Verdacht auf Rootkit / Mebroot

**Silent Deatz** · 18.07.2012, 05:52

Hallo,

Ich habe vor ein paar Tagen Post von meinem Provider, von meinem Rechner aus soll malware verschickt worden sein, bekommen.
Daraufhin habe ich meinen Desktop Rechner (Windows 7 Pro 64Bit) und Laptop (Windows Vista Business 32Bit) auf Viren (per Avira Antivir) und Malware (Malwarebytes) kontrollieren lassen. Es wurden auch diverse Sachen gefunden und auch behoben.

http://cbl.abuseat.org/lookup.cgi? ip=84.74.122.83&.pubmit=Lookup
Aufgrund dieses Links, welchen ich von meinem Provider bekam, gehe ich jetzt aber von aus, dass noch ein Rootkit auf meinem Rechner und Laptop installiert ist.
Gestern habe ich schon etwas durchs Forum gestöbert und habe mir auch ein paar Anleitungen angeschaut. Gerne würde ich aber nochmal Hilfe von Experten bekommen damit ich sicher sein kann, dass kein rootkit installiert ist.

Das Programm TDSkiller von Kaspersky findet auf beiden Rechnern nichts - muss aber ja noch nichts heißen.

Ich danke für die Hilfe
Gruss
Silent Deatz

**kira** · 18.07.2012, 07:06

Herzlich Willkommen hier bei uns am HijackThis Supportboard!

**Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!** und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!
Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst

► Unrechtmäßig erworbene Software (durch Keygen, Crack, Keymaker) wird hier nicht geduldet, in diesem Fall wird der Support eingestellt.!

ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!

Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
**Vista und Win7 Verwender: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
Das Program installieren und ausführen:
Anleitung:-> Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Mache Häkchen bei LOP- und Purity-Prüfung
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt OTL.txt und extra.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

4.
lade Dir HijackThis/Version 2.0.4 herunter
Vista und Win7-> Rechtsklick drauf-> "Als Administrator ausführen" wählen
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

Bitte alle Ergebnisse im Code-Tags posten!

vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein
dahinter - also am Ende der Logdatei:[/code]
Wie es geht:-> Logfiles in Code-Tags setzen

gruß
kira

**Silent Deatz** · 18.07.2012, 19:57

Hallo Kira,

vielen Dank für deine Antwort.

Habe jetzt alles auf meinem Desktop Rechner durchlaufen lassen. Der Laptop folgt dann später.

1. Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Silent Deatz :: EISTEE [Administrator]

18.07.2012 17:53:43
mbam-log-2012-07-18 (17-53-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 568174
Laufzeit: 2 Stunde(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 12
C:\Users\Silent Deatz\Desktop\Desktop\Rest\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Silent Deatz\Desktop\Neuer Ordner\ray_sp2\vray.1.50sp2.demo.max2009.32bit-patch.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\$RECYCLE.BIN\S-1-5-21-3256770825-3266176267-2289779369-1001\$RJ8NJLV.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\$RECYCLE.BIN\S-1-5-21-3256770825-3266176267-2289779369-1001\$RTTWZO9\Superscan2.06KETHER.exe (Backdoor.IRCbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Eselchen\Downloads\ALPlugin-1.0.2.4-setup.exe (Trojan.AntiLeechPlugin) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Eselchen\Downloads\O_O_BlueCon_XXL_-_Admin_Suite.exe (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Eselchen\Downloads\!!!Wichtig!!!\Programme\Keyfinder\keyfinder.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Zockerknecht\Programme\Opera9.10\program\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Zockerknecht\Programme\Opera9.10\program\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

2. OTL - OTL.txt

Code:

OTL logfile created on: 18.07.2012 20:05:58 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Silent Deatz\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,71% Memory free
15,99 Gb Paging File | 14,22 Gb Available in Paging File | 88,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 14,75 Gb Free Space | 19,80% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 184,77 Gb Free Space | 19,83% Space Free | Partition Type: NTFS
 
Computer Name: Eistee | User Name: Silent Deatz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Silent Deatz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe ()
PRC - C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe ()
PRC - C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe ()
MOD - C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TwonkyProxy) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (CoordinatorServiceHost) -- D:\Zockerknecht\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (mi-raysat_3dsMax2009_64) -- C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe ()
SRV - (DCPFLICS) -- C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (SaiH0461) -- C:\Windows\SysNative\drivers\SaiH0461.sys (Saitek)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A F9 B9 C2 70 63 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.15 10:17:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.25 20:07:32 | 000,000,000 | ---D | M]
 
[2010.04.15 10:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silent Deatz\AppData\Roaming\mozilla\Extensions
[2012.07.06 19:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silent Deatz\AppData\Roaming\mozilla\Firefox\Profiles\9qqklgd4.default\extensions
[2010.07.28 10:39:32 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Silent Deatz\AppData\Roaming\mozilla\Firefox\Profiles\9qqklgd4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.25 20:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.17 09:38:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.24 10:15:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.03 20:42:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.17 13:44:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.09 21:45:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012.06.25 20:07:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk = D:\Zockerknecht\Programme\phase-6\phase-6-compendio\reminder\reminder.exe (phase-6)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4F36044-E6FA-4F72-A2BA-373ADB44A072}: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b49a4257-e8f7-11de-a6f2-00241d7ea5ad}\Shell - "" = AutoRun
O33 - MountPoints2\{b49a4257-e8f7-11de-a6f2-00241d7ea5ad}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.18 17:55:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Silent Deatz\Desktop\OTL.exe
[2012.07.17 18:26:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Silent Deatz\Desktop\aswMBR.exe
[2012.07.17 18:02:27 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Silent Deatz\Desktop\tdsskiller.exe
[2012.07.17 18:01:17 | 000,000,000 | ---D | C] -- C:\Users\Silent Deatz\Desktop\antiboot
[2012.07.16 19:41:39 | 000,000,000 | ---D | C] -- C:\Users\Silent Deatz\.swt
[2012.07.16 19:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase6
[2012.07.16 19:41:38 | 000,000,000 | ---D | C] -- C:\Users\Silent Deatz\.phase-6
[2012.07.16 19:41:34 | 000,000,000 | ---D | C] -- C:\Users\Silent Deatz\AppData\Roaming\Phase6
[2012.07.16 19:41:34 | 000,000,000 | ---D | C] -- C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\phase-6
[2012.07.16 19:03:44 | 000,000,000 | ---D | C] -- C:\Users\Silent Deatz\AppData\Roaming\Malwarebytes
[2012.07.16 19:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 19:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 19:03:38 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.16 19:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.16 19:03:23 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Silent Deatz\Desktop\malwarebytes_antimalware_1.61.exe
[2012.07.16 18:14:27 | 000,000,000 | ---D | C] -- C:\Users\Silent Deatz\Desktop\supra bilder
[2012.07.15 22:06:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.15 22:06:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.15 22:06:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.15 22:06:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.15 22:06:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.15 22:06:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.15 22:06:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.15 22:06:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.15 22:06:15 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.15 22:06:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.15 22:06:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.15 22:06:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.15 22:06:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.15 18:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.15 18:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.15 18:29:36 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.15 18:29:25 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.15 18:29:22 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.06 19:28:00 | 000,000,000 | ---D | C] -- C:\Users\Silent Deatz\AppData\Local\Macromedia
[2012.07.02 20:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2012.07.01 11:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.01 11:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.06.26 05:59:11 | 000,000,000 | ---D | C] -- C:\Users\Silent Deatz\Desktop\Camera
[2012.06.25 20:07:32 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.06.25 20:07:32 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.06.25 20:07:32 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.06.25 20:07:32 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.06.24 09:49:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.24 09:49:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.24 09:49:25 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.24 09:48:33 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.24 09:48:33 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.24 09:48:33 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.24 09:47:54 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.24 09:47:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.18 20:09:06 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 20:09:06 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 20:01:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.18 20:01:18 | 2145,509,375 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 17:55:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Silent Deatz\Desktop\OTL.exe
[2012.07.17 19:08:09 | 000,000,512 | ---- | M] () -- C:\Users\Silent Deatz\Desktop\MBR.dat
[2012.07.17 18:26:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Silent Deatz\Desktop\aswMBR.exe
[2012.07.17 18:02:27 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Silent Deatz\Desktop\tdsskiller.exe
[2012.07.17 18:01:13 | 000,121,087 | ---- | M] () -- C:\Users\Silent Deatz\Desktop\antiboot.zip
[2012.07.16 21:15:54 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.16 21:15:54 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.16 21:15:29 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.16 19:41:34 | 000,001,067 | ---- | M] () -- C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2012.07.16 19:41:34 | 000,000,949 | ---- | M] () -- C:\Users\Silent Deatz\Desktop\phase-6 compendio.lnk
[2012.07.16 19:12:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.16 19:12:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 19:03:23 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Silent Deatz\Desktop\malwarebytes_antimalware_1.61.exe
[2012.07.16 17:18:17 | 002,259,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.15 22:01:51 | 000,038,912 | ---- | M] () -- C:\Users\Silent Deatz\Desktop\12466_de_Fakzer1_Aufgabe.zip
[2012.07.06 18:36:03 | 000,305,363 | ---- | M] () -- C:\Users\Silent Deatz\Desktop\Dichtung zwischen Turbo und Turboknie.pdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 11:48:36 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.30 13:11:50 | 000,110,480 | ---- | M] () -- C:\Users\Silent Deatz\Desktop\tor003.jpg
[2012.06.25 20:07:22 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.06.25 20:07:22 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.06.25 20:07:22 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.06.25 20:07:22 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.06.25 20:07:22 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
 
========== Files Created - No Company Name ==========
 
[2012.07.17 18:28:12 | 000,000,512 | ---- | C] () -- C:\Users\Silent Deatz\Desktop\MBR.dat
[2012.07.17 18:01:12 | 000,121,087 | ---- | C] () -- C:\Users\Silent Deatz\Desktop\antiboot.zip
[2012.07.16 19:41:34 | 000,001,067 | ---- | C] () -- C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2012.07.16 19:41:34 | 000,000,949 | ---- | C] () -- C:\Users\Silent Deatz\Desktop\phase-6 compendio.lnk
[2012.07.15 22:01:36 | 000,038,912 | ---- | C] () -- C:\Users\Silent Deatz\Desktop\12466_de_Fakzer1_Aufgabe.zip
[2012.07.06 18:36:03 | 000,305,363 | ---- | C] () -- C:\Users\Silent Deatz\Desktop\Dichtung zwischen Turbo und Turboknie.pdf
[2012.06.30 13:11:50 | 000,110,480 | ---- | C] () -- C:\Users\Silent Deatz\Desktop\tor003.jpg
[2012.06.08 20:47:56 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.08 20:47:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.12 12:09:16 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2012.05.12 11:45:03 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.02.03 15:37:57 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012.02.02 19:26:18 | 000,000,000 | ---- | C] () -- C:\Windows\plugin.ini
[2010.06.30 15:09:53 | 000,000,565 | ---- | C] () -- C:\Users\Silent Deatz\AppData\Roaming\myMPQ.ini
[2010.02.23 16:35:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.15 23:29:33 | 000,000,600 | ---- | C] () -- C:\Users\Silent Deatz\AppData\Local\PUTTY.RND
[2009.12.17 00:58:18 | 000,000,017 | ---- | C] () -- C:\Users\Silent Deatz\AppData\Local\resmon.resmoncfg
 
========== LOP Check ==========
 
[2011.11.23 14:53:21 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\.minecraft
[2012.01.31 16:14:18 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\Autodesk
[2010.03.18 20:32:36 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\CadSoft
[2011.04.07 09:12:29 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\Canneverbe Limited
[2009.12.14 23:32:23 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\DAEMON Tools Lite
[2012.02.09 19:19:39 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\DassaultSystemes
[2010.07.28 10:39:31 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.27 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\FlashFXP
[2010.04.10 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\FrontDesign
[2010.06.19 17:03:02 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\HyperLobby
[2011.12.09 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\Opera
[2012.02.28 20:47:16 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\Origin
[2012.07.16 19:54:00 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\Phase6
[2012.02.04 20:29:43 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\Samsung
[2010.03.10 00:02:17 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\streamripper
[2011.01.24 14:06:08 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\The Creative Assembly
[2010.08.07 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\TS3Client
[2012.05.19 23:22:20 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\twonkyclient
[2012.05.19 23:21:05 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\TwonkyMedia
[2012.07.18 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\TwonkyServer
[2009.12.22 00:10:36 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\Ubisoft
[2012.06.24 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Silent Deatz\AppData\Roaming\uTorrent
[2012.07.07 09:26:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

2.1 OTL - Extras.txt

Code:

OTL Extras logfile created on: 18.07.2012 20:05:58 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Silent Deatz\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,71% Memory free
15,99 Gb Paging File | 14,22 Gb Available in Paging File | 88,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 14,75 Gb Free Space | 19,80% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 184,77 Gb Free Space | 19,83% Space Free | Partition Type: NTFS
 
Computer Name: Eistee | User Name: Silent Deatz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F4610F-64D2-4B9E-891B-2259582F6232}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0768D223-22C2-480F-BDB9-68EDF07B5AB9}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{0B69271B-FEC4-45E8-A982-07891498406D}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{15367BAE-F29B-431B-AC29-B9C70AA5461D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A8371F5-94D7-4BE1-8D9B-17A4D7BB2523}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{1E1CFEAA-A011-48DE-865C-DB8A93A15597}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{1E1F7008-020B-4481-A076-347F906144D3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{231F60E1-73B8-4F41-B0EB-AAAA110E4D5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{283B1EF5-E1EC-4DB0-8D7C-8B40F6A3BB77}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3465C4EE-DC3C-42FB-AEA7-3C26F1C28275}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{35B893A5-AAA2-483A-B3C9-7B5F5C4C8A48}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3A7C72FF-548C-41D8-9449-C5F4CA7C3A36}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{42FCCBF6-7ADC-40F0-BF3E-F6E4FAFD802B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A19F186-E81D-4E4D-AF61-ABBD0896990E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51BEC648-57AC-4949-995D-7DE65F28C27F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{58015534-5BCE-4549-BBBA-7936519F5D59}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5C26AF98-1694-4961-A9AB-1F1E0B0574A1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D9E9E20-351D-41FA-8236-D8EF185C2C7F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F033C17-44E1-4748-AA70-934BA49D2ED8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FFDD67B-F3AF-48A6-AB6C-87DA4318AFEF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6847F229-0464-498E-A4A1-4C00BCC73F81}" = lport=445 | protocol=6 | dir=in | app=system | 
"{73417259-B839-4B80-8CB4-9DF884656D43}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{783DA9B3-78F0-4350-A24D-811104A2A773}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{856C6911-D075-42FB-A3D0-B0E1A03C2583}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D182E0B-D9B7-4201-AED3-26EEE206EA17}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8DFE0CA1-9B70-4E54-9DE9-C901E7120D0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{91FA8517-C05D-4642-8986-4B03CF4C630D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{969A8177-D9A5-4329-8C03-F7882B26322D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{995A1DCD-FDB0-4D07-AF9E-3CF74401707D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{9DABE7E1-9E97-42D4-BBCF-2B6513C1150F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A625A302-3239-4330-9310-D30384A64FED}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{A7E72DFF-5CBE-4678-A93D-F4733FCCEA0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD193D17-3D12-4CC3-A631-AF33935C9C23}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B1EE819C-0C4B-409F-82A8-43DD654ED90C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B41FD234-8F25-43EF-AE89-21F1F8E4845F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B43C2371-639F-470F-9CD7-DC58BDB67BC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B5A7D6F5-BDA0-4527-9F60-29CA852C572D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BEE9380F-9D1A-405D-82A1-11B0971AAC00}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{C4FDEC6B-E953-4998-9D56-53579CF2BF9C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C72EEE6C-4270-44FC-8051-C51421EA523B}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service | 
"{CC909CD7-CB75-45A7-82C7-344CFA93003F}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D18B7BF9-5235-4226-96E3-AFECDE778C4D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E15FA195-1B04-4F2E-B713-972A57B329D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5441E12-391B-434A-A4E2-202A931D0952}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E95D9FC7-FD45-4998-A1D2-700A0454D4FE}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{EDBF8D1E-134B-47D1-AB0F-5CE549AA8F75}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F44E7CB7-4A42-4856-BEB8-68968B7884E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F798A927-1FC8-4AF1-8F34-311ED8FB9055}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{FB66AD68-F5DE-4582-A562-B5E489DF67AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FB808710-C482-478D-A3E3-E9F57F010653}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0366E2F7-8C77-415F-8165-5FC50F367EA2}" = protocol=17 | dir=in | app=c:\users\silent deatz\appdata\local\temp\7zs0367\hpdiagnosticcoreui.exe | 
"{0526F4F1-BD95-42FF-90B1-4E51BF91ABCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0752B478-6238-4E9F-935A-816F51F8B79A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{07F6C6F4-7FE0-4949-8BF0-943363D35CC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{08D0D405-CA13-43EA-A5C9-C14AF85E63E8}" = protocol=17 | dir=in | app=d:\zockerknecht\games\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{0A6C024E-E82B-473B-A843-EE4F73E6DFBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0D445988-EC88-4D1B-B4B1-CBD02F27A597}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | 
"{1197BE0B-1382-4E9D-983F-6FCB86602EC8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{1C58DA00-0A43-40BB-A3F9-249D2572DF2B}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | 
"{1CD7D315-7000-4B88-8645-B267ED00AD14}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{23296517-03CE-4425-9A38-5AD54B4B01A8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{24A4D850-FA0F-4C3F-BBC6-4A0D697190DD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{26E55E35-BA49-4D3E-A3A4-0D4B14484E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{29D5BAC6-0490-4D0B-BBF0-9533CE84D387}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{2BD13FCC-DFE4-4BF3-9266-8661067DEB48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D1F8209-FADE-4A89-9357-74308ACD43C3}" = protocol=6 | dir=in | app=d:\zockerknecht\games\starcraft\starcraft.exe | 
"{2D7C3D6D-A14A-4F47-AEC9-60E87F0C4760}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | 
"{31AEDE99-14F8-4339-82F8-1D98F8F6E378}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{321C2DA6-5CB8-4B2C-856A-A5624484AC02}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{3473C083-275D-4782-9FF5-D932CA618204}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{34777294-663E-48EF-9860-06AC8400F1F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3A8E657D-E12F-4E67-AF4E-F372C0B44435}" = protocol=17 | dir=in | app=d:\zockerknecht\programme\autodesk\backburner\manager.exe | 
"{3CD68260-C0E3-41B2-981E-1FF8AC99FC25}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3CF05FF1-E9E4-401C-AC99-857CB3BD0E03}" = protocol=17 | dir=in | app=d:\zockerknecht\games\steam\steam.exe | 
"{3E0F4750-B2D0-4CDE-B6E1-C258D7A7F305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{415495C5-24BC-421A-A941-36BD9389A353}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{48EF3937-AE0A-4A73-A742-15EA04BF7806}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{4FC8B7BA-9067-445B-BA33-7C6B3CC425A6}" = protocol=17 | dir=in | app=d:\zockerknecht\programme\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{514C7F0A-C831-47EE-B010-4F2D340E9E22}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{53BCAC19-7728-498B-B75C-306E6CCC1B6F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{53C8087F-73C0-4AB7-A93C-9DEA30DB1326}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{54E73F13-266C-4E8C-A8AF-229DF36F2A41}" = protocol=6 | dir=in | app=c:\users\silent deatz\appdata\local\temp\7zs00c6\hpdiagnosticcoreui.exe | 
"{5539EAC0-5CF4-498D-B09A-99041F20B47E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{565A3C81-4746-4678-810C-8761E441DD38}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5A7E3D32-5843-4F4D-9CDE-931EC7948EC4}" = protocol=17 | dir=in | app=d:\zockerknecht\programme\autodesk\backburner\monitor.exe | 
"{5D60E6AC-9E3F-4CFC-A10A-4A77385C3CD7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{60BDD425-A7E8-41B5-93FA-B14A75E8DE48}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"{6234ED2E-C070-488B-BB8E-CE7CF72F6AB2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{69247331-647A-4796-B7B6-3A9898445EC1}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6C1A3678-AD48-458F-AA4B-915DB850326C}" = protocol=17 | dir=in | app=d:\zockerknecht\games\starcraft ii\starcraft ii.exe | 
"{6E01F859-A5FD-4ED9-A10C-19876D011F32}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"{71AB3C12-9BF1-496F-B576-1F516917830E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{732B4B4B-71D4-4170-ADFC-AD88E01364A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{74648A39-F602-4772-A629-30C9583A5B0C}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | 
"{7A2DD5AC-2BE9-4408-9B0E-F280CE85D0A3}" = protocol=6 | dir=in | app=d:\zockerknecht\games\origin\origingames\battlefield 3\bf3.exe | 
"{7DB9C262-9BD1-48E1-ACF3-3643065BA0C7}" = protocol=6 | dir=in | app=c:\users\silent deatz\appdata\local\temp\7zs0367\hpdiagnosticcoreui.exe | 
"{7DC7ADB0-581F-45C1-8430-7907B094E4E5}" = protocol=17 | dir=in | app=d:\zockerknecht\games\ubisoft\il-2 sturmovik 1946\il2fb.exe | 
"{7E4140E5-E499-435C-ADBE-788BD065C2D5}" = protocol=6 | dir=in | app=d:\zockerknecht\programme\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{7E8B9FEA-BA10-40AB-A437-30B03B6F03BC}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | 
"{86C2C050-0A04-493B-BD83-FB64F617000B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{86FFE969-D384-4FAA-9350-E468DC781121}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{8759009C-6376-4C4D-AC85-64E0E5391AFF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{87BBDCF2-D45B-497B-957B-B8DA098978D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{89EED73D-C3B1-4AF7-8850-AF9DB2473037}" = protocol=17 | dir=in | app=c:\users\silent deatz\appdata\local\temp\7zs00c6\hpdiagnosticcoreui.exe | 
"{8E578E80-5C93-4B3D-98EA-40F06A6BAC22}" = protocol=17 | dir=in | app=d:\zockerknecht\games\origin\origingames\battlefield 3\bf3.exe | 
"{977FDFD8-3570-4A79-B3C6-8232F2DD4F6F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{98993F19-8556-4D61-A5B2-C1DCC39C70A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F961E9B-F9E5-43FC-B4B1-BC968C1E9F37}" = protocol=6 | dir=in | app=d:\zockerknecht\programme\autodesk\backburner\monitor.exe | 
"{9FC581E2-64C1-410A-9261-3D7721369F55}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{A228879A-DC27-4D40-9FA4-E6F7975544EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A31C1B4E-7475-408E-9963-4F2C08EEAD3D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AACA0EDB-D9DA-404C-B504-32108856E605}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{ACCA1B56-A4AB-4C0A-88FC-C06D27F98B1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF79C2EA-3256-4BF1-BC32-7F36F862B9B6}" = protocol=17 | dir=in | app=d:\zockerknecht\programme\autodesk\backburner\server.exe | 
"{B0FC80C9-7CF9-48F2-A4E1-A3D57860B4B0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{B5F9D8E2-DBF7-4020-80D3-EB069AA8F3A2}" = protocol=6 | dir=in | app=d:\zockerknecht\games\starcraft ii\versions\base15405\sc2.exe | 
"{B68A2BF0-E8D3-4924-A93C-6D34706E62AC}" = protocol=6 | dir=in | app=d:\zockerknecht\programme\autodesk\backburner\server.exe | 
"{B99378FD-2163-44CA-8BFC-7A08BF07D5C4}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | 
"{BCBBE0FF-A40B-4D7A-839A-F297208A15AC}" = protocol=6 | dir=in | app=d:\zockerknecht\games\starcraft ii\starcraft ii.exe | 
"{C1FF3F0B-73DB-4A4B-865E-15F11D92F229}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C247B99B-2F41-4583-9D2B-8272E1A80D86}" = protocol=17 | dir=in | app=d:\zockerknecht\games\steam\steamapps\common\empire total war\empire.exe | 
"{C7CF17D7-FB65-49F1-A0AF-E37F4404166B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{CC7C9908-8270-4192-B5A4-AEBB726A10D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D0A63C12-5C8E-412D-9AF3-5D7BA735AECF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D979E46B-63B9-40A3-8FC0-0BB6463647E9}" = protocol=17 | dir=in | app=d:\zockerknecht\games\starcraft\starcraft.exe | 
"{DA7D62E8-F5BD-45D5-B311-6519FDEDA762}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"{DCBF318D-FE06-4F68-8E0D-3D99AC2F2EF2}" = protocol=6 | dir=in | app=d:\zockerknecht\games\steam\steam.exe | 
"{E0A95C44-6D60-4C70-964D-27F1D05C9F2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E254DAE1-F1E9-439C-B311-FA0F9330E61A}" = protocol=6 | dir=in | app=d:\zockerknecht\games\starcraft ii\support\blizzarddownloader.exe | 
"{E7C63335-B423-4484-8E61-56DDBEB938AA}" = protocol=17 | dir=in | app=d:\zockerknecht\games\starcraft ii\versions\base15405\sc2.exe | 
"{E7D10C84-1E87-4A8B-B20A-07F55E0858D7}" = protocol=6 | dir=in | app=d:\zockerknecht\games\steam\steamapps\common\empire total war\empire.exe | 
"{E8ED46FB-34AE-45E1-9911-8499AC930F01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB5B03A1-460C-4A89-879A-A04619EC5AA8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{EBC5E556-2024-4CFF-877A-48A912BB5B65}" = protocol=6 | dir=in | app=d:\zockerknecht\programme\autodesk\backburner\manager.exe | 
"{F42168C2-586B-430B-A3BC-9C46563AF6AF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F5339707-7DBD-445F-91A4-6E6E1E78F778}" = protocol=6 | dir=out | app=system | 
"{F64FBE51-89E5-44F0-9BDA-6AF27BA7F1E5}" = protocol=6 | dir=in | app=d:\zockerknecht\games\ubisoft\il-2 sturmovik 1946\il2fb.exe | 
"{F827859D-DEE2-4621-A3B3-848013D985C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FAC1C5C6-03A0-4851-AC97-44B5E2ED2976}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{FB3EC54F-3F06-49CF-9931-152409F2F723}" = protocol=17 | dir=in | app=d:\zockerknecht\games\starcraft ii\support\blizzarddownloader.exe | 
"{FBE8A88B-CB66-435B-9607-0BBFADBEFB49}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{FBF534C1-8EF8-41FD-B335-1538B681B18B}" = protocol=6 | dir=in | app=d:\zockerknecht\games\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{FF5A0346-9E86-4729-BBA5-8B3F3CF5237E}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"TCP Query User{0D5D529B-AAED-40A5-986F-383DB6675E0C}D:\zockerknecht\games\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=d:\zockerknecht\games\quake iii arena\quake3.exe | 
"TCP Query User{165DB643-929E-4B8C-B344-D1CC0FCFADC9}D:\zockerknecht\games\505games\1c\men of war\mow.exe" = protocol=6 | dir=in | app=d:\zockerknecht\games\505games\1c\men of war\mow.exe | 
"TCP Query User{315E70C8-D525-450C-B717-006D345AC8D7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{40A55EB4-36BC-461C-84B4-E0B9301AA456}C:\program files (x86)\twonky\twonkymanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkymanager.exe | 
"TCP Query User{430F0010-7AD6-4C15-95D4-1F39CB93CE6F}D:\zockerknecht\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\zockerknecht\programme\trillian\trillian.exe | 
"TCP Query User{47CDEB92-DB95-420C-BFFD-D956D595843F}D:\zockerknecht\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\zockerknecht\programme\trillian\trillian.exe | 
"TCP Query User{4993D114-64A1-4E89-A354-AAA499254167}D:\zockerknecht\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\zockerknecht\games\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{4BC6958D-FA97-4DA0-88B3-EDF6EB303060}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{6E0CB03D-20AF-406B-8D84-C08AA80858A2}D:\zockerknecht\programme\g6 ftp server\g6ftpsrv.exe" = protocol=6 | dir=in | app=d:\zockerknecht\programme\g6 ftp server\g6ftpsrv.exe | 
"TCP Query User{7477653F-B74D-4023-BA7C-A3586339623B}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{8DD753D3-3D82-4762-B4BB-EDD0EDB4205F}D:\zockerknecht\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\zockerknecht\programme\mirc\mirc.exe | 
"TCP Query User{97DBD164-1464-45B7-8D66-4FB16FA32D4A}D:\zockerknecht\games\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\zockerknecht\games\starcraft\starcraft.exe | 
"TCP Query User{9EE0CFA4-C41C-46C1-A7DC-EEBD57950591}D:\zockerknecht\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\zockerknecht\games\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{A9E408F9-3255-4635-80A5-1AA28306F588}D:\zockerknecht\games\505games\1c\men of war\mow.exe" = protocol=6 | dir=in | app=d:\zockerknecht\games\505games\1c\men of war\mow.exe | 
"TCP Query User{D40CED26-67D0-4511-A7BD-6494BA752A3D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{E26D66CD-66DC-4434-80D0-996D79F27A36}C:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe | 
"TCP Query User{E456B70F-C299-4BF9-B7FA-144B09462A1F}D:\zockerknecht\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\zockerknecht\programme\mirc\mirc.exe | 
"TCP Query User{EEAEF6D7-2100-4CDD-8983-856464DB2C65}D:\zockerknecht\games\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\zockerknecht\games\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{F0323EA3-217A-48BF-9597-CFABED4F4543}D:\zockerknecht\games\ubisoft\il-2 sturmovik 1946\il2fb.exe" = protocol=6 | dir=in | app=d:\zockerknecht\games\ubisoft\il-2 sturmovik 1946\il2fb.exe | 
"UDP Query User{083DAECA-1537-4269-9177-E3CA501EE9E8}D:\zockerknecht\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\zockerknecht\programme\mirc\mirc.exe | 
"UDP Query User{3277A63D-35EE-406C-BE5E-90D860140DA5}D:\zockerknecht\games\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\zockerknecht\games\starcraft\starcraft.exe | 
"UDP Query User{3C3F14C2-48BC-422A-A396-2030C223C6B5}D:\zockerknecht\games\ubisoft\il-2 sturmovik 1946\il2fb.exe" = protocol=17 | dir=in | app=d:\zockerknecht\games\ubisoft\il-2 sturmovik 1946\il2fb.exe | 
"UDP Query User{4A82957C-C53E-4A65-9A69-18D80422DEA4}D:\zockerknecht\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\zockerknecht\programme\trillian\trillian.exe | 
"UDP Query User{507F2EA2-059E-45B3-8C85-510900B9CDCC}C:\program files (x86)\twonky\twonkymanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkymanager.exe | 
"UDP Query User{540F03FE-2332-41CE-982A-FCEA5E3FB373}D:\zockerknecht\games\505games\1c\men of war\mow.exe" = protocol=17 | dir=in | app=d:\zockerknecht\games\505games\1c\men of war\mow.exe | 
"UDP Query User{5D2D557E-CD2F-4114-A1BD-9572226D442D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{667FFA2E-C36F-440F-8832-5E2FC9D58133}D:\zockerknecht\games\505games\1c\men of war\mow.exe" = protocol=17 | dir=in | app=d:\zockerknecht\games\505games\1c\men of war\mow.exe | 
"UDP Query User{8152C03E-4741-4C5F-9847-C15080AAF9DD}D:\zockerknecht\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\zockerknecht\games\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{82899399-2EB1-43A5-BC36-43F515B1683B}D:\zockerknecht\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\zockerknecht\programme\trillian\trillian.exe | 
"UDP Query User{8792D537-DF6F-4FCD-96DF-E3C2BB302CD7}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{9D02D7C0-7A45-4634-AB50-09E3C0C60D04}D:\zockerknecht\games\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\zockerknecht\games\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{9FE0EF4B-B576-4871-8665-DDF6F661BAD5}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{ADFB46AB-282B-4989-9690-153FD6B9C8CF}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{AEC63E3C-C409-489C-B46E-87BF13161627}D:\zockerknecht\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\zockerknecht\games\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{CC9AA87A-91D5-4E54-ABC5-E922C21E0001}D:\zockerknecht\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\zockerknecht\programme\mirc\mirc.exe | 
"UDP Query User{DCE7BA5A-7E33-4FA3-89C0-2D15F9A3DEDC}D:\zockerknecht\programme\g6 ftp server\g6ftpsrv.exe" = protocol=17 | dir=in | app=d:\zockerknecht\programme\g6 ftp server\g6ftpsrv.exe | 
"UDP Query User{F6E52292-B74E-47AC-90C4-9BEF42B15F7D}D:\zockerknecht\games\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=d:\zockerknecht\games\quake iii arena\quake3.exe | 
"UDP Query User{FA1A3A4B-04AB-4A44-8D8F-762F4A3E0579}C:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{20140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 (Beta)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F113377-0BA1-4552-9ABB-9BF220FAF132}" = SolidWorks 2011 x64 Edition SP0
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5BD1364B-58D6-0407-8633-9B8E8D0AD52F}" = Autodesk 3ds Max 2009 64-bit ProMaterials™ Library
"{5ECFC170-8934-4D31-8374-0837288D6AE3}" = SolidWorks eDrawings 2011 x64 Edition SP0
"{5F590D74-AA75-410F-A778-3CDFCE12DCD4}" = SolidWorks Explorer 2011 SP0 x64 Edition
"{70AC9B8B-5DC4-4E5E-964B-2A695D157FCB}" = Sun VirtualBox
"{722B4A13-F24D-43AE-8813-5DB82C0B23C2}" = HP Photosmart Wireless B109n-z All-In-One Driver 13.0 Rel .6
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7D0751A-3F16-0407-9F9B-FF3DC390F139}" = Autodesk 3ds Max 2009 64-Bit Vault 2008 Plug-In
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CD853BA5-AA85-0407-85DC-A805D779DCA8}" = Autodesk 3ds Max 2009 64-bit Additional Maps and Material Libraries
"{CEF0C5DA-21C5-4FA7-AD05-5D21C525543C}" = SolidWorks 2011 x64 German Resources
"{EC2280DF-BBAF-0407-9359-BCCD15545FFB}" = Autodesk 3ds Max 2009 64-Bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA3E35E2-F088-0407-A563-C96430FF73F6}" = Autodesk 3ds Max 2009 64-Bit Vault 2009 Plug-In
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.0" = Update 1.11.3.0 for "Men of War"
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3C932270-F7AD-4B1C-B3C7-EA5204479B7F}" = AfterBurn 3.2a for 3ds Max R9 (32 bit)
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{668811DB-025F-45DA-9E2B-7D5B33FEC508}" = HyperLobby client
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8466940C-84D8-484C-B1E3-C2E4D73FD5DD}" = PS_AIO_06_B109n-z_SW_Min
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DiminHotkeys" = DIMIN Hotkeys (remove only)
"EAGLE 5.7.0" = EAGLE 5.7.0
"ESN Sonar-0.70.4" = ESN Sonar
"ExposurePlot_is1" = ExposurePlot 1.13
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"FreePDF_XP" = FreePDF (Remove only)
"Frontplatten Designer" = Frontplatten Designer
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Opera 12.00.1467" = Opera 12.00
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SolidWorks Installation Manager 20110-40000-1100-100" = SolidWorks 2011 x64 Edition SP0
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 57900" = Duke Nukem Forever
"Streamripper" = Streamripper (Remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TunerPro RT_is1" = TunerPro RT v5.00
"TunerPro_is1" = TunerPro v5.00
"TwonkyManager" = TwonkyManager
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"V-Ray for 3dsmax R9 for x86" = V-Ray for 3dsmax R9 for x86
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"phase-6-compendio" = phase-6-compendio 2.2.0c
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2011 05:58:41 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 05:58:41 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 05:58:41 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 05:58:42 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 05:58:42 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 05:58:42 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 05:58:51 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 05:58:52 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 05:58:55 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 05:59:07 | Computer Name = Eistee | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Media Center Events ]
Error - 12.05.2012 05:45:32 | Computer Name = Eistee | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 12.05.2012 05:54:21 | Computer Name = Eistee | Source = Microsoft-Windows-Media Center Extender | ID = 544
Description = 
 
[ System Events ]
Error - 17.07.2012 13:39:19 | Computer Name = Eistee | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.07.2012 13:39:22 | Computer Name = Eistee | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.07.2012 13:39:25 | Computer Name = Eistee | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.07.2012 13:39:28 | Computer Name = Eistee | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.07.2012 13:39:32 | Computer Name = Eistee | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.07.2012 13:39:35 | Computer Name = Eistee | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 18.07.2012 11:21:04 | Computer Name = Eistee | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 18.07.2012 11:21:04 | Computer Name = Eistee | Source = Ntfs | ID = 262281
Description = Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 18.07.2012 14:01:16 | Computer Name = Eistee | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 18.07.2012 14:01:16 | Computer Name = Eistee | Source = Ntfs | ID = 262281
Description = Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
 
< End of report >

3. CCleaner

Code:

3DMark 11	Futuremark Corporation	05.04.2012		1.0.3
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen	Adobe Systems Incorporated	13.12.2009	1.171MB	1.0
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	22.12.2009		10.0.42.34
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	15.07.2012	6,00MB	11.3.300.265
Adobe Flash Player 9 ActiveX	Adobe Systems, Inc.	13.12.2009	2,66MB	9.0.45.0
Adobe Photoshop Lightroom 2.7 64-bit	Adobe	05.09.2010	111,1MB	2.7
Adobe Reader 9.3.4 - Deutsch	Adobe Systems Incorporated	30.08.2010	241MB	9.3.4
AfterBurn 3.2a for 3ds Max R9 (32 bit)		14.12.2009		
Autodesk 3ds Max 2009 64-Bit	Autodesk	30.01.2012	650MB	11.0
Autodesk 3ds Max 2009 64-bit Additional Maps and Material Libraries	Autodesk	30.01.2012	91,0MB	11.0
Autodesk 3ds Max 2009 64-bit ProMaterials™ Library	Autodesk	30.01.2012	319MB	11.0
Autodesk 3ds Max 2009 64-Bit Vault 2008 Plug-In	Autodesk	30.01.2012	0,56MB	11.0
Autodesk 3ds Max 2009 64-Bit Vault 2009 Plug-In	Autodesk	30.01.2012	0,57MB	11.0
Autodesk DWF Viewer 7	Autodesk, Inc.	13.12.2009	42,3MB	7.0.0
Avira Free Antivirus	Avira	11.05.2012	108,8MB	12.0.0.1125
Backburner	Discreet	13.12.2009	7,62MB	2007.0
Battlefield 3™	Electronic Arts	07.06.2012		1.3.0.0
Battlelog Web Plugins	EA Digital Illusions CE AB	08.06.2012		1.122.0
CCleaner	Piriform	18.02.2012		3.15
CDBurnerXP	CDBurnerXP	20.10.2011	12,2MB	4.3.8.2568
CDex - Open Source Digital Audio CD Extractor	Georgy Berdyshev	01.08.2010		1.70.4.2009
ContentSAFER for Wizmax		13.12.2009		
DIMIN Hotkeys (remove only)		15.12.2009		
Duke Nukem Forever	Gearbox Software	09.09.2011		
EAGLE 5.7.0	CadSoft Computer GmbH	17.03.2010		5.7.0
Empire: Total War	The Creative Assembly	23.01.2011		
ESN Sonar	ESN Social Software AB	08.06.2012		0.70.4
ExposurePlot 1.13	Paul van Andel	12.01.2010		
FBX Plugin 2006.08 for Max 9.0		14.12.2009		
FBX Plugin 2009.0 for Max 2009		30.01.2012		
FBX Plugin 2009.0 for Max 2009 64		30.01.2012		
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	27.10.2010	8,11MB	
Free YouTube to MP3 Converter version 3.9	DVDVideoSoft Limited.	27.10.2010	32,2MB	
FreePDF (Remove only)		20.04.2010		
Frontplatten Designer	Schaeffer AG	01.04.2010		4.00
Futuremark SystemInfo	Futuremark Corporation	05.04.2012		4.6.0
GPL Ghostscript 8.71		20.04.2010		
Hitman Blood Money	Eidos	21.03.2011		1.00.0000
HP Photosmart Wireless B109n-z All-In-One Driver 13.0 Rel .6	HP	20.12.2009		13.0
HyperLobby client	Jiri Fojtasek	09.06.2010	1,94MB	4.2.3
Java(TM) 6 Update 30 (64-bit)	Oracle	02.02.2012	91,8MB	6.0.300
Java(TM) 6 Update 33	Oracle	24.06.2012	95,7MB	6.0.330
Java(TM) 7 Update 2 (64-bit)	Oracle	19.09.2011	93,5MB	7.0.20
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	15.07.2012	18,8MB	1.62.0.1300
Men of War (Remove Only)	505games	04.02.2010		1.11.3.0
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	02.02.2012	38,8MB	4.0.30320
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	02.02.2012	2,94MB	4.0.30320
Microsoft .NET Framework 4 Extended	Microsoft Corporation	02.02.2012	52,0MB	4.0.30320
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	02.02.2012	10,7MB	4.0.30320
Microsoft .NET Framework 4 Multi-Targeting Pack	Microsoft Corporation	09.07.2010	83,5MB	4.0.30319
Microsoft Help Viewer 1.0	Microsoft Corporation	09.07.2010	3,97MB	1.0.30319
Microsoft Help Viewer 1.0 Language Pack - DEU	Microsoft Corporation	09.07.2010	1,95MB	1.0.30319
Microsoft IntelliPoint 8.1	Microsoft	19.04.2011		8.15.406.0
Microsoft Office 2003 Web Components	Microsoft Corporation	02.02.2012	29,5MB	12.0.4518.1014
Microsoft Office Professional Edition 2003	Microsoft Corporation	19.01.2010	207MB	11.0.7969.0
Microsoft SQL Server 2008 R2 Management Objects	Microsoft Corporation	09.07.2010	17,1MB	10.50.1447.4
Microsoft SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	09.07.2010	3,69MB	3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 DEU	Microsoft Corporation	09.07.2010	4,81MB	3.5.8080.0
Microsoft SQL Server System CLR Types	Microsoft Corporation	09.07.2010	2,55MB	10.50.1447.4
Microsoft Visual Basic 2010 Express - DEU	Microsoft Corporation	09.07.2010		10.0.30319
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.08.2010	2,70MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	30.01.2012	0,69MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	02.02.2012	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	09.09.2011	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	13.12.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	02.02.2012	0,23MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974	Microsoft Corporation	09.07.2010	0,58MB	9.0.30729.4974
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	04.10.2011	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319	Microsoft Corporation	09.07.2010	33,0MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	04.10.2011	11,1MB	10.0.40219
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU	Microsoft Corporation	02.02.2012		
Microsoft Visual Studio 2005 Tools for Applications - ENU	Microsoft Corporation	02.02.2012		
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools	Microsoft Corporation	09.07.2010	35,3MB	10.0.30319
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU	Microsoft Corporation	09.07.2010	4,32MB	10.0.30319
Microsoft WSE 3.0 Runtime	Microsoft Corp.	30.01.2012	0,92MB	3.0.5305.0
Mozilla Firefox (3.6.3)	Mozilla	14.04.2010		3.6.3 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	20.12.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	22.12.2009	1,33MB	4.20.9876.0
NVIDIA Grafiktreiber 295.73	NVIDIA Corporation	24.02.2012		295.73
Opera 12.00	Opera Software ASA	13.06.2012		12.00.1467
Origin	Electronic Arts, Inc.	06.06.2012		8.6.0.357
phase-6-compendio 2.2.0c	phase-6	15.07.2012		2.2.0c
PunkBuster Services	Even Balance, Inc.	07.06.2012		0.991
QuickTime	Apple Inc.	05.04.2010	73,8MB	7.66.71.0
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	27.09.2011		6.0.1.6433
RedMon - Redirection Port Monitor		20.04.2010		
Skype™ 5.10	Skype Technologies S.A.	30.06.2012	19,4MB	5.10.114
SolidWorks 2011 x64 Edition SP0	SolidWorks Corporation	02.02.2012		19.0.0.5019
StarCraft	Blizzard Entertainment	24.06.2010		
StarCraft II	Blizzard Entertainment	25.03.2011		1.3.0.18092
Steam	Valve Corporation	11.03.2010	1,49MB	1.0.0.0
Streamripper (Remove only)		09.03.2010		
Sun VirtualBox	Sun Microsystems, Inc.	08.03.2010	98,8MB	3.1.4
TeamSpeak 3 Client	TeamSpeak Systems GmbH	04.08.2010		
TunerPro RT v5.00		09.04.2011	5,75MB	
TunerPro v5.00		09.04.2011	4,16MB	
Twonky Windows Components	PacketVideo	11.05.2012	1,54MB	3.0.1
TwonkyManager	PacketVideo	11.05.2012		3.0.394
Uninstall 1.0.0.1		27.10.2010	10,6MB	
V-Ray for 3dsmax R9 for x86	Chaos Group Ltd	15.12.2009		1.5.RC3
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	09.07.2010	11,2MB	4.0.8080.0
VLC media player 1.1.11	VideoLAN	14.12.2011		1.1.11
Winamp	Nullsoft, Inc	13.12.2009		5.56 
WinRAR		13.12.2009		
µTorrent		22.09.2011		3.0.0

4. Hijackthis

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:43:53, on 18.07.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: phase-6 Reminder.lnk = D:\Zockerknecht\Programme\phase-6\phase-6-compendio\reminder\reminder.exe
O4 - Global Startup: TwonkyServer.lnk = C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - D:\Zockerknecht\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TwonkyProxy - Unknown owner - C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
O23 - Service: TwonkyWebDav - Unknown owner - C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8634 bytes

Ich hoffe das hilft.

Gruss Silent Deatz

**kira** · 18.07.2012, 20:43

besteht den Verdacht, dass es sich hier bei Produkte um illegale Software-Downloads handelt:

Code:

D:\$RECYCLE.BIN\S-1-5-21-3256770825-3266176267-2289779369-1001\$RJ8NJLV.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\$RECYCLE.BIN\S-1-5-21-3256770825-3266176267-2289779369-1001\$RTTWZO9\Superscan2.06KETHER.exe (Backdoor.IRCbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Eselchen\Downloads\ALPlugin-1.0.2.4-setup.exe (Trojan.AntiLeechPlugin) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Eselchen\Downloads\O_O_BlueCon_XXL_-_Admin_Suite.exe (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Eselchen\Downloads\!!!Wichtig!!!\Programme\Keyfinder\keyfinder.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

->Worauf musst Du während der Bereinigung achten?

Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, weil ja durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung*
Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können
Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, wir dürfen Dir nicht weiter helfen. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:->Worauf musst Du während der Bereinigung achten?
Also Du kannst Dir viel Ärger und unnötige Zeitverschwendung ersparen, indem du dein System und auch die externe potenziell verseuchte Platte, USB-Stick etc formatiers und Windows (ohne Cracks & Keygens) neu installierst! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...

**Silent Deatz** · 18.07.2012, 21:30

Habe dir eine PN geschrieben, kann es aber auch gerne hier posten.

Gruss Silent Deatz

**kira** · 19.07.2012, 04:40

ich habe dein thema noch nicht geschloßen, weil eben jeder verdient eine zweite chance, eine erklärung abzugeben. das program keyfinder ist so eine sache, wofür man verwenden kann, ist mir klar. man kann es zu positiven als auch zu manipulativen zwecken nutzen, daher ein solches thema sehen wir hier überhaupt nicht gerne! das malwarebytes "ck"= abkürzung "crack" gefunden hat, kann einiges erklären
aber gut... wir können gerne weiter machen, du mußt selber wissen, was du tust und dafür die verantwortung zu tragen.

Systemreinigung und Prüfung:

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten-> `Do a system scan only`--> Einträge auswählen-> Häckhen setzen-> "Fix checked"klicken->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

2.

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript (unverändert inkl. :OTL):

Code:

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b49a4257-e8f7-11de-a6f2-00241d7ea5ad}\Shell - "" = AutoRun
O33 - MountPoints2\{b49a4257-e8f7-11de-a6f2-00241d7ea5ad}\Shell\AutoRun\command - "" = F:\setup.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Adobe Reader aktualisieren :
Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen!
Adobe Reader
oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 5 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

5.
Öffne CCleaner - Anleitung CCleaner

"Cleaner"->"Analysieren"->Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"-> "Fehler beheben"->"Alle beheben"
Starte dein System neu auf

6.
Tipps (unabhängig davon ob man ihn benutzt oder nicht, muss gepfegt werden!):
->Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
Systemreinigung und Prüfung:
Anleitung:-> Grundreinigung mit SUPERAntiSpyware
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.

8.
♦ Schon seit langem gehört "Worm.Win32.Autorun" zu den beliebtesten Verbreitungswegen von Viren, sollte man daher, die auf dem Speichermedium gesicherten Daten (wie USB-Stick/Festplatte und andere) zeitweise prüfen lassen
-> Ext anschließbare Geräte (um die gesicherten Daten zu prüfen) miteinbeziehen:
♦ Also schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

9.
ESET Online Scanner
Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von Eset:

Achtung!:
Keinen andere Virenscanner auf Deinem PC installieren, sondern dein PC NUR online scannen!!!
♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von:

► Eset/Nod32 bitte auswählen!!!-> Link und Anleitung zum ESET/NOD32 online Scanner-> Kostenlose Online Scanner

♦ Protokoll speichern und posten

10.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7)

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

**Silent Deatz** · 19.07.2012, 05:12

Dann würde ich sehr gerne weitermachen. Ich musste meine Lektion schon vor wenigen Jahren lernen. Es hat damals schon sehr geschmerzt und nochmal habe ich auf sowas kieine Lust.

**Silent Deatz** · 22.07.2012, 20:41

Update: Heute konnte ich endlich mal weitermachen.

Hier die Logs:

OTL

Code:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b49a4257-e8f7-11de-a6f2-00241d7ea5ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b49a4257-e8f7-11de-a6f2-00241d7ea5ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b49a4257-e8f7-11de-a6f2-00241d7ea5ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b49a4257-e8f7-11de-a6f2-00241d7ea5ad}\ not found.
File F:\setup.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Silent Deatz\Desktop\cmd.bat deleted successfully.
C:\Users\Silent Deatz\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1-EISTEE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: Silent Deatz
->Temp folder emptied: 1401176738 bytes
->Temporary Internet Files folder emptied: 25098304 bytes
->Java cache emptied: 13664432 bytes
->FireFox cache emptied: 27752213 bytes
->Opera cache emptied: 21950944 bytes
->Flash cache emptied: 158295 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 360155695 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 736 bytes
RecycleBin emptied: 49240302555 bytes
 
Total Files Cleaned = 48.724,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07192012_193318

Files\Folders moved on Reboot...
C:\Users\Silent Deatz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Silent Deatz\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

SUPERAntispyware

Code:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/22/2012 at 09:26 PM

Application Version : 5.5.1012

Core Rules Database Version : 8939
Trace Rules Database Version: 6751

Scan type       : Complete Scan
Total Scan Time : 01:30:15

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 513
Memory threats detected   : 0
Registry items scanned    : 69411
Registry threats detected : 0
File items scanned        : 86641
File threats detected     : 35

Adware.Tracking Cookie
	C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Cookies\5TVW1SQ2.txt [ /atdmt.com ]
	C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Cookies\FWMK0924.txt [ /track.effiliation.com ]
	C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Cookies\B5JS0ZGN.txt [ /fastclick.net ]
	C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Cookies\P8M98REB.txt [ /ad.zanox.com ]
	C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Cookies\VK01J1MG.txt [ /apmebf.com ]
	C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Cookies\P02D2HNO.txt [ /track.effiliation.com ]
	C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Cookies\5DM1MB3Q.txt [ /mediaplex.com ]
	C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Cookies\ZQILUPU0.txt [ /zanox.com ]
	C:\Users\Silent Deatz\AppData\Roaming\Microsoft\Windows\Cookies\XA3RGCQ0.txt [ /c.atdmt.com ]
	C:\USERS\SILENT DEATZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\4VXJA1V0.txt [ Cookie:silent deatz@doubleclick.net/ ]
	C:\USERS\SILENT DEATZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\VDFHSLAW.txt [ Cookie:silent deatz@apmebf.com/ ]
	C:\USERS\SILENT DEATZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\QVYWDZO5.txt [ Cookie:silent deatz@mediaplex.com/ ]
	C:\USERS\SILENT DEATZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\PFS1LKYI.txt [ Cookie:silent deatz@imrworldwide.com/cgi-bin ]
	C:\USERS\SILENT DEATZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\SKTXXMN3.txt [ Cookie:silent deatz@c.atdmt.com/ ]
	C:\USERS\SILENT DEATZ\Cookies\FWMK0924.txt [ Cookie:silent deatz@track.effiliation.com/ ]
	C:\USERS\SILENT DEATZ\Cookies\B5JS0ZGN.txt [ Cookie:silent deatz@fastclick.net/ ]
	C:\USERS\SILENT DEATZ\Cookies\P8M98REB.txt [ Cookie:silent deatz@ad.zanox.com/ ]
	C:\USERS\SILENT DEATZ\Cookies\VK01J1MG.txt [ Cookie:silent deatz@apmebf.com/ ]
	C:\USERS\SILENT DEATZ\Cookies\5DM1MB3Q.txt [ Cookie:silent deatz@mediaplex.com/ ]
	C:\USERS\SILENT DEATZ\Cookies\ZQILUPU0.txt [ Cookie:silent deatz@zanox.com/ ]
	C:\USERS\SILENT DEATZ\Cookies\XA3RGCQ0.txt [ Cookie:silent deatz@c.atdmt.com/ ]
	ia.media-imdb.com [ C:\USERS\SILENT DEATZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SJH4DCJ7 ]

Trojan.Agent/Gen-Faker
	D:\ZOCKERKNECHT\GAMES\UBISOFT\IL-2 STURMOVIK 1946\HYPERLOBBY CLIENT\HYPERLOBBY.EXE
	C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HYPERLOBBY CLIENT\HYPERLOBBY CLIENT.LNK
	C:\USERS\PUBLIC\DESKTOP\HYPERLOBBY CLIENT.LNK

Trojan.Agent/Gen-Downloader
	D:\ESELCHEN\DOWNLOADS\!!!WICHTIG!!!\PROGRAMME\ANALOGVU.EXE
	D:\ESELCHEN\DOWNLOADS\!!!WICHTIG!!!\PROGRAMME\COM-PORT_WINAMP_CONTROL_V13.EXE

Trojan.Agent/Gen-Bancos
	D:\ZOCKERKNECHT\PROGRAMME\GFI\LANGUARD NETWORK SECURITY SCANNER 5.0\CABBER.DLL

Trojan.Agent/Gen-FakeAlert
	D:\ZOCKERKNECHT\PROGRAMME\GFI\LANGUARD NETWORK SECURITY SCANNER 5.0\DOWNLOADSIMPORTER.EXE
	D:\ZOCKERKNECHT\PROGRAMME\GFI\LANGUARD NETWORK SECURITY SCANNER 5.0\IMPEX.EXE
	D:\ZOCKERKNECHT\PROGRAMME\GFI\LANGUARD NETWORK SECURITY SCANNER 5.0\LNSSCMD.EXE
	D:\ZOCKERKNECHT\PROGRAMME\GFI\LANGUARD NETWORK SECURITY SCANNER 5.0\SQLAUDIT.EXE
	D:\ZOCKERKNECHT\PROGRAMME\GFI\LANGUARD NETWORK SECURITY SCANNER 5.0\TRACEROUTE.EXE
	D:\ZOCKERKNECHT\PROGRAMME\GFI\LANGUARD NETWORK SECURITY SCANNER 5.0\UPDATE.EXE

Heur.Agent/Gen-WhiteBox
	D:\ZOCKERKNECHT\PROGRAMME\LAVASOFT\AD-AWARE 6\UNWISE.EXE

Hijacksthis

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:33:10, on 22.07.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: phase-6 Reminder.lnk = D:\Zockerknecht\Programme\phase-6\phase-6-compendio\reminder\reminder.exe
O4 - Global Startup: TwonkyServer.lnk = C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - D:\Zockerknecht\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TwonkyProxy - Unknown owner - C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
O23 - Service: TwonkyWebDav - Unknown owner - C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8509 bytes

Punkt 9 habe ich ausgelassen, da ich ehrlich gesagt einem Online Virenscanner nicht traue - wenn der aber 100% sicher ist, dann werde ich das wohl nachholen.

War/Ist jetzt eigentlich ein rootkit auf meinem Rechner? Oder war das ein Fehlalarm?

Danke für die Hilfe

Gruss
Silent Deatz

**kira** · 22.07.2012, 22:17

Zitat von Silent Deatz

Punkt 9 habe ich ausgelassen, da ich ehrlich gesagt einem Online Virenscanner nicht traue - wenn der aber 100% sicher ist, dann werde ich das wohl nachholen.

ich schon, Eset ist ein sehr gute Scanner, ich würde dich dazu raten es zu laufen lassen.

Zitat von Silent Deatz

War/Ist jetzt eigentlich ein rootkit auf meinem Rechner? Oder war das ein Fehlalarm?
Danke für die Hilfe

bis jetzt kein Spur aufgetaucht, aber eben ein Rootkit ist unsichtbar, sonst wäre nicht Rootkit

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten-> `Do a system scan only`--> Einträge auswählen-> Häckhen setzen-> "Fix checked"klicken->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

2.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7)

3.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

**Silent Deatz** · 23.07.2012, 19:00

Update:

Highjackthis

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:05, on 23.07.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - Startup: phase-6 Reminder.lnk = D:\Zockerknecht\Programme\phase-6\phase-6-compendio\reminder\reminder.exe
O4 - Global Startup: TwonkyServer.lnk = C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - D:\Zockerknecht\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TwonkyProxy - Unknown owner - C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
O23 - Service: TwonkyWebDav - Unknown owner - C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8479 bytes

aswBMR

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-23 19:11:24
-----------------------------
19:11:24.282    OS Version: Windows x64 6.1.7601 Service Pack 1
19:11:24.282    Number of processors: 4 586 0x502
19:11:24.283    ComputerName: EISTEE  UserName: 
19:11:25.177    Initialize success
19:11:43.313    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:11:43.318    Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953869MB BusType: 3
19:11:43.323    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
19:11:43.328    Disk 1 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3
19:11:43.380    Disk 1 MBR read successfully
19:11:43.386    Disk 1 MBR scan
19:11:43.392    Disk 1 Windows 7 default MBR code
19:11:43.406    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63
19:11:43.505    Disk 1 scanning C:\Windows\system32\drivers
19:12:35.750    Service scanning
19:13:07.662    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:13:18.801    Modules scanning
19:13:18.816    Disk 1 trace - called modules:
19:13:18.832    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006b5c2c0]<<spog.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
19:13:18.847    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007cf3060]
19:13:18.863    3 CLASSPNP.SYS[fffff88001b9743f] -> nt!IofCallDriver -> [0xfffffa8007973670]
19:13:18.863    5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0xfffffa8007a1b060]
19:13:18.879    \Driver\atapi[0xfffffa80079674d0] -> IRP_MJ_CREATE -> 0xfffffa8006b5c2c0
19:13:18.879    Scan finished successfully
19:14:03.900    Disk 1 MBR has been saved successfully to "C:\Users\Silent Deatz\Desktop\MBR.dat"
19:14:03.916    The log file has been saved successfully to "C:\Users\Silent Deatz\Desktop\aswMBR.txt"

Gleich kommen noch die Logfiles vom Laptop meiner Freundin

Thema: Verdacht auf Rootkit / Mebroot

Themen-Optionen

Verdacht auf Rootkit / Mebroot

AW: Verdacht auf Rootkit / Mebroot

AW: Verdacht auf Rootkit / Mebroot

AW: Verdacht auf Rootkit / Mebroot

AW: Verdacht auf Rootkit / Mebroot

AW: Verdacht auf Rootkit / Mebroot

AW: Verdacht auf Rootkit / Mebroot

AW: Verdacht auf Rootkit / Mebroot

AW: Verdacht auf Rootkit / Mebroot

AW: Verdacht auf Rootkit / Mebroot

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

Windows XP Verdacht auf Rootkit und/oder andere Malware

Windows XP Boot.MeBroot auf Externer Festplatte

Rootkit-Verdacht

Verdacht auf schwerwiegenden virus/rootkit

Berechtigungen