04.2011 18:48
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Zeug:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Musik:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
[2011.04.13 01:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\lol-cb3.game_p
[2011.04.18 16:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O4 - HKLM..\Run: []  File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
[2010.09.16 23:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Extensions
[2011.04.11 18:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions
[2011.02.08 08:32:44 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.09.17 19:38:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.11 18:24:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.28 19:53:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.28 19:53:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.11 02:04:25 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.03.11 02:04:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Randi 18.04.2011 18:54
Code:
All processes killed
========== OTL ==========
Unable to delete ADS C:\Users\sushikiste\Desktop\Zeug:Roxio EMC Stream .
ADS C:\Users\sushikiste\Desktop\Videos:Roxio EMC Stream deleted successfully.
ADS C:\Users\sushikiste\Desktop\Musik:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Sounds\FMOD folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Sounds folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Shaders\DX9_P1\SIMPLE_ENVIRONMENT folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Shaders\DX9_P1 folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Shaders folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Particles folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Menu folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\LanguageFilters folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\CFG\defaults folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\CFG folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\META-INF folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\css folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\fr_FR folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\es_ES folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\en_US folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\en_GB folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\de_DE folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\layout folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\content\champion_portraits folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\content\champions folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\content\bundles folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\content folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\sounds\es_ES\champions folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\sounds\es_ES folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\sounds folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\locale folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\images\image folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\images\champions folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\images folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\help\de_DE folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\help folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\data\champions folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\data folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air folder moved successfully.
C:\Program Files\lol-cb3.game_p folder moved successfully.
C:\ProgramData\TEMP folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files\softonic-de3\tbsoft.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Program Files\DVDVideoSoft\tbDVDV.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
C:\Users\sushikiste\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\content\preferences folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\content\images folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions folder moved successfully.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Program Files\ICQ6Toolbar\ICQ Service.exe moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Andere
->Temp folder emptied: 33697 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: sushikiste
->Temp folder emptied: 1812801 bytes
->Temporary Internet Files folder emptied: 5878685 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47601498 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 2708024 bytes
->Flash cache emptied: 61069 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 177815475 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 270490 bytes
RecycleBin emptied: 198632 bytes
 
Total Files Cleaned = 226,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04182011_195022

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 18.04.2011 18:59
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Randi 18.04.2011 19:05
Code:
2011/04/18 20:03:31.0775 4544        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 20:03:32.0072 4544        ================================================================================
2011/04/18 20:03:32.0072 4544        SystemInfo:
2011/04/18 20:03:32.0072 4544       
2011/04/18 20:03:32.0072 4544        OS Version: 6.0.6000 ServicePack: 0.0
2011/04/18 20:03:32.0072 4544        Product type: Workstation
2011/04/18 20:03:32.0072 4544        ComputerName: SUSHIKISTE-PC
2011/04/18 20:03:32.0072 4544        UserName: sushikiste
2011/04/18 20:03:32.0072 4544        Windows directory: C:\Windows
2011/04/18 20:03:32.0072 4544        System windows directory: C:\Windows
2011/04/18 20:03:32.0072 4544        Processor architecture: Intel x86
2011/04/18 20:03:32.0072 4544        Number of processors: 2
2011/04/18 20:03:32.0072 4544        Page size: 0x1000
2011/04/18 20:03:32.0072 4544        Boot type: Normal boot
2011/04/18 20:03:32.0072 4544        ================================================================================
2011/04/18 20:03:34.0565 4544        Initialize success
2011/04/18 20:03:36.0272 2932        ================================================================================
2011/04/18 20:03:36.0272 2932        Scan started
2011/04/18 20:03:36.0272 2932        Mode: Manual;
2011/04/18 20:03:36.0272 2932        ================================================================================
2011/04/18 20:03:41.0130 2932        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/18 20:03:41.0648 2932        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/18 20:03:41.0956 2932        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/18 20:03:43.0186 2932        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/18 20:03:43.0978 2932        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/18 20:03:44.0311 2932        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/18 20:03:44.0482 2932        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/18 20:03:44.0584 2932        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/18 20:03:44.0768 2932        aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/04/18 20:03:44.0849 2932        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/18 20:03:44.0902 2932        amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/04/18 20:03:44.0978 2932        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/18 20:03:45.0016 2932        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/18 20:03:45.0145 2932        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/18 20:03:45.0200 2932        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/18 20:03:45.0302 2932        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 20:03:45.0630 2932        atapi          (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/04/18 20:03:45.0733 2932        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/18 20:03:46.0890 2932        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/18 20:03:47.0578 2932        BCM43XV        (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/18 20:03:47.0891 2932        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/18 20:03:48.0049 2932        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 20:03:48.0099 2932        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/18 20:03:48.0296 2932        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/18 20:03:48.0380 2932        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/18 20:03:48.0401 2932        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/18 20:03:48.0614 2932        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/18 20:03:48.0629 2932        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/18 20:03:48.0655 2932        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/18 20:03:48.0850 2932        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 20:03:48.0894 2932        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 20:03:48.0935 2932        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/18 20:03:49.0640 2932        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/18 20:03:50.0433 2932        cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/04/18 20:03:50.0684 2932        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/18 20:03:51.0175 2932        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/18 20:03:51.0243 2932        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/18 20:03:51.0333 2932        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 20:03:51.0400 2932        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/18 20:03:51.0443 2932        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 20:03:51.0790 2932        DXGKrnl        (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 20:03:51.0935 2932        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/18 20:03:51.0998 2932        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/18 20:03:52.0054 2932        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/18 20:03:52.0676 2932        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 20:03:53.0113 2932        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 20:03:54.0609 2932        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 20:03:55.0701 2932        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 20:03:57.0367 2932        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 20:03:57.0653 2932        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 20:03:58.0195 2932        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 20:03:58.0814 2932        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/18 20:03:59.0604 2932        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/18 20:03:59.0686 2932        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/18 20:03:59.0941 2932        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 20:04:00.0525 2932        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 20:04:00.0684 2932        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/18 20:04:00.0814 2932        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/18 20:04:00.0926 2932        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 20:04:01.0120 2932        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/18 20:04:01.0589 2932        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 20:04:01.0643 2932        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/18 20:04:01.0736 2932        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 20:04:02.0288 2932        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/18 20:04:02.0372 2932        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/18 20:04:02.0693 2932        IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/18 20:04:02.0794 2932        intelide        (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/04/18 20:04:03.0234 2932        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 20:04:03.0357 2932        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 20:04:03.0670 2932        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/18 20:04:04.0069 2932        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/18 20:04:04.0411 2932        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/18 20:04:04.0604 2932        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/18 20:04:04.0797 2932        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 20:04:05.0448 2932        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/18 20:04:05.0650 2932        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/18 20:04:05.0696 2932        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 20:04:05.0800 2932        kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 20:04:06.0339 2932        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 20:04:06.0613 2932        LGBusEnum      (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
2011/04/18 20:04:06.0674 2932        LGVirHid        (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
2011/04/18 20:04:06.0760 2932        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 20:04:07.0112 2932        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/18 20:04:07.0427 2932        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/18 20:04:07.0520 2932        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/18 20:04:07.0567 2932        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/18 20:04:07.0624 2932        LVPr2Mon        (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/18 20:04:08.0004 2932        LVRS            (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/18 20:04:08.0118 2932        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/18 20:04:08.0424 2932        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/18 20:04:08.0534 2932        monitor        (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 20:04:08.0618 2932        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 20:04:08.0972 2932        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 20:04:09.0327 2932        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 20:04:09.0451 2932        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/18 20:04:09.0615 2932        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 20:04:10.0066 2932        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/18 20:04:10.0770 2932        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 20:04:11.0003 2932        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 20:04:11.0640 2932        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 20:04:11.0806 2932        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 20:04:11.0847 2932        msahci          (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/04/18 20:04:12.0313 2932        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/18 20:04:12.0784 2932        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 20:04:12.0875 2932        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/04/18 20:04:12.0933 2932        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 20:04:12.0948 2932        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 20:04:13.0230 2932        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 20:04:13.0625 2932        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 20:04:13.0677 2932        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 20:04:13.0980 2932        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 20:04:14.0326 2932        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/18 20:04:14.0451 2932        NativeWifiP    (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 20:04:14.0494 2932        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/18 20:04:14.0536 2932        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 20:04:14.0557 2932        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 20:04:15.0012 2932        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 20:04:15.0343 2932        NDProxy        (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 20:04:15.0449 2932        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 20:04:15.0593 2932        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 20:04:15.0667 2932        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/18 20:04:15.0706 2932        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 20:04:15.0759 2932        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 20:04:16.0800 2932        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 20:04:17.0485 2932        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/18 20:04:17.0605 2932        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/18 20:04:17.0670 2932        NVENETFD        (19055a1c1076ef48e738d26ea7fb8017) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/18 20:04:22.0326 2932        nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/18 20:04:22.0475 2932        NVR0Dev        (61d6b1c71ad94f8485e966bebc36d092) C:\Windows\nvoclock.sys
2011/04/18 20:04:22.0611 2932        nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/04/18 20:04:22.0821 2932        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/04/18 20:04:22.0882 2932        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/18 20:04:23.0222 2932        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/18 20:04:23.0330 2932        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/18 20:04:23.0357 2932        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 20:04:23.0402 2932        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/18 20:04:23.0436 2932        pci            (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/04/18 20:04:23.0486 2932        pciide          (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/04/18 20:04:23.0635 2932        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/18 20:04:23.0693 2932        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/18 20:04:23.0742 2932        pepifilter      (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
2011/04/18 20:04:23.0958 2932        PID_PEPI        (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/04/18 20:04:24.0041 2932        PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 20:04:24.0082 2932        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/18 20:04:24.0153 2932        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 20:04:24.0215 2932        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/18 20:04:24.0293 2932        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/18 20:04:24.0335 2932        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 20:04:24.0374 2932        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 20:04:24.0495 2932        Rasl2tp        (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 20:04:24.0536 2932        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 20:04:24.0597 2932        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 20:04:24.0631 2932        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 20:04:24.0721 2932        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/18 20:04:24.0735 2932        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 20:04:24.0793 2932        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 20:04:24.0851 2932        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 20:04:25.0003 2932        RTL8187B        (872c4e777bedcd7f99dc09016b5e6f39) C:\Windows\system32\DRIVERS\wg111v3.sys
2011/04/18 20:04:25.0077 2932        s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/04/18 20:04:25.0245 2932        s0016mdfl      (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/04/18 20:04:25.0295 2932        s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/04/18 20:04:25.0339 2932        s0016mgmt      (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/04/18 20:04:25.0370 2932        s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/04/18 20:04:25.0393 2932        s0016obex      (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/04/18 20:04:25.0429 2932        s0016unic      (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/04/18 20:04:25.0506 2932        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/18 20:04:25.0586 2932        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 20:04:25.0623 2932        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/18 20:04:25.0661 2932        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/18 20:04:25.0701 2932        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/18 20:04:25.0774 2932        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/18 20:04:25.0836 2932        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/18 20:04:25.0852 2932        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/18 20:04:25.0935 2932        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/18 20:04:25.0952 2932        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/18 20:04:26.0040 2932        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/18 20:04:26.0110 2932        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/18 20:04:26.0135 2932        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/18 20:04:26.0647 2932        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 20:04:27.0666 2932        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/18 20:04:28.0599 2932        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/18 20:04:28.0600 2932        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/18 20:04:28.0609 2932        sptd - detected Locked file (1)
2011/04/18 20:04:29.0681 2932        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 20:04:30.0683 2932        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 20:04:31.0807 2932        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 20:04:32.0539 2932        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/18 20:04:32.0618 2932        SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/18 20:04:33.0642 2932        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 20:04:34.0725 2932        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/18 20:04:35.0654 2932        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/18 20:04:35.0972 2932        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/18 20:04:37.0842 2932        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 20:04:39.0989 2932        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 20:04:40.0789 2932        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 20:04:41.0088 2932        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 20:04:42.0594 2932        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 20:04:43.0146 2932        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 20:04:43.0216 2932        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 20:04:43.0715 2932        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 20:04:45.0625 2932        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/18 20:04:46.0108 2932        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 20:04:46.0589 2932        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/18 20:04:47.0687 2932        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 20:04:48.0706 2932        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/18 20:04:49.0670 2932        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/18 20:04:50.0671 2932        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/18 20:04:51.0166 2932        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/18 20:04:51.0670 2932        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 20:04:52.0322 2932        USBAAPL        (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/18 20:04:52.0577 2932        usbaudio        (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/04/18 20:04:52.0742 2932        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 20:04:53.0499 2932        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/18 20:04:53.0663 2932        usbehci        (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 20:04:54.0579 2932        usbhub          (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 20:04:55.0583 2932        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/18 20:04:56.0236 2932        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/18 20:04:56.0277 2932        USBSTOR        (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 20:04:56.0311 2932        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 20:04:56.0431 2932        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 20:04:56.0605 2932        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/18 20:04:56.0835 2932        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/18 20:04:57.0651 2932        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/18 20:04:58.0689 2932        viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/04/18 20:04:59.0107 2932        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/04/18 20:04:59.0162 2932        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 20:04:59.0664 2932        volsnap        (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/18 20:05:00.0271 2932        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/18 20:05:01.0059 2932        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/18 20:05:01.0292 2932        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 20:05:01.0310 2932        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 20:05:01.0356 2932        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/18 20:05:01.0655 2932        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 20:05:01.0823 2932        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/18 20:05:02.0614 2932        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 20:05:03.0618 2932        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 20:05:03.0700 2932        ================================================================================
2011/04/18 20:05:03.0700 2932        Scan finished
2011/04/18 20:05:03.0700 2932        ================================================================================
2011/04/18 20:05:03.0714 4592        Detected object count: 1
2011/04/18 20:05:06.0920 4592        Locked file(sptd) - User select action: Skip

cosinus 18.04.2011 19:14
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Randi 18.04.2011 19:34
[Code]
Combofix Logfile:
Code:
ComboFix 11-04-17.03 - sushikiste 18.04.2011  20:22:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3582.2607 [GMT 2:00]
ausgeführt von:: c:\users\sushikiste\Desktop\cofi.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe3F8.dll
c:\programdata\hpe5285.dll
c:\users\sushikiste\AppData\Local\.#
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-18 bis 2011-04-18  ))))))))))))))))))))))))))))))
.
.
2011-04-18 18:26 . 2011-04-18 18:26        --------        d-----w-        c:\users\Public\AppData\Local\temp
2011-04-18 18:26 . 2011-04-18 18:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-18 18:26 . 2011-04-18 18:26        --------        d-----w-        c:\users\Andere\AppData\Local\temp
2011-04-18 14:11 . 2011-04-18 15:18        --------        d-----w-        c:\program files\Fraps
2011-04-15 01:04 . 2011-04-15 01:04        --------        d-----w-        c:\program files\Common Files\Adobe
2011-04-12 23:37 . 2010-02-01 14:26        194376        ----a-w-        c:\program files\patcher_update_tmp.exe
2011-04-12 23:37 . 2011-04-12 23:37        --------        d-----w-        c:\program files\lol-cb3.patcher_15
2011-04-12 23:36 . 2008-07-12 06:18        467984        ----a-w-        c:\windows\system32\d3dx10_39.dll
2011-04-12 23:36 . 2008-07-12 06:18        1493528        ----a-w-        c:\windows\system32\D3DCompiler_39.dll
2011-04-12 23:36 . 2008-07-12 06:18        3851784        ----a-w-        c:\windows\system32\D3DX9_39.dll
2011-04-12 23:35 . 2011-04-12 23:35        --------        d-----w-        c:\program files\html
2011-04-12 20:30 . 2011-04-13 02:13        --------        d-----w-        c:\users\sushikiste\AppData\Local\PMB Files
2011-04-12 20:30 . 2011-04-12 20:31        --------        d-----w-        c:\programdata\PMB Files
2011-04-12 17:35 . 2011-04-12 17:35        --------        d-----w-        c:\users\sushikiste\A96BFADFA15943958E9CA9E2F059A3BB.TMP
2011-04-11 20:46 . 2011-04-11 20:46        --------        d-----w-        c:\program files\Common Files\Java
2011-04-11 20:46 . 2011-04-11 20:46        --------        d-----w-        c:\program files\Java
2011-04-11 16:23 . 2011-04-11 16:24        --------        d-----w-        c:\program files\ICQ7.4
2011-04-11 16:14 . 2011-04-11 16:14        --------        d-----w-        c:\program files\Teamspeak3
2011-04-11 13:37 . 2011-04-14 11:57        --------        d-----w-        c:\program files\unlgluhp
2011-04-03 10:57 . 2011-04-03 10:57        --------        d-----w-        c:\program files\LogMeIn Hamachi
2011-03-28 17:53 . 2011-03-28 17:53        --------        d-----w-        c:\users\sushikiste\AppData\Local\Conduit
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 20:46 . 2010-08-11 01:46        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-17 13:55 . 2010-05-08 11:08        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Ocs_SM"="c:\users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-05-13 106496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-06 74752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1708032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-11 16:23        119608        ----a-w-        c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10        142120        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]
2010-09-27 07:05        3831072        ----a-w-        c:\program files\Livestream Procaster\Procaster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 14:35        5458704        ------w-        c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 13:41        1910152        ----a-w-        c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 17:08        963976        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12        26192168        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
R3 cdrmkaun;cdrmkaun;c:\users\SUSHIK~1\AppData\Local\Temp\cdrmkaun.sys [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-29 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-05-13 40960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2010-04-21 2368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Free YouTube to Mp3 Converter - c:\users\sushikiste\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\sushikiste\AppData\Roaming\Mozilla\Firefox\Profiles\aumc5ur9.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-RayV - c:\program files\RayV\RayV\RayV.exe
AddRemove-InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D} - c:\program files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe
AddRemove-InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\WMPSideShowGadget.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\RtHDVCpl.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDPop3.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-18  20:33:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-18 18:33
ComboFix2.txt  2010-06-24 14:59
.
Vor Suchlauf: 13 Verzeichnis(se), 148.136.894.464 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 148.073.562.112 Bytes frei
.
- - End Of File - - 3B4B358932AD31FEFDF355324ABA956D
--- --- ---

cosinus 18.04.2011 19:38
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\users\SUSHIK~1\AppData\Local\Temp\cdrmkaun.sys
c:\windows\system32\SVKP.sys
c:\program files\patcher_update_tmp.exe

Folder::
c:\users\sushikiste\A96BFADFA15943958E9CA9E2F059A3BB.TMP
c:\program files\unlgluhp

Driver::
cdrmkaun
SVKP
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Randi 18.04.2011 19:48
wenn ich die txt datei auf die cf.exe ziehen möchte, dann kommt folgende fehlermeldung:

____________________________________
C:\Users\sushikiste\Desktop\cofi.exe

Es wurde versucht einen Registrierungsschlüssel einem unzulässigen Vorgang
zu unterziehen, der zum Löschen markiert wurde
_____________________________________________________________

Das kam auch als ich opera starten wollte, aber als admin konnte ich es ausführen und ausführen, aber wie stelle ich das nun mit dem "rüberziehen" an?


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131