"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"

yasippi · 04.12.2011, 17:15

hallo,

ich habe heute genau so wie viele andere,diese meldung bekommen beim starten des PCs.
hab mich jetzt etwas hier informiert und schonmal OTL.exe und mbam durchlaufen lassen.hier die logs von OTL:

Code:

ATTFilter

OTL logfile created on: 04.12.2011 16:49:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = E:\
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 85,20% Memory free
6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,20 Gb Total Space | 46,12 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive E: | 14,89 Gb Total Space | 12,51 Gb Free Space | 83,98% Space Free | Partition Type: FAT32
Drive H: | 9,77 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
Drive I: | 1281,30 Gb Total Space | 1102,82 Gb Free Space | 86,07% Space Free | Partition Type: NTFS
 
Computer Name: MORITZ-PC | User Name: moritz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
MOD - C:\Users\moritz\AppData\Roaming\Mozilla\Firefox\Profiles\3i8na4i5.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\imtcp_xpcom.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_d768ebc.dll ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\system32\DRIVERS\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (amd_sata) -- C:\Windows\system32\DRIVERS\amd_sata.sys (Advanced Micro Devices)
DRV - (amd_xata) -- C:\Windows\system32\DRIVERS\amd_xata.sys (Advanced Micro Devices)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (TASCAM_US122144) -- C:\Windows\System32\drivers\tascusb2.sys (TASCAM)
DRV - (TASCAM_US122L_WDM) -- C:\Windows\System32\drivers\tscusb2a.sys (TASCAM)
DRV - (TASCAM_US122L_MIDI) -- C:\Windows\System32\drivers\tscusb2m.sys (TASCAM)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 0C BD BD 58 1A CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 07:26:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 07:26:34 | 000,000,000 | ---D | M]
 
[2011.05.24 22:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moritz\AppData\Roaming\mozilla\Extensions
[2011.12.04 13:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions
[2011.08.29 17:55:16 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011.07.06 13:24:40 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.13 11:36:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011.05.26 07:29:55 | 000,000,000 | ---D | M] (NoSquint) -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions\nosquint@urandom.ca
[2011.06.20 11:14:32 | 000,002,059 | ---- | M] () -- C:\Users\moritz\AppData\Roaming\Mozilla\Firefox\Profiles\3i8na4i5.default\searchplugins\daemon-search.xml
[2011.11.30 07:22:26 | 000,000,950 | ---- | M] () -- C:\Users\moritz\AppData\Roaming\Mozilla\Firefox\Profiles\3i8na4i5.default\searchplugins\icqplugin-1.xml
[2011.08.29 14:37:27 | 000,001,056 | ---- | M] () -- C:\Users\moritz\AppData\Roaming\Mozilla\Firefox\Profiles\3i8na4i5.default\searchplugins\icqplugin.xml
[2011.12.04 13:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.26 10:07:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.07.26 13:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.24 22:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2011.05.26 10:07:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.07.26 13:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.29 21:05:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.29 21:05:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.29 21:05:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.29 21:05:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.29 21:05:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [{9E82E0F3-8647-11E0-A050-806E6F6E6963}] C:\Users\moritz\AppData\Roaming\Microsoft\svhcost.exe (Mozilla Foundation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\moritz\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C92BA809-B725-40E3-91EF-8618FF219821}: DhcpNameServer = 83.169.184.33 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C92BA809-B725-40E3-91EF-8618FF219821}: NameServer = 85.214.73.63,204.152.184.76
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.04 16:45:24 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Roaming\Malwarebytes
[2011.12.04 16:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.04 16:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.04 16:44:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.04 16:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.24 18:06:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.11.13 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\moritz\Documents\iMacros
[2011.11.09 20:48:51 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\Akamai
[2011.11.05 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\moritz\Documents\Freemake
[2011.11.05 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2011.11.05 20:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2011.11.05 20:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2011.11.05 20:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2011.05.31 14:23:21 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.04 16:45:00 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.04 16:42:56 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.04 16:42:56 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.04 16:42:56 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.04 16:42:56 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.04 16:28:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.04 16:28:10 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.04 15:25:14 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 15:25:14 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.02 09:33:12 | 003,951,546 | ---- | M] () -- C:\Users\moritz\Desktop\Big L- Harlem World (Instrumental).mp3
[2011.11.17 15:30:13 | 001,547,937 | ---- | M] () -- C:\Users\moritz\Desktop\vitus bangus_Abmischung.mp3
[2011.11.13 12:33:26 | 000,000,366 | ---- | M] () -- C:\Users\moritz\Desktop\Dein Text.cmd
[2011.11.10 15:40:39 | 000,289,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.08 17:02:01 | 000,667,715 | ---- | M] () -- C:\Users\moritz\rba crunk _Abmischung (4).mp3
[2011.11.05 20:25:31 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.04 16:45:00 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 16:57:30 | 003,951,546 | ---- | C] () -- C:\Users\moritz\Desktop\Big L- Harlem World (Instrumental).mp3
[2011.11.17 15:30:08 | 001,547,937 | ---- | C] () -- C:\Users\moritz\Desktop\vitus bangus_Abmischung.mp3
[2011.11.13 11:29:13 | 000,000,366 | ---- | C] () -- C:\Users\moritz\Desktop\Dein Text.cmd
[2011.11.08 17:01:58 | 000,667,715 | ---- | C] () -- C:\Users\moritz\rba crunk _Abmischung (4).mp3
[2011.11.05 20:25:31 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2011.07.26 22:57:06 | 000,000,085 | ---- | C] () -- C:\Windows\lagarith.ini
[2011.06.20 21:15:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.06.20 12:51:50 | 000,063,640 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.05.31 14:23:22 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.05.31 14:23:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.05.31 14:23:20 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.05.31 14:23:20 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.31 14:23:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.05.31 14:06:38 | 000,056,899 | ---- | C] () -- C:\Windows\System32\x264-uninstall.exe
[2011.05.24 22:27:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.24 22:20:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.24 22:15:44 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.05.24 22:11:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.24 22:09:25 | 000,000,037 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010.09.28 21:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,289,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.07 08:08:36 | 002,600,448 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
 
========== LOP Check ==========
 
[2011.06.20 10:53:21 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\abgx360
[2011.05.26 11:07:27 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Acronis
[2011.06.10 16:57:37 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Antares
[2011.11.24 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Azureus
[2011.06.03 10:43:27 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Canneverbe Limited
[2011.06.20 11:15:57 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\DAEMON Tools Lite
[2011.06.07 16:44:37 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\FabFilter
[2011.07.15 20:29:21 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Firstload
[2011.07.06 13:31:23 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\ICQ
[2011.06.20 12:56:21 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\ImgBurn
[2011.06.10 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\PACE Anti-Piracy
[2011.10.23 15:57:15 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Paloma Networks, Inc
[2011.05.26 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Publish Providers
[2011.07.26 22:58:33 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Sony
[2011.05.26 20:40:57 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\SoundSpectrum
[2011.11.06 09:55:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1189 bytes -> C:\ProgramData\Microsoft:eeVnHZFiDnv9R0WLbpeWKlvq
@Alternate Data Stream - 1089 bytes -> C:\ProgramData\Microsoft:xN1UQc5Cu8dqAreVQx7kyHmn6YU
@Alternate Data Stream - 1008 bytes -> C:\ProgramData\Microsoft:zTYEeOs6yOY2ydS68aXnsi

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 04.12.2011 16:49:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = E:\
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 85,20% Memory free
6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,20 Gb Total Space | 46,12 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive E: | 14,89 Gb Total Space | 12,51 Gb Free Space | 83,98% Space Free | Partition Type: FAT32
Drive H: | 9,77 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
Drive I: | 1281,30 Gb Total Space | 1102,82 Gb Free Space | 86,07% Space Free | Partition Type: NTFS
 
Computer Name: MORITZ-PC | User Name: moritz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0482617D-DDC3-D703-2572-7D1E55FA24CB}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216BE2D3-5317-10C1-6F02-C4665CFB4507}" = CCC Help Japanese
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{256C2385-7E7D-8809-9D8C-020FC726A0CB}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{26E276AC-F6C2-883E-E665-E97C735AA0AA}" = CCC Help French
"{31760C30-2C21-75D1-675E-3388AAC04068}" = CCC Help Dutch
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D68D398-7760-426D-8395-83EE0676FC7E}" = Antares Auto-Tune Evo RTAS
"{5380E159-9445-C146-ECBC-5DF6E97FAB85}" = CCC Help Swedish
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54F89819-7AF7-9A0A-1F45-2E19F0CA18A8}" = CCC Help Finnish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F324A2-667C-EA14-0A8D-DC3794330056}" = CCC Help Danish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D74D3E4-B52C-4812-B01C-D3B7D5603EFD}" = iLoad
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7D14B7C4-10DA-173B-D073-DED305D55099}" = Catalyst Control Center Localization All
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F75D9-A0AF-B75D-8921-3A0E09A3E56E}" = ATI Catalyst Install Manager
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{934331FE-E81E-B486-A049-382715BE7416}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A850B824-9CE5-EEDE-D762-3C9518ABAC98}" = ccc-core-static
"{AA0F476C-CA5F-F382-67B2-F0085C1EBC6E}" = CCC Help Norwegian
"{B765F43A-6189-61F7-5D8A-0B9E8A851193}" = CCC Help English
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DE2A3E12-3592-1A8B-D3B3-60E2C07C52C2}" = CCC Help Italian
"{E82912A7-1041-D8C5-B725-A7B0C8A91DAF}" = ccc-utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1ED5BD7-4770-4037-9CBD-5DF9A5BEC408}" = Plus Pack für Acronis True Image Home 2011
"{F354B79F-C895-AC25-EC8F-72DAFF960B83}" = CCC Help Spanish
"1489-3350-5074-6281" = JDownloader 0.9
"abgx360" = abgx360 v1.0.5
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface Service
"ASIO4ALL" = ASIO4ALL
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"CCleaner" = CCleaner (remove only)
"Cross Fire_is1" = Cross Fire En
"CyberGhost VPN_is1" = CyberGhost VPN
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"FabFilter Pro-Q VST RTAS_is1" = FabFilter Pro-Q VST RTAS v1.0.1.6
"Firstload" = Firstload
"Foxit Reader" = Foxit Reader
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.4.0
"G-Force" = G-Force
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Steam App 240" = Counter-Strike: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42720" = Call of Duty Black Ops - Remote Console
"Steam App 42740" = Call of Duty Black Ops - Mod Tools (BETA)
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"Videora iPod touch Converter" = Videora iPod touch Converter 6
"VLC media player" = VLC media player 1.1.10
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
"WolfTeam" = WolfTeam
"x264 VFW" = x264 VFW (remove only)
"YouTube Downloader App" = YouTube Downloader App 3.00
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360GAMESPATCHERCLT" = 360GamesPatcher (Client setup)
"Akamai" = Akamai NetSession Interface
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

und hier der log von mbam:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8308

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

04.12.2011 17:07:05
mbam-log-2011-12-04 (17-07-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158897
Laufzeit: 1 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9E82E0F3-8647-11E0-A050-806E6F6E6963} (Backdoor.Agent) -> Value: {9E82E0F3-8647-11E0-A050-806E6F6E6963} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\moritz\AppData\Roaming\microsoft\svhcost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Users\moritz\AppData\Local\Temp\0.7499102478481585.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

wie verfahre ich jetzt weiter?

ich bin für jede hilfestellung SEHR dankbar und hoffe ich hab mit den logs alles richtig gemacht.

yasippi

cosinus · 04.12.2011, 20:06

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

yasippi · 04.12.2011, 22:36

erstmal riesen danke für die ausführliche antwort!
Beide scans sind jetzt fertig.

hier die logs von dem vollscan mit malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8308

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

04.12.2011 20:52:57
mbam-log-2011-12-04 (20-52-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|I:\|)
Durchsuchte Objekte: 463859
Laufzeit: 43 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und hier die von eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=368844b77e3cb64d97632ff1f09f1734
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-04 09:25:34
# local_time=2011-12-04 10:25:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=769 16775126 100 100 23028 259320763 24264 0
# compatibility_mode=5893 16776573 100 94 23485 75467552 0 0
# compatibility_mode=8192 67108863 100 0 6447 6447 0 0
# scanned=315049
# found=2
# cleaned=0
# scan_time=5125
C:\Users\moritz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\441ee89c-75c3c6ec	a variant of Win32/Injector.LSY trojan (unable to clean)	00000000000000000000000000000000	I
I:\Dateien und Image\Azureus\Downloads\Alte download XP\242.Sony - Vegas Pro 9.0e (Build 1147)\Readme.exe	a variant of Win32/Keygen.AR application (unable to clean)	00000000000000000000000000000000	I

schonmal danke im vorraus...ich muss echt sagen: sehr nützliches board hier!

ich werde euch vieleicht zu weihnachten eine kleine spende zukommen lassen

yasippi

cosinus · 05.12.2011, 09:25

Zitat:

I:\Dateien und Image\Azureus\Downloads\Alte download XP\242.Sony - Vegas Pro 9.0e (Build 1147

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"

Log-Analyse und Auswertung: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"