kein erreichen mehr von microsoft Seiten PUM.Bad.Proxy

littleTED · 02.07.2011, 17:31

Hallo,
bin schon den ganzen tag dabei mich durch Foren zu prügeln aber komme einfach nicht weiter . Habe mir bei Java was eingefangen und es erstmal ignoriert auf meinem recher gelassen. Doch nun bekomme ich keine microsoft seiten mehr rein und mein Internetexplorer findet gar nichts mehr . Malwarebytes drüber laufen lassen im abgesichteren modus alles gelöscht doch :

PUM.Bad.Proxy
RegistryValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxiServer

ist geblieben .Finde einfach nichts wie ich das runter bekomme und als ich mir ein paar Threads durchgelesen habe habe es viele auf unterschiedliche methoden gemacht mit aber eher spärlichem erfolg^^

Hab langsam die befürchtung das es ne Menge aufwand sein muss es los zu werden .
Dazu kommt das ich mit Windows 7 noch nicht o fit bin wie damals mit xp

vielleicht hat ja jemand nen Gedanken
grüsse und danke im vorraus,

mfg TED

littleTED · 02.07.2011, 17:34

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:09, on 02.07.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\admin\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59414
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4e96a807-e547-43a8-85c3-c9175399da66}: NameServer = 62.220.18.8 89.246.64.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{4e96a807-e547-43a8-85c3-c9175399da66}: NameServer = 62.220.18.8 89.246.64.8
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7486 bytes

--- --- ---

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7003

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.07.2011 18:34:15
mbam-log-2011-07-02 (18-34-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163812
Laufzeit: 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

littleTED · 02.07.2011, 18:05

Sorry habe das mit Hi jack this zu spät gelesen das man es nichtmehr posten soll

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.07.2011 18:59:51 - Run 1
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\admin\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,78% Memory free
8,00 Gb Paging File | 6,21 Gb Available in Paging File | 77,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,69 Gb Total Space | 99,95 Gb Free Space | 57,88% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 73,82 Gb Free Space | 25,20% Space Free | Partition Type: NTFS
Drive E: | 594,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 465,65 Gb Total Space | 15,76 Gb Free Space | 3,38% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.02 18:57:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.04.30 21:14:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.22 07:23:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.21 15:34:21 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.11.28 09:23:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.06.28 10:02:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.04.28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.02 18:57:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 03:16:15 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\IME\SPTIP.DLL
MOD - [2009.07.14 03:16:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Speech\SpeechUX\SpeechUXPS.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.04 19:15:58 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.30 21:14:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.22 07:23:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.21 15:34:21 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.04.16 17:47:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.28 09:23:37 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.01.28 16:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FD 6A 22 B9 09 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59414
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.29 22:46:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.29 22:46:09 | 000,000,000 | ---D | M]
 
[2010.06.12 02:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2011.07.02 01:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\bgaor931.default\extensions
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\bgaor931.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\bgaor931.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.03 15:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\bgaor931.default\extensions\toolbar@web.de
[2011.07.01 20:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.29 22:46:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.09.29 10:55:44 | 000,000,052 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{97ca8e1e-625f-11e0-b590-e0cb4ecfef19}\Shell - "" = AutoRun
O33 - MountPoints2\{97ca8e1e-625f-11e0-b590-e0cb4ecfef19}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{ae08f9c9-759c-11df-98b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ae08f9c9-759c-11df-98b4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2004.12.09 18:39:03 | 001,147,584 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.02 18:15:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.07.02 14:31:24 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2011.07.02 14:31:01 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.02 14:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.02 14:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.02 14:30:58 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.02 14:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.02 00:30:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011.07.02 00:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WORLD OF WARCRAFT
[2011.07.01 23:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011.07.01 23:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011.07.01 23:10:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.07.01 23:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.07.01 22:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.06.29 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Wyhiif
[2011.06.29 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Feuvhe
[2011.06.29 19:51:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.06.07 15:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2011.06.06 02:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.02 17:49:07 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.02 17:49:07 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.02 17:45:59 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.02 17:45:59 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.02 17:45:59 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.02 17:45:59 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.02 17:45:59 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.02 17:41:46 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011.07.02 17:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.02 17:41:29 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.02 14:31:01 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.02 12:33:43 | 000,000,134 | ---- | M] () -- C:\Users\admin\Desktop\Internet Explorer-Problembehebung.url
[2011.07.02 00:30:10 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.07.01 23:10:21 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.01 22:56:44 | 000,006,276 | ---- | M] () -- C:\Users\admin\Documents\cc_20110701_225641.reg
[2011.07.01 17:57:30 | 000,001,648 | ---- | M] () -- C:\Users\admin\Documents\T4EPlayer.conf
[2011.06.29 22:04:08 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.29 21:44:57 | 000,002,136 | ---- | M] () -- C:\Users\admin\AppData\Roaming\105E.5E7
[2011.06.19 02:09:42 | 000,000,059 | ---- | M] () -- C:\Users\admin\Desktop\High Quality MP3.URL
[2011.06.07 15:48:00 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011.06.06 02:43:29 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.06.06 02:39:18 | 020,533,281 | ---- | M] () -- C:\Users\admin\Documents\vlc-1.1.9-win32.exe
 
========== Files Created - No Company Name ==========
 
[2011.07.02 14:31:01 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.02 12:33:43 | 000,000,134 | ---- | C] () -- C:\Users\admin\Desktop\Internet Explorer-Problembehebung.url
[2011.07.02 00:30:10 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.07.01 23:10:21 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.01 22:56:42 | 000,006,276 | ---- | C] () -- C:\Users\admin\Documents\cc_20110701_225641.reg
[2011.06.29 21:41:36 | 000,002,136 | ---- | C] () -- C:\Users\admin\AppData\Roaming\105E.5E7
[2011.06.19 02:09:42 | 000,000,059 | ---- | C] () -- C:\Users\admin\Desktop\High Quality MP3.URL
[2011.06.06 02:43:29 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.06.06 02:39:05 | 020,533,281 | ---- | C] () -- C:\Users\admin\Documents\vlc-1.1.9-win32.exe
[2011.04.16 17:55:08 | 000,000,994 | ---- | C] () -- C:\Windows\eReg.dat
[2011.02.27 15:50:34 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.02.27 15:50:34 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.02.27 15:50:34 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.02.24 19:06:04 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.02.21 15:34:06 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.21 15:34:04 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.21 15:34:03 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.01.27 23:02:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.12 02:03:23 | 000,007,597 | ---- | C] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg
[2010.06.11 23:21:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.06.11 23:21:49 | 000,022,995 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011.04.16 17:50:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2010.06.14 11:05:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.02 12:32:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Feuvhe
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GetRightToGo
[2011.05.28 12:04:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\go
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0
[2011.07.01 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\RIFT
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TS3Client
[2011.07.02 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Wyhiif
[2009.07.14 07:08:49 | 000,028,098 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

kira · 02.07.2011, 21:23

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus

im Internet Explorer::-> Ändern von Proxyeinstellungen in Internet Explorer
über das Menü Extras-> Internetoptionen-> Verbindungen-> den Unterpunkt LAN-Einstellungen

Code:

ATTFilter

 "ProxyServer" = http=127.0.0.1:59414

2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

3.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

4.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

5.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...

6.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

7.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

8.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

littleTED · 02.07.2011, 21:34

schönen dank Kira ich werde mich bemühen morgen punkt für punkt alles abzuarbeiten.

schönen dank schonmal

kira · 02.07.2011, 22:14

Okay, also bis dann...

littleTED · 03.07.2011, 11:04

Guten Morgen so Vollständiger Suchlauf wurde absolviert

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7010

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.07.2011 12:03:12
mbam-log-2011-07-03 (12-03-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 364003
Laufzeit: 44 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

littleTED · 03.07.2011, 11:15

nach der reinigung:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:12, on 03.07.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\admin\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4e96a807-e547-43a8-85c3-c9175399da66}: NameServer = 62.220.18.8 89.246.64.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{4e96a807-e547-43a8-85c3-c9175399da66}: NameServer = 62.220.18.8 89.246.64.8
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6827 bytes

--- --- ---

littleTED · 03.07.2011, 11:17

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

C:\System Volume Information 
C:\Windows 
C:\pagefile.sys 
C:\hiberfil.sys 
C:\ProgramData 
C:\Program Files (x86) 
C:\Program Files 
C:\$Recycle.Bin 
C:\Users 
C:\Folder.jpg 
C:\AlbumArtSmall.jpg 
C:\Wecker.mp3 
C:\Windows.old 
C:\NVIDIA 
C:\Recovery 
C:\Programme 
C:\Dokumente und Einstellungen 
C:\Documents and Settings 
C:\PerfLogs 
----------------------------------------

 
C:\Windows

C:\Windows\setupact.log 
C:\Windows\WindowsUpdate.log 
C:\Windows\bootstat.dat 
C:\Windows\ntbtlog.txt 
C:\Windows\PFRO.log 
C:\Windows\IE9_main.log 
C:\Windows\setuperr.log 
C:\Windows\eReg.dat 
C:\Windows\game.ini 
C:\Windows\Language_trs.ini 
C:\Windows\Ascd_tmp.ini 
C:\Windows\explorer.exe 
C:\Windows\win.ini 
C:\Windows\WindowsShell.Manifest 
C:\Windows\write.exe 
C:\Windows\splwow64.exe 
C:\Windows\regedit.exe 
C:\Windows\notepad.exe 
C:\Windows\hh.exe 
C:\Windows\HelpPane.exe 
C:\Windows\fveupdate.exe 
C:\Windows\bfsvc.exe 
C:\Windows\twain_32.dll 
C:\Windows\winhlp32.exe 
C:\Windows\twunk_32.exe 
C:\Windows\mib.bin 
C:\Windows\twunk_16.exe 
C:\Windows\twain.dll 
C:\Windows\system.ini 
C:\Windows\WMSysPr9.prx 
C:\Windows\msdfmap.ini 
C:\Windows\Starter.xml 
C:\Windows\Professional.xml 
C:\Windows\difxapi.dll 
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

C:\Windows\system32\config 
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 
C:\Windows\system32\perfc009.dat 
C:\Windows\system32\perfh009.dat 
C:\Windows\system32\perfc007.dat 
C:\Windows\system32\perfh007.dat 
C:\Windows\system32\PerfStringBackup.INI 
C:\Windows\system32\drivers 
C:\Windows\system32\NDF 
C:\Windows\system32\Tasks 
C:\Windows\system32\javaws.exe 
C:\Windows\system32\javaw.exe 
C:\Windows\system32\java.exe 
C:\Windows\system32\deployJava1.dll 
C:\Windows\system32\wdi 
C:\Windows\system32\wbem 
C:\Windows\system32\AdvancedInstallers 
C:\Windows\system32\ar-SA 
C:\Windows\system32\bg-BG 
C:\Windows\system32\Boot 
C:\Windows\system32\catroot2 
C:\Windows\system32\catroot 
C:\Windows\system32\CodeIntegrity 
C:\Windows\system32\com 
C:\Windows\system32\cs-CZ 
C:\Windows\system32\da-DK 
C:\Windows\system32\de-DE 
C:\Windows\system32\de 
C:\Windows\system32\Dism 
C:\Windows\system32\DriverStore 
C:\Windows\system32\el-GR 
C:\Windows\system32\en-US 
C:\Windows\system32\es-ES 
C:\Windows\system32\et-EE 
C:\Windows\system32\fi-FI 
C:\Windows\system32\fr-FR 
C:\Windows\system32\he-IL 
C:\Windows\system32\hu-HU 
C:\Windows\system32\hr-HR 
C:\Windows\system32\ias 
C:\Windows\system32\icsxml 
C:\Windows\system32\IME 
C:\Windows\system32\ja-JP 
C:\Windows\system32\it-IT 
C:\Windows\system32\ko-KR 
C:\Windows\system32\lv-LV 
C:\Windows\system32\manifeststore 
C:\Windows\system32\lt-LT 
C:\Windows\system32\Microsoft 
C:\Windows\system32\migration 
C:\Windows\system32\migwiz 
C:\Windows\system32\Msdtc 
C:\Windows\system32\MUI 
C:\Windows\system32\nb-NO 
C:\Windows\system32\NetworkList 
C:\Windows\system32\nl-NL 
C:\Windows\system32\oobe 
C:\Windows\system32\pl-PL 
C:\Windows\system32\Printing_Admin_Scripts 
C:\Windows\system32\pt-BR 
C:\Windows\system32\pt-PT 
C:\Windows\system32\ras 
C:\Windows\system32\restore 
C:\Windows\system32\ro-RO 
C:\Windows\system32\ru-RU 
C:\Windows\system32\Setup 
C:\Windows\system32\slmgr 
C:\Windows\system32\sl-SI 
C:\Windows\system32\sk-SK 
C:\Windows\system32\SMI 
C:\Windows\system32\Speech 
C:\Windows\system32\spp 
C:\Windows\system32\spool 
C:\Windows\system32\sr-Latn-CS 
C:\Windows\system32\sppui 
C:\Windows\system32\sv-SE 
C:\Windows\system32\sysprep 
C:\Windows\system32\th-TH 
C:\Windows\system32\tr-TR 
C:\Windows\system32\uk-UA 
C:\Windows\system32\WCN 
C:\Windows\system32\WindowsPowerShell 
C:\Windows\system32\WinBioPlugIns 
C:\Windows\system32\winrm 
C:\Windows\system32\zh-HK 
C:\Windows\system32\zh-CN 
C:\Windows\system32\zh-TW 
C:\Windows\system32\FNTCACHE.DAT 
C:\Windows\system32\appmgmt 
C:\Windows\system32\MpSigStub.exe 
C:\Windows\system32\LogFiles 
C:\Windows\system32\MRT.exe 
C:\Windows\system32\wininet.dll 
C:\Windows\system32\urlmon.dll 
C:\Windows\system32\mstime.dll 
C:\Windows\system32\mshtmled.dll 
C:\Windows\system32\mshtml.dll 
C:\Windows\system32\msfeedsbs.dll 
C:\Windows\system32\msfeeds.dll 
----------------------------------------

 
C:\Windows\Prefetch

C:\Windows\Prefetch\CMD.EXE-4A81B364.pf 
C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf 
C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf 
C:\Windows\Prefetch\WINRAR.EXE-D8B532BF.pf 
C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf 
C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf 
C:\Windows\Prefetch\AVWSC.EXE-9DE67EBB.pf 
C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf 
C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf 
C:\Windows\Prefetch\NOTEPAD.EXE-1605FA5B.pf 
C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf 
C:\Windows\Prefetch\RAREXTLOADER.EXE-8405D981.pf 
C:\Windows\Prefetch\HIJACKTHIS204.EXE-143A86D1.pf 
C:\Windows\Prefetch\AgGlFgAppHistory.db 
C:\Windows\Prefetch\AgGlFaultHistory.db 
C:\Windows\Prefetch\AgGlGlobalHistory.db 
C:\Windows\Prefetch\AgRobust.db 
C:\Windows\Prefetch\GUARDGUI.EXE-BDAEFB77.pf 
C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf 
C:\Windows\Prefetch\SKYPE.EXE-E71BF59F.pf 
C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf 
C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf 
C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-F1B02F03.pf 
C:\Windows\Prefetch\MBAM.EXE-80210E2F.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf 
C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf 
C:\Windows\Prefetch\VLC.EXE-CC6F4A79.pf 
C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2038193583-226478478-1123904628-1000.db 
C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2038193583-226478478-1123904628-1000.db 
C:\Windows\Prefetch\Layout.ini 
C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf 
C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf 
C:\Windows\Prefetch\PING.EXE-7E94E73E.pf 
C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf 
C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf 
C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf 
C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf 
C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf 
C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf 
C:\Windows\Prefetch\MPCMDRUN.EXE-F401FBB4.pf 
C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf 
C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf 
C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf 
C:\Windows\Prefetch\T4EPLAYER.EXE-FF94DD8D.pf 
C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf 
C:\Windows\Prefetch\HON.EXE-303D2D92.pf 
C:\Windows\Prefetch\FROZEN THRONE.EXE-37DA562E.pf 
C:\Windows\Prefetch\WAR3.EXE-89D12B63.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-D76427DA.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-DC4CC644.pf 
C:\Windows\Prefetch\HON_UPDATE.EXE-9B221924.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-F0F434F9.pf 
C:\Windows\Prefetch\PREVHOST.EXE-4F1C4E0F.pf 
C:\Windows\Prefetch\NOTEPAD.EXE-86E0E9B9.pf 
C:\Windows\Prefetch\OTL.EXE-2B15BC94.pf 
C:\Windows\Prefetch\DLLHOST.EXE-9E4EA388.pf 
C:\Windows\Prefetch\MSCONFIG.EXE-3A52734E.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-A3E35360.pf 
C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf 
C:\Windows\Prefetch\COMBOFIX.EXE-F9DDAAD4.pf 
C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf 
C:\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf 
C:\Windows\Prefetch\ReadyBoot 
C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf 
C:\Windows\Prefetch\MBAMSERVICE.EXE-B55DB80C.pf 
C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf 
C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf 
C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf 
C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf 
C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-C775D18D.pf 
C:\Windows\Prefetch\PfSvPerfStats.bin 
C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf 
C:\Windows\Prefetch\ADOBEARM.EXE-7105D3A2.pf 
C:\Windows\Prefetch\READERUPDATER.EXE-D2BE3BA8.pf 
C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf 
C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf 
C:\Windows\Prefetch\MBAMGUI.EXE-1CA97248.pf 
C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf 
C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf 
C:\Windows\Prefetch\MBAM-SETUP-1.51.0.1200.TMP-00BF816F.pf 
C:\Windows\Prefetch\MBAM-SETUP-1.51.0.1200.EXE-2A6FDB8D.pf 
C:\Windows\Prefetch\MBAM-SETUP-1.51.0.1200.TMP-740C010A.pf 
C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf 
C:\Windows\Prefetch\DLLHOST.EXE-ECB71776.pf 
C:\Windows\Prefetch\STINGER10.2.0.146.EXE-433AD73D.pf 
C:\Windows\Prefetch\HELPPANE.EXE-FEDC965B.pf 
C:\Windows\Prefetch\IENRCORE.EXE-1F2C9A71.pf 
C:\Windows\Prefetch\IE9-WINDOWS7-X64-DEU.EXE-47257CB1.pf 
C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf 
C:\Windows\Prefetch\WOW-X.X.X.X-4.0.0.12911-UPDAT-165099D9.pf 
C:\Windows\Prefetch\WOW-X.X.X.X-4.0.0.12911-EU-DO-0BFB9FB4.pf 
C:\Windows\Prefetch\DLLHOST.EXE-7C2AA4A5.pf 
C:\Windows\Prefetch\DLLHOST.EXE-D22EEB48.pf 
C:\Windows\Prefetch\ALG.EXE-1D11534C.pf 
C:\Windows\Prefetch\WOW.EXE-69975A65.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-9CB89031.pf 
C:\Windows\Prefetch\NVCPLUI.EXE-7CA4CFE6.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-4A090AAA.pf 
C:\Windows\Prefetch\MAKECAB.EXE-0F1704A4.pf 
C:\Windows\Prefetch\ROUTE.EXE-5E3D06CB.pf 
C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf 
C:\Windows\Prefetch\MSDT.EXE-09841468.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-2646E0DB.pf 
C:\Windows\Prefetch\WOW-4.0.0-WOW-DEDE-INSTALLER.-5BBD15F4.pf 
C:\Windows\Prefetch\INSTALLER.EXE-B70E6310.pf 
C:\Windows\Prefetch\INSTALLER.EXE-9C6C07DE.pf 
C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf 
C:\Windows\Prefetch\MMC.EXE-D6ABE563.pf 
C:\Windows\Prefetch\DLLHOST.EXE-F2DCEF0D.pf 
C:\Windows\Prefetch\DLLHOST.EXE-040BC33A.pf 
C:\Windows\Prefetch\MSASCUI.EXE-07E0123F.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-2FDB7E14.pf 
C:\Windows\Prefetch\DLLHOST.EXE-7819DDC0.pf 
C:\Windows\Prefetch\PFPORTCHECKER.EXE-5A1F6769.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-AC464781.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-28BF826E.pf 
C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf 
C:\Windows\Prefetch\MPAS-D_BD1.EXE-97E29C40.pf 
C:\Windows\Prefetch\MPMINISIGSTUB.EXE-34269E49.pf 
C:\Windows\Prefetch\MPSIGSTUB.EXE-6CB27A06.pf 
C:\Windows\Prefetch\AITAGENT.EXE-DA3E7689.pf 
C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf 
C:\Windows\Prefetch\WOW-4.0.0-WOW-DEDE-INSTALLER.-1AC2E7D7.pf 
C:\Windows\Prefetch\MSIEXEC.EXE-E09A077A.pf 
C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf 
C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf 
C:\Windows\Prefetch\AgCx_SC1.db 
C:\Windows\Prefetch\AgCx_SC1.db.trx 
C:\Windows\Prefetch\AgCx_S1_S-1-5-21-2038193583-226478478-1123904628-1000.snp.db 
C:\Windows\Prefetch\AgAppLaunch.db 
----------------------------------------

 
C:\Windows\Tasks

C:\Windows\Tasks\SA.DAT 
C:\Windows\Tasks\SCHEDLGU.TXT 
----------------------------------------

 
C:\Windows\Temp

C:\Windows\Temp\MpCmdRun.log 
C:\Windows\Temp\lpksetup-20110702-174142-0.log 
C:\Windows\Temp\lpksetup-20110702-151135-0.log 
C:\Windows\Temp\MpSigStub.log 
C:\Windows\Temp\lpksetup-20110701-175226-0.log 
----------------------------------------

 
C:\Users\admin\AppData\Local\Temp

C:\Users\admin\AppData\Local\Temp\_foAD66.tmp
C:\Users\admin\AppData\Local\Temp\_fo2EC5.tmp
C:\Users\admin\AppData\Local\Temp\AdobeARM.log
C:\Users\admin\AppData\Local\Temp\WPDNSE
C:\Users\admin\AppData\Local\Temp\11223344556677889900112233445566
C:\Users\admin\AppData\Local\Temp\AdobeARM_NotLocked.log
C:\Users\admin\AppData\Local\Temp\tmpc72d1ac7
C:\Users\admin\AppData\Local\Temp\Blizzard Installer Temporary Data - 697cd920
C:\Users\admin\AppData\Local\Temp\msdt
C:\Users\admin\AppData\Local\Temp\Blizzard Installer Temporary Data - 92d9487b
C:\Users\admin\AppData\Local\Temp\Blizzard Installer Temporary Data - 4accc567
C:\Users\admin\AppData\Local\Temp\{0b5b226a-f654-4b0e-9d58-c9d23ecf876e}
C:\Users\admin\AppData\Local\Temp\Blizzard Installer Temporary Data - 1866b3a2
C:\Users\admin\AppData\Local\Temp\Blizzard Installer Temporary Data - 08a69aea
C:\Users\admin\AppData\Local\Temp\Blizzard Installer Temporary Data - dfbf756c
C:\Users\admin\AppData\Local\Temp\Blizzard Installer Temporary Data - dd1ab773
C:\Users\admin\AppData\Local\Temp\{67ed9f73-999c-4f9a-856e-939b19655c72}
C:\Users\admin\AppData\Local\Temp\hsperfdata_admin
C:\Users\admin\AppData\Local\Temp\java_install_reg.log
C:\Users\admin\AppData\Local\Temp\java_install.log
C:\Users\admin\AppData\Local\Temp\jusched.log
C:\Users\admin\AppData\Local\Temp\JAUReg.log
C:\Users\admin\AppData\Local\Temp\AUCHECK_PARSER.txt
C:\Users\admin\AppData\Local\Temp\_fo5928.tmp
C:\Users\admin\AppData\Local\Temp\fla4D01.tmp
C:\Users\admin\AppData\Local\Temp\fla4CE0.tmp
C:\Users\admin\AppData\Local\Temp\fla4C91.tmp
C:\Users\admin\AppData\Local\Temp\fla4C90.tmp
C:\Users\admin\AppData\Local\Temp\fla4C8F.tmp
C:\Users\admin\AppData\Local\Temp\fla4C60.tmp
C:\Users\admin\AppData\Local\Temp\fla6C35.tmp
C:\Users\admin\AppData\Local\Temp\fla3F29.tmp
C:\Users\admin\AppData\Local\Temp\fla3F09.tmp
C:\Users\admin\AppData\Local\Temp\fla3EBA.tmp
C:\Users\admin\AppData\Local\Temp\fla3EAA.tmp
C:\Users\admin\AppData\Local\Temp\fla3E89.tmp
C:\Users\admin\AppData\Local\Temp\fla3E88.tmp
C:\Users\admin\AppData\Local\Temp\plugtmp-1
C:\Users\admin\AppData\Local\Temp\fla3073.tmp
C:\Users\admin\AppData\Local\Temp\fla3072.tmp
C:\Users\admin\AppData\Local\Temp\fla3004.tmp
C:\Users\admin\AppData\Local\Temp\fla2FE3.tmp
C:\Users\admin\AppData\Local\Temp\fla2FB4.tmp
C:\Users\admin\AppData\Local\Temp\fla2F93.tmp
C:\Users\admin\AppData\Local\Temp\fla2F25.tmp
C:\Users\admin\AppData\Local\Temp\fla2F05.tmp
C:\Users\admin\AppData\Local\Temp\flaC0CD.tmp
C:\Users\admin\AppData\Local\Temp\fla812C.tmp
C:\Users\admin\AppData\Local\Temp\_fo6B77.tmp
C:\Users\admin\AppData\Local\Temp\Low
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt
----------------------------------------

 
C:\Program Files

C:\Program Files\Java 
C:\Program Files\Common Files 
C:\Program Files\DVD Maker 
C:\Program Files\Internet Explorer 
C:\Program Files\MSBuild 
C:\Program Files\NVIDIA Corporation 
C:\Program Files\Reference Assemblies 
C:\Program Files\TeamSpeak 3 Client 
C:\Program Files\Windows Defender 
C:\Program Files\Windows Journal 
C:\Program Files\Windows Mail 
C:\Program Files\Windows Media Player 
C:\Program Files\Windows NT 
C:\Program Files\Windows Photo Viewer 
C:\Program Files\Windows Sidebar 
C:\Program Files\Gemeinsame Dateien 
C:\Program Files\Windows Portable Devices 
C:\Program Files\Uninstall Information 
C:\Program Files\desktop.ini 
----------------------------------------

 
C:\ProgramData\.. 

admin    
Public    
Default    
Default User    
All Users    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

#       38.25.63.10     x.acme.com              # x client host
# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost

----------------------------------------



Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         3.264 K
smss.exe                       292 Services                   0         1.028 K
csrss.exe                      408 Services                   0         4.580 K
wininit.exe                    476 Services                   0         4.196 K
csrss.exe                      512 Console                    1        15.440 K
services.exe                   544 Services                   0        11.168 K
winlogon.exe                   576 Console                    1         6.588 K
lsass.exe                      604 Services                   0        10.544 K
lsm.exe                        612 Services                   0         4.068 K
svchost.exe                    716 Services                   0         8.296 K
avguard.exe                    776 Services                   0        16.144 K
avshadow.exe                   808 Services                   0         3.792 K
conhost.exe                    816 Services                   0         2.516 K
nvvsvc.exe                     960 Services                   0         4.452 K
svchost.exe                    988 Services                   0         8.192 K
svchost.exe                    352 Services                   0        25.080 K
svchost.exe                    344 Services                   0       190.248 K
svchost.exe                    732 Services                   0        39.916 K
svchost.exe                   1188 Services                   0        11.908 K
nvvsvc.exe                    1300 Console                    1         8.292 K
svchost.exe                   1384 Services                   0        17.000 K
spoolsv.exe                   1540 Services                   0         9.176 K
sched.exe                     1584 Services                   0         2.380 K
svchost.exe                   1604 Services                   0        18.748 K
nSvcAppFlt.exe                1820 Services                   0         5.384 K
hamachi-2.exe                 1856 Services                   0         7.692 K
PnkBstrA.exe                  1920 Services                   0         3.928 K
nvSCPAPISvr.exe               1992 Services                   0         4.740 K
svchost.exe                   2016 Services                   0         4.956 K
nSvcIp.exe                    1436 Services                   0         6.560 K
alg.exe                       2528 Services                   0         4.652 K
svchost.exe                   2588 Services                   0        10.528 K
dwm.exe                       2908 Console                    1        38.648 K
taskhost.exe                  2920 Console                    1        10.780 K
explorer.exe                  2972 Console                    1        79.832 K
VDeck.exe                      228 Console                    1         6.596 K
avgnt.exe                     2868 Console                    1         3.020 K
hamachi-2-ui.exe              3032 Console                    1         8.708 K
SearchIndexer.exe             3444 Services                   0        30.204 K
mbamservice.exe                368 Services                   0        36.912 K
svchost.exe                    360 Services                   0        38.820 K
firefox.exe                   4032 Console                    1        61.448 K
SearchProtocolHost.exe        2516 Services                   0         8.992 K
SearchFilterHost.exe          3280 Services                   0         7.492 K
cmd.exe                       3572 Console                    1         3.792 K
conhost.exe                   3204 Console                    1         6.092 K
dllhost.exe                   2696 Console                    1         6.436 K
tasklist.exe                  2288 Console                    1         5.860 K
WmiPrvSE.exe                  3360 Services                   0         6.508 K

 
***** Ende des Scans 03.07.2011 um 12:16:58,59 ***

littleTED · 03.07.2011, 11:20

Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 11.06.2010 6,00MB 10.1.53.64
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 11.06.2010 6,00MB 10.1.53.64
Adobe Reader 9.3.4 - Deutsch Adobe Systems Incorporated 03.09.2010 241,1MB 9.3.4
Avira AntiVir Personal - Free Antivirus Avira GmbH 22.06.2011 61,8MB 10.0.0.650
Call of Duty(R) 4 - Modern Warfare(TM) Activision 23.02.2011 2.281,4MB 1.00.0000
CCleaner Piriform 13.10.2010 2.36
Counter-Strike Valve 10.04.2011
Counter-Strike: Source Valve 19.02.2011
DAEMON Tools Lite DT Soft Ltd 15.04.2011 4.40.2.0131
E23_Wecker_V2 13.06.2010
Half-Life Valve 10.04.2011
Heroes of Newerth S2 Games 11.06.2010 1.0.0
Java(TM) 6 Update 26 (64-bit) Oracle 01.07.2011 6.0.260
JDownloader 0.9 AppWork GmbH 15.04.2011 0.9
LogMeIn Hamachi LogMeIn, Inc. 15.04.2011 2.0.3.111
Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation 01.07.2011 13,8MB 1.51.0.1200
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 29.11.2010 4.0.30319
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.06.2010 0,42MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 12.09.2010 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 02.04.2011 1,42MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.06.2010 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.06.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 11.03.2011 11,0MB 10.0.30319
Mozilla Firefox (3.6.6) Mozilla 27.06.2010 3.6.6 (de)
NVIDIA Display Control Panel NVIDIA Corporation 12.06.2010 6.14.11.9775
NVIDIA Drivers NVIDIA Corporation 12.06.2010 1.10.61.39
NVIDIA ForceWare Network Access Manager NVIDIA Corporation 10.06.2010 34,2MB 1.00.7316
NVIDIA PhysX NVIDIA Corporation 11.06.2010 79,9MB 9.10.0129
NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 11.06.2010 7.17.11.9775
PFPortChecker 1.0.36 Portforward.com 17.08.2010 1.0.36
PokerStars PokerStars 07.03.2011
PunkBuster Services Even Balance, Inc. 20.02.2011 0.989
Skype™ 5.3 Skype Technologies S.A. 30.06.2011 16,6MB 5.3.120
Steam Valve Corporation 19.02.2011 42,3MB 1.0.0.0
T4E Player Techno4ever.net 11.06.2010
TeamSpeak 2 RC2 Dominating Bytes Design 11.06.2010 2.0.32.60
TeamSpeak 3 Client TeamSpeak Systems GmbH 11.06.2010
TeamSpeak 3 Client TeamSpeak Systems GmbH 12.09.2010
TeamSpeak 3 Client TeamSpeak Systems GmbH 12.06.2010
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 10.06.2010 2,62MB 1.34
VLC media player 1.1.9 VideoLAN 05.06.2011 1.1.9
Warcraft III Blizzard Entertainment 28.05.2011
WinRAR 14.08.2010
World of Warcraft 01.07.2011

littleTED · 03.07.2011, 11:27

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.07.2011 12:23:53 - Run 2
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\admin\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 32,44% Memory free
8,00 Gb Paging File | 5,08 Gb Available in Paging File | 63,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,69 Gb Total Space | 98,81 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 73,82 Gb Free Space | 25,20% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 15,76 Gb Free Space | 3,38% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.02 18:57:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.30 21:14:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.22 07:23:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.21 15:34:21 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.11.28 09:23:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.06.28 10:02:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.04.28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.02 18:57:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.04 19:15:58 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.30 21:14:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.22 07:23:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.21 15:34:21 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.28 16:21:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.04.16 17:47:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.28 09:23:37 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.01.28 16:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FD 6A 22 B9 09 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59414
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.29 22:46:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.29 22:46:09 | 000,000,000 | ---D | M]
 
[2010.06.12 02:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2011.07.03 00:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\bgaor931.default\extensions
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\bgaor931.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\bgaor931.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.03 15:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\bgaor931.default\extensions\toolbar@web.de
[2011.07.03 00:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.29 22:46:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{97ca8e1e-625f-11e0-b590-e0cb4ecfef19}\Shell - "" = AutoRun
O33 - MountPoints2\{97ca8e1e-625f-11e0-b590-e0cb4ecfef19}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.02 18:15:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.07.02 14:31:24 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2011.07.02 14:31:01 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.02 14:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.02 14:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.02 14:30:58 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.02 14:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.02 00:30:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011.07.02 00:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WORLD OF WARCRAFT
[2011.07.01 23:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011.07.01 23:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011.07.01 23:10:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.07.01 23:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.07.01 22:59:57 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011.07.01 22:59:57 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.07.01 22:59:57 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.07.01 22:59:57 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.07.01 22:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.06.29 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Wyhiif
[2011.06.29 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Feuvhe
[2011.06.29 19:51:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.06.07 15:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2011.06.06 02:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.03 04:25:32 | 000,001,648 | ---- | M] () -- C:\Users\admin\Documents\T4EPlayer.conf
[2011.07.02 17:49:07 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.02 17:49:07 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.02 17:45:59 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.02 17:45:59 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.02 17:45:59 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.02 17:45:59 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.02 17:45:59 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.02 17:41:46 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011.07.02 17:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.02 17:41:29 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.02 14:31:01 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.02 12:33:43 | 000,000,134 | ---- | M] () -- C:\Users\admin\Desktop\Internet Explorer-Problembehebung.url
[2011.07.02 00:30:10 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.07.01 23:10:21 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.01 22:59:49 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011.07.01 22:59:49 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.07.01 22:59:49 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.07.01 22:59:49 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.07.01 22:56:44 | 000,006,276 | ---- | M] () -- C:\Users\admin\Documents\cc_20110701_225641.reg
[2011.06.29 22:04:08 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.29 21:44:57 | 000,002,136 | ---- | M] () -- C:\Users\admin\AppData\Roaming\105E.5E7
[2011.06.19 02:09:42 | 000,000,059 | ---- | M] () -- C:\Users\admin\Desktop\High Quality MP3.URL
[2011.06.07 15:48:00 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011.06.06 02:43:29 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.06.06 02:39:18 | 020,533,281 | ---- | M] () -- C:\Users\admin\Documents\vlc-1.1.9-win32.exe
 
========== Files Created - No Company Name ==========
 
[2011.07.03 12:16:05 | 000,030,259 | ---- | C] () -- C:\Users\admin\Desktop\hjtscanlist.bat
[2011.07.02 14:31:01 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.02 12:33:43 | 000,000,134 | ---- | C] () -- C:\Users\admin\Desktop\Internet Explorer-Problembehebung.url
[2011.07.02 00:30:10 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.07.01 23:10:21 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.01 22:56:42 | 000,006,276 | ---- | C] () -- C:\Users\admin\Documents\cc_20110701_225641.reg
[2011.06.29 21:41:36 | 000,002,136 | ---- | C] () -- C:\Users\admin\AppData\Roaming\105E.5E7
[2011.06.19 02:09:42 | 000,000,059 | ---- | C] () -- C:\Users\admin\Desktop\High Quality MP3.URL
[2011.06.06 02:43:29 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.06.06 02:39:05 | 020,533,281 | ---- | C] () -- C:\Users\admin\Documents\vlc-1.1.9-win32.exe
[2011.04.16 17:55:08 | 000,000,994 | ---- | C] () -- C:\Windows\eReg.dat
[2011.02.27 15:50:34 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.02.27 15:50:34 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.02.27 15:50:34 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.02.24 19:06:04 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.02.21 15:34:06 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.21 15:34:04 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.21 15:34:03 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.01.27 23:02:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.12 02:03:23 | 000,007,597 | ---- | C] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg
[2010.06.11 23:21:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.06.11 23:21:49 | 000,022,995 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011.04.16 17:50:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2010.06.14 11:05:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.02 12:32:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Feuvhe
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GetRightToGo
[2011.05.28 12:04:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\go
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0
[2011.07.01 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\RIFT
[2011.06.29 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TS3Client
[2011.07.02 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Wyhiif
[2009.07.14 07:08:49 | 000,028,098 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

littleTED · 03.07.2011, 11:29

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 03.07.2011 12:23:53 - Run 2
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Users\admin\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 32,44% Memory free
8,00 Gb Paging File | 5,08 Gb Available in Paging File | 63,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,69 Gb Total Space | 98,81 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 73,82 Gb Free Space | 25,20% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 15,76 Gb Free Space | 3,38% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisabledInterfaces" = {EDFAA26D-D678-4099-A294-7AAD27E6C2CC}
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"E23_Wecker_V2" = E23_Wecker_V2
"hon" = Heroes of Newerth
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PFPortChecker" = PFPortChecker 1.0.36
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 70" = Half-Life
"T4EPlayer" = T4E Player
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.9
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.06.2011 14:33:51 | Computer Name = admin-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 30.06.2011 14:34:01 | Computer Name = admin-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 01.07.2011 13:41:55 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.07.2011 13:41:55 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.07.2011 13:41:55 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.07.2011 13:41:56 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>.
 Fehler: 12029 (0x2efd).
 
Error - 01.07.2011 16:55:52 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bced5  Name des fehlerhaften Moduls: VIASysFx.dll, Version: 1.0.0.0,
 Zeitstempel: 0x4add2a2e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000005d97e
ID
 des fehlerhaften Prozesses: 0xf60  Startzeit der fehlerhaften Anwendung: 0x01cc3831431498b0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\VIASysFx.dll  Berichtskennung: 80fe99f0-a424-11e0-82c3-e0cb4ecfef19
 
Error - 02.07.2011 05:31:06 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bced5  Name des fehlerhaften Moduls: VIASysFx.dll, Version: 1.0.0.0,
 Zeitstempel: 0x4add2a2e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000005d97e
ID
 des fehlerhaften Prozesses: 0x84c  Startzeit der fehlerhaften Anwendung: 0x01cc389ac486a820
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\VIASysFx.dll  Berichtskennung: 02c54970-a48e-11e0-82c3-e0cb4ecfef19
 
Error - 02.07.2011 08:30:22 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bced5  Name des fehlerhaften Moduls: VIASysFx.dll, Version: 1.0.0.0,
 Zeitstempel: 0x4add2a2e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000005d97e
ID
 des fehlerhaften Prozesses: 0x13f8  Startzeit der fehlerhaften Anwendung: 0x01cc38b3ce633f70
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\VIASysFx.dll  Berichtskennung: 0d4dff40-a4a7-11e0-82c3-e0cb4ecfef19
 
Error - 02.07.2011 09:17:15 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bced5  Name des fehlerhaften Moduls: VIASysFx.dll, Version: 1.0.0.0,
 Zeitstempel: 0x4add2a2e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000005d97e
ID
 des fehlerhaften Prozesses: 0x2e4  Startzeit der fehlerhaften Anwendung: 0x01cc38ba529a2cd0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\VIASysFx.dll  Berichtskennung: 9a24d730-a4ad-11e0-9af6-e0cb4ecfef19
 
[ System Events ]
Error - 07.05.2011 08:17:08 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 07.05.2011 08:17:08 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 09.05.2011 21:07:46 | Computer Name = admin-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht vergrößert werden kann.
 
Error - 11.05.2011 09:19:25 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?05.?2011 um 15:17:54 unerwartet heruntergefahren.
 
Error - 11.05.2011 09:19:25 | Computer Name = ADMIN-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 11.05.2011 11:38:36 | Computer Name = admin-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.05.2011 04:43:24 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?05.?2011 um 10:18:42 unerwartet heruntergefahren.
 
 
< End of report >

--- --- ---

littleTED · 03.07.2011, 11:30

So hoffe es ist alles richtig und korrekt

littleTED · 03.07.2011, 12:57

Kira wo bist du (heul)

littleTED · 03.07.2011, 16:30

Kira ist da

freu
jetzt gehts gleich weiter

darf euch aber mal ein dickes Lob aussprechen ist echt nett das ihr hier so ein Forum flegt und so vielen usern bei deren Problemen hilft .
So genug geschleimt :P

02.07.2011, 22:14	#6
kira /// Helfer-Team	kein erreichen mehr von microsoft Seiten PUM.Bad.Proxy Okay, also bis dann... __________________ --> kein erreichen mehr von microsoft Seiten PUM.Bad.Proxy

kein erreichen mehr von microsoft Seiten PUM.Bad.Proxy

Plagegeister aller Art und deren Bekämpfung: kein erreichen mehr von microsoft Seiten PUM.Bad.Proxy