Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Möglicherweise Trojaner eingefangen

Möglicherweise Trojaner eingefangen


Plagegeister aller Art und deren Bekämpfung: Möglicherweise Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.07.2011, 15:39   #1
Tompson
 
Möglicherweise Trojaner eingefangen - Standard

Möglicherweise Trojaner eingefangen


Hallo,
Habe folgendes Problem: (Benutze Windows Vista: Homepremium (SP1))
Surfe gerade durchs Web, als der Browser(T-Onlinebrowser 6.0) sich beim öffnen einer Seite plötzlich aufhängt. Ich versuche natürlich mit Strg+Alt+Entf den Taskmanager aufzurufen, was aber nicht geht (Nur Browser eingefroren nicht Desktop). Stattdessen verhält sich die Tastatur so als wenn ich die Windows Taste gedrückt halten würde (Als ich e drückte öffnete sich das Computer fenster, etc.). Ich habe mich anschließend auf meinen Administrations Acc
angemeldet (Ich surfe nur von einem Gast-Konto), und erst mal mit Avira gescannt aber nichts gefunden. Vieleicht könntet ihr mal einen Blick auf meine Logs werfen.

OTL:
(Erwähnenswert: OTL ist bei der Datei Tcpip.sys kurz hängen geblieben.)

Was mir als Laie noch auffält sind die Ungewöhnlichen Seiten die unter
C:\Windows\System32\drivers\etc\hosts gelistet sind, da sie unter
Localhost angegeben werden.

Code:
ATTFilter
OTL logfile created on: 01.07.2011 15:36:39 - Run 2
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\Gast\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,26% Memory free
6,19 Gb Paging File | 5,10 Gb Available in Paging File | 82,47% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,97 Gb Total Space | 141,75 Gb Free Space | 15,54% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 13,60 Gb Free Space | 69,63% Space Free | Partition Type: FAT32
Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TOM-PC | User Name: Gast | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.01 15:14:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe
PRC - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009.12.01 15:55:10 | 000,066,560 | ---- | M] (tzuk) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2009.10.28 16:19:22 | 002,211,328 | ---- | M] (mobile concepts GmbH) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2009.10.20 01:11:52 | 000,616,712 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.08.05 16:48:52 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.09 20:23:34 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.12 14:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.09.12 14:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.01 15:14:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (GoogleDesktopManager-051210-111108)
SRV - [2011.06.05 16:00:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.12.17 09:32:52 | 002,850,296 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010.03.23 16:15:58 | 000,704,760 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.01 15:55:10 | 000,066,560 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009.10.28 16:19:22 | 002,211,328 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2009.08.05 16:48:52 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.09 20:23:34 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.12 14:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.05.02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.09.19 08:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010.02.26 18:33:56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.16 23:03:04 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.02.16 23:03:03 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.12.08 15:07:19 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.01 15:55:10 | 000,119,296 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.09.16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009.06.09 20:23:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.03 18:26:47 | 000,137,344 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2009.05.03 18:26:42 | 000,009,472 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lemsgt.sys -- (lemsgt)
DRV - [2009.04.27 18:59:51 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.01 14:32:20 | 000,082,272 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008.09.22 20:10:00 | 007,400,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.06 16:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.02.29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.01.23 15:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007.01.23 15:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006.11.02 10:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.10.09 15:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.25 11:29:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.25 11:29:07 | 000,000,000 | ---D | M]
 
[2009.11.19 21:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gast\AppData\Roaming\mozilla\Extensions
[2011.06.26 21:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gast\AppData\Roaming\mozilla\Firefox\Profiles\y9ejzp3v.default\extensions
[2011.01.11 18:57:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gast\AppData\Roaming\mozilla\Firefox\Profiles\y9ejzp3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.25 11:29:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Gast\AppData\Roaming\mozilla\Firefox\Profiles\y9ejzp3v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.26 21:30:19 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Gast\AppData\Roaming\mozilla\Firefox\Profiles\y9ejzp3v.default\extensions\foxyproxy@eric.h.jung
[2011.06.30 23:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.13 21:40:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.02 22:32:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.30 23:48:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2009.12.01 23:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.01.13 21:40:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.02 22:32:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.30 23:48:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9EJZP3V.DEFAULT\EXTENSIONS\{4093C4DE-454A-4329-8AFF-C6B0B123C386}.XPI
() (No name found) -- C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9EJZP3V.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9EJZP3V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9EJZP3V.DEFAULT\EXTENSIONS\{D5EA4520-61A1-11DA-8CD6-0800200C9A66}.XPI
() (No name found) -- C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9EJZP3V.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9EJZP3V.DEFAULT\EXTENSIONS\ASNUMBER@NETWORX.CH.XPI
() (No name found) -- C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9EJZP3V.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
() (No name found) -- C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9EJZP3V.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.09 14:22:35 | 000,432,353 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14884 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Desktop Search]  File not found
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gast\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gast\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.11.21 19:26:21 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- [2006.02.27 16:17:52 | 001,662,976 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.01 15:14:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe
[2011.07.01 00:36:41 | 000,388,096 | ---- | C] (Trend Micro Inc.) -- C:\Users\Gast\Desktop\HiJackThis.exe
[2011.06.30 23:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.06.23 14:55:12 | 000,000,000 | ---D | C] -- C:\Users\Gast\Desktop\Neuer Ordner (5)
[2011.06.21 18:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.06.21 18:16:20 | 000,000,000 | ---D | C] -- C:\Users\Gast\Desktop\101_PANA
[2011.06.21 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\Gast\Desktop\100_PANA
[2011.06.19 20:02:59 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\six-updater
[2011.06.19 20:02:55 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\six-zsync
[2011.06.19 20:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
[2011.06.19 19:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\SIX Projects
[2011.06.17 23:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\voodoo camera tracker
[2011.06.17 23:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\voodoo camera tracker
[2011.06.14 14:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2011.06.14 14:58:56 | 000,307,200 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe
[2011.06.14 14:58:43 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\FreeFLVConverter
[2011.06.14 14:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2011.06.14 14:54:54 | 000,000,000 | ---D | C] -- C:\Users\Gast\Desktop\Neuer Ordner (16)
[2011.06.12 22:36:52 | 000,000,000 | ---D | C] -- C:\Users\Gast\Desktop\Neuer Ordner (9)
[2011.06.10 13:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.06.10 13:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.06.07 21:44:10 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\RenPy
[2011.06.07 21:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\Katawa Shoujo
[2011.06.04 13:17:20 | 000,000,000 | ---D | C] -- C:\Users\Gast\Desktop\Neuer Ordner (7)
[2011.06.04 02:32:29 | 000,000,000 | ---D | C] -- C:\Users\Gast\Desktop\Neuer Ordner (5)3
[2011.06.01 23:46:09 | 000,000,000 | ---D | C] -- C:\tmp
[2011.06.01 23:44:19 | 000,000,000 | ---D | C] -- C:\Users\Gast\.thumbnails
[2011.06.01 23:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2011.06.01 23:43:47 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Blender Foundation
[2011.06.01 23:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.01 15:16:49 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.01 15:16:49 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.01 15:16:49 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.01 15:16:49 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.01 15:14:46 | 000,302,592 | ---- | M] () -- C:\Users\Gast\Desktop\2wfk3unf.exe
[2011.07.01 15:14:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe
[2011.07.01 15:10:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.01 15:10:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.01 15:10:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.01 15:08:15 | 000,000,176 | ---- | M] () -- C:\Users\Gast\defogger_reenable
[2011.07.01 15:06:28 | 000,050,477 | ---- | M] () -- C:\Users\Gast\Desktop\Defogger.exe
[2011.06.30 17:13:47 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.06.29 20:23:01 | 000,001,682 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.06.26 15:15:27 | 000,140,024 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.06.26 15:15:20 | 000,280,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.06.26 15:13:19 | 000,281,208 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.06.26 03:00:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job
[2011.06.25 11:29:10 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.06.21 18:27:47 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.06.21 18:23:10 | 021,022,914 | ---- | M] () -- C:\Users\Gast\Documents\vlc-1.1.10-win32.exe
[2011.06.19 20:00:57 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater - GUI.lnk
[2011.06.18 15:31:00 | 000,001,620 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.06.17 20:11:23 | 000,001,804 | ---- | M] () -- C:\Users\Gast\Documents\mcedit.ini
[2011.06.15 21:22:35 | 000,010,240 | ---- | M] () -- C:\Users\Gast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.14 15:56:29 | 000,000,088 | RHS- | M] () -- C:\ProgramData\FA368D41DF.sys
[2011.06.13 02:50:41 | 000,000,779 | ---- | M] () -- C:\Users\Gast\Desktop\crimesquad - Verknüpfung.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.01 15:14:45 | 000,302,592 | ---- | C] () -- C:\Users\Gast\Desktop\2wfk3unf.exe
[2011.07.01 15:08:03 | 000,000,176 | ---- | C] () -- C:\Users\Gast\defogger_reenable
[2011.07.01 15:06:26 | 000,050,477 | ---- | C] () -- C:\Users\Gast\Desktop\Defogger.exe
[2011.06.25 11:29:10 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.06.25 11:29:09 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.06.21 18:27:47 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.06.21 18:22:46 | 021,022,914 | ---- | C] () -- C:\Users\Gast\Documents\vlc-1.1.10-win32.exe
[2011.06.19 20:00:57 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater - GUI.lnk
[2011.06.14 14:58:55 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx
[2011.06.14 14:58:55 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb
[2011.06.14 14:58:55 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx
[2011.06.13 02:50:41 | 000,000,779 | ---- | C] () -- C:\Users\Gast\Desktop\crimesquad - Verknüpfung.lnk
[2011.05.23 20:39:49 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.06.24 18:46:58 | 000,200,758 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2010.05.08 11:05:59 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.05.03 19:15:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.03.31 21:33:35 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.31 21:33:35 | 000,000,088 | RHS- | C] () -- C:\ProgramData\FA368D41DF.sys
[2010.02.26 18:23:38 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.02.26 15:01:10 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.02.16 23:03:04 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.02.16 23:03:03 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.12.08 17:26:44 | 000,001,620 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009.12.08 16:31:59 | 000,000,820 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.10 18:16:29 | 000,001,356 | ---- | C] () -- C:\Users\Gast\AppData\Local\d3d9caps.dat
[2009.10.15 15:00:06 | 000,022,328 | ---- | C] () -- C:\Users\Gast\AppData\Roaming\PnkBstrK.sys
[2009.09.06 19:02:03 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.09.06 19:01:40 | 000,000,752 | ---- | C] () -- C:\Windows\disney.ini
[2009.08.29 19:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI
[2009.08.12 17:22:14 | 000,010,240 | ---- | C] () -- C:\Users\Gast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.12 16:55:31 | 000,000,092 | ---- | C] () -- C:\Users\Gast\AppData\Local\fusioncache.dat
[2009.08.02 01:47:52 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009.07.30 23:30:47 | 000,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2009.07.15 20:35:18 | 000,140,024 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.07.15 20:34:47 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.07.15 20:34:47 | 000,280,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.07.15 20:34:47 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.06.13 15:07:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\demoanalyzer.dll
[2009.06.13 15:07:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\demoanalyzer.exe
[2009.06.07 13:10:54 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.06.07 13:10:54 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.06.02 10:26:02 | 000,080,384 | ---- | C] () -- C:\Windows\gamedelete.exe
[2009.05.03 18:26:47 | 000,137,344 | ---- | C] () -- C:\Windows\System32\drivers\hwpsgt.sys
[2009.05.03 18:26:42 | 000,009,472 | ---- | C] () -- C:\Windows\System32\drivers\lemsgt.sys
[2009.03.10 20:50:17 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE
[2009.03.10 20:11:10 | 000,000,284 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.02.14 23:08:46 | 000,692,224 | ---- | C] () -- C:\Windows\System32\bsrmgcv.dll
[2009.02.14 23:08:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\bsrmgps.dll
[2009.02.14 23:08:38 | 000,585,728 | ---- | C] () -- C:\Windows\System32\bsratswf.dll
[2009.02.14 23:08:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\bsratwmv.dll
[2009.02.14 12:02:43 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2009.02.14 12:02:39 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2009.02.14 12:02:38 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2008.12.23 15:51:00 | 000,000,321 | ---- | C] () -- C:\Windows\game.ini
[2008.11.06 08:43:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.20 18:57:22 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.10.20 18:57:22 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.10.20 18:57:22 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.10.20 18:57:22 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.10.18 01:15:48 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.10.18 01:15:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,316,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2004.12.20 12:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.12.20 12:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[1998.10.11 01:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2011.04.26 10:02:26 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\.minecraft
[2009.11.15 16:08:08 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\AntMe
[2010.07.31 12:45:00 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Ashampoo
[2010.10.31 15:11:57 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Bioshock
[2011.04.01 19:22:24 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Bioshock2
[2011.06.01 23:43:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Blender Foundation
[2010.08.04 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Braid
[2010.12.11 01:27:42 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Chan Thread Watch
[2011.04.16 18:56:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Clonk
[2009.11.29 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Crayon Physics Deluxe
[2009.12.30 15:25:39 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\CrypTool
[2010.10.13 16:55:00 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools
[2010.02.26 19:34:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools Lite
[2010.02.26 19:03:10 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools Pro
[2011.06.14 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\FreeFLVConverter
[2011.01.15 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\GetRightToGo
[2010.04.11 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Mumble(PR Edition)
[2010.08.28 04:32:09 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\MyVideoDownloader
[2010.12.13 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Polynomial
[2011.06.07 21:44:10 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\RenPy
[2011.06.19 20:09:24 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\six-updater
[2011.06.19 20:02:55 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\six-zsync
[2009.11.07 00:02:41 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\SPORE
[2009.11.29 01:54:32 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Subversion
[2009.08.12 17:21:48 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\T-Online
[2011.04.01 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TeamViewer
[2010.07.15 22:30:56 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\The Path
[2009.10.27 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Tropico 3 Demo
[2010.10.09 13:41:26 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Tunngle
[2010.05.14 18:27:44 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Ubisoft
[2011.04.25 18:26:53 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\wargaming.net
[2011.04.02 17:46:43 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\WinterVoicesDemo
[2009.10.23 17:07:29 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ZT
[2011.06.26 03:00:00 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\Crysis Wars(R) Updates.job
[2011.07.01 15:08:59 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 507 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >





Und hier HjackThis:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:47:42, on 01.07.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Gast\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3350384370-524927610-208654866-501\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10785 bytes

Als ich versuchte GMER zu starten, ist er beim ersten scan eingefroren und
beim zweiten versuch hab ich einen Bluscreen bekommen.
Geändert von Tompson (01.07.2011 um 15:45 Uhr)

Alt 01.07.2011, 15:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Möglicherweise Trojaner eingefangen - Standard

Möglicherweise Trojaner eingefangen


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Antwort

Themen zu Möglicherweise Trojaner eingefangen
alternate, antivir, antivir guard, avira, bho, bluscreen, browser, computer, conduit, cyberghost, desktop, document, eingefroren, emsisoft, emsisoft anti-malware, error, excel.exe, firefox, hijack, hkus\s-1-5-18, hängen, hängt, intranet, logfile, nvlddmkm.sys, picasa, plug-in, problem, realtek, registry, safer networking, searchplugins, security, senden, software, sptd.sys, start menu, starten, system, taskmanager, trojaner, trojaner eingefangen, vista, windows


« Ist mein PC jetzt sauber? | Hotmail versendet ungewollt Spammails an Kontaktliste »


Ähnliche Themen: Möglicherweise Trojaner eingefangen


  1. Ich habe mir möglicherweise einen Trojaner eingefangen beim öffnen eines ZIP Files als Mail Anhang
    Log-Analyse und Auswertung - 22.09.2015 (5)
  2. Ich habe mir möglicherweise einen Trojaner eingefangen beim öffnen eines ZIP Files als Mail Anhang
    Log-Analyse und Auswertung - 16.09.2015 (6)
  3. SpyHunter 4 - Unbekannte Objektausführung - möglicherweise Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.07.2015 (9)
  4. Möglicherweise DHL-Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.06.2015 (11)
  5. Habe möglicherweise einen Virus / Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.06.2015 (3)
  6. Möglicherweise Trojaner eingefangen...?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (15)
  7. Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.11.2014 (16)
  8. Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen
    Log-Analyse und Auswertung - 20.11.2014 (3)
  9. SpamMail Telekom, möglicherweise Trojaner im System
    Mülltonne - 04.06.2014 (2)
  10. Win7 PC Systhem extrem langsam - möglicherweise Trojaner
    Log-Analyse und Auswertung - 15.01.2014 (12)
  11. Möglicherweise etwas eingefangen?
    Log-Analyse und Auswertung - 14.05.2013 (2)
  12. IBUpdaterService - möglicherweise ein Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (1)
  13. Möglicherweise Trojaner? http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (26)
  14. Möglicherweise Trojaner über Java-Update etc.?
    Log-Analyse und Auswertung - 21.09.2010 (7)
  15. Möglicherweise Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 16.04.2010 (4)
  16. Möglicherweise Trojaner?
    Log-Analyse und Auswertung - 21.03.2009 (1)
  17. Möglicherweise DNSChanger eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 20.03.2009 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Möglicherweise Trojaner eingefangen - Hallo, Habe folgendes Problem: (Benutze Windows Vista: Homepremium (SP1)) Surfe gerade durchs Web, als der Browser(T-Onlinebrowser 6.0) sich beim öffnen einer Seite plötzlich aufhängt. Ich versuche natürlich mit Strg+Alt+Entf den - Möglicherweise Trojaner eingefangen...
Archiv
Du betrachtest: Möglicherweise Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131