IE-Explorer öffnet sich ungefragt! Hier die Logfile...

Magics · 03.06.2010, 12:07

Hallo,

vorweg: Ich habe wenig Erfahrung mit Viren, Trojanern und all diesem Internetgewürm, da bei mir alles bisher ganz gut funktioniert hat.

Ich benutze das Betriebssystem Windows 7 Home Premium

Seit wenigen Tagen bekomme ich bei der Windows Updatesuche den Fehlercode:
80072EFE

Darüber hinaus benutze ich Personal Antivir und verlasse mich auf die Windows Firewall. Außerdem gehe ich über einen Router ins Internet.

Seit 2 Tagen öffnet sich alle 10 Minuten ein IE-Fenster. Zunächst steht in der Adressleiste irgendetwas vonwegen "ieframe.dll"... und danach wird das ganze weiterverlinkt zu iwelchen Onlinespielen, wie Poker oder Browsergames!

Besonders ärgerlich ist, dass sich der Frame beim öffnen auch noch an die Oberfläche schiebt, sodass ich z.B. beim Tippen plötzlich dort was eingebe, anstatt im Worddoc.

Ich habe jetzt eine Logfile erstellt, so sieht sie aus:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:41, on 03.06.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Users\Magics\AppData\Local\Temp\Mhw.exe
C:\Users\Magics\AppData\Local\Temp\Mhx.exe
C:\Windows\Explorer.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Black Mirror 2\BlackMirror2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\explorer.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe
O4 - HKCU\..\Run: [mcexecwin] rundll32.exe C:\Users\Magics\AppData\Local\Temp\i4sy6fa.dll, RestoreWindows
O4 - HKCU\..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Magics\AppData\Local\Temp\uma4xexhm.exe
O4 - HKCU\..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Users\Magics\AppData\Local\Temp\install.exe
O4 - HKCU\..\Run: [diskrint] rundll32 "C:\Users\Magics\AppData\Local\Temp\debuvaws.dll",DllEntryPoint
O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Users\Magics\AppData\Local\Temp\sshnas21.dll,GetMainWnd
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Magics\AppData\Local\Temp\Mhx.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7133 bytes

--- --- ---

Der Witz an der ganzen Sache ist übrigens, dass ich gestandener Firefox-Nutzer bin und den IE-Explorer von der Firewall her gar nicht zugelassen habe für Netzwerk verkehr.

Ich bitte euch darum mir mit der LogFile zu helfen...

Grüße
Magics

cosinus · 03.06.2010, 14:07

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Magics · 03.06.2010, 16:05

Vielen Dank für die schnelle Hilfestellung!

Habe alles gemacht.

Kleiner Hinweis noch:
Ich habe vor Ausführen der Scan-Programme den gesamten Internetcache gelöscht sowie Spybot und Antivir laufen lassen. Ich sehe aber beim Überfliegen der LogDateien, dass irgendwelche Hostprozesse von dubiosen Websites ausgeführt worden sind! Ich bin entsetzt! Ich hoffe ihr Profis könnt mir ein bisschen was dazu erzählen.

Hier der Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4167

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.06.2010 16:44:15
mbam-log-2010-06-03 (16-44-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123900
Laufzeit: 3 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cleansweep.exe (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
C:\cleansweep.exe (Trojan.Agent) -> No action taken.

Infizierte Dateien:
C:\Users\Magics\AppData\Local\Temp\Mhv.exe (Trojan.Fraudpack) -> No action taken.
C:\cleansweep.exe\config.bin (Trojan.Agent) -> No action taken.
C:\Users\Magics\AppData\Local\Temp\0.7223901981475723.exe (Trojan.Dropper) -> No action taken.
C:\Users\Magics\AppData\Local\Temp\0.272379808187436.exe (Trojan.Dropper) -> No action taken.

Hier die beiden von dem OTL-Scan

OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.06.2010 16:42:14 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Magics\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 29,74 Gb Free Space | 6,38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAGICS-PC
Current User Name: Magics
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Magics\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Magics\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (BCUService) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 AD 4B EC 47 AB CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.17 22:30:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.17 22:30:36 | 000,000,000 | ---D | M]
 
[2010.02.11 21:05:50 | 000,000,000 | ---D | M] -- C:\Users\Magics\AppData\Roaming\mozilla\Extensions
[2010.06.02 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\Magics\AppData\Roaming\mozilla\Firefox\Profiles\xbwwhz09.default\extensions
[2010.04.04 20:38:28 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Magics\AppData\Roaming\mozilla\Firefox\Profiles\xbwwhz09.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.21 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Magics\AppData\Roaming\mozilla\Firefox\Profiles\xbwwhz09.default\extensions\battlefieldheroespatcher@ea.com
[2010.02.16 21:30:01 | 000,000,000 | ---D | M] -- C:\Users\Magics\AppData\Roaming\mozilla\Firefox\Profiles\xbwwhz09.default\extensions\DTToolbar@toolbarnet.com
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\Magics\AppData\Roaming\Mozilla\FireFox\Profiles\xbwwhz09.default\searchplugins\conduit.xml
[2010.02.16 21:30:00 | 000,002,055 | ---- | M] () -- C:\Users\Magics\AppData\Roaming\Mozilla\FireFox\Profiles\xbwwhz09.default\searchplugins\daemon-search.xml
[2010.05.27 13:04:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.03 14:12:50 | 000,403,758 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 13963 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Halo2] C:\Users\Magics\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{118227ce-1b34-11df-95cc-00040efb018f}\Shell - "" = AutoRun
O33 - MountPoints2\{118227ce-1b34-11df-95cc-00040efb018f}\Shell\AutoRun\command - "" = E:\StartUp.exe -- File not found
O33 - MountPoints2\{b9ecdea2-1738-11df-829e-6cf049010c3c}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ecdea2-1738-11df-829e-6cf049010c3c}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.03 16:38:58 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\Malwarebytes
[2010.06.03 16:38:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.03 16:38:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.03 16:38:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.03 16:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.03 14:00:24 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.06.03 14:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.06.03 12:46:05 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.01 19:04:42 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\BlackMirror2
[2010.06.01 17:37:44 | 000,000,000 | ---D | C] -- C:\Programme\Black Mirror 2
[2010.05.30 14:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2010.05.30 14:05:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Microsoft Games
[2010.05.29 21:06:49 | 000,000,000 | -H-D | C] -- C:\Users\Magics\Documents\Runes of Magic
[2010.05.29 20:04:49 | 000,000,000 | ---D | C] -- C:\Programme\Runes of Magic
[2010.05.27 20:16:20 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\FOG Downloader
[2010.05.27 20:16:15 | 000,000,000 | ---D | C] -- C:\RoM
[2010.05.27 20:16:09 | 000,000,000 | ---D | C] -- C:\Users\Magics\Neuer Ordner
[2010.05.27 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\MeinSpore-Kreationen
[2010.05.27 15:30:11 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\SPORE
[2010.05.27 15:27:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.05.26 01:37:45 | 000,000,000 | ---D | C] -- C:\Spiele
[2010.05.26 00:54:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2010.05.26 00:45:28 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\EA Games
[2010.05.22 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Local\My Games
[2010.05.22 14:27:56 | 000,000,000 | ---D | C] -- C:\Programme\Firaxis Games
[2010.05.21 23:56:42 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\Battlefield Heroes
[2010.05.19 12:12:48 | 000,000,000 | ---D | C] -- C:\Programme\ASIO4ALL v2
[2010.05.18 21:40:22 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\Filme
[2010.05.17 22:30:17 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.05.17 22:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.05.17 22:29:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.05.17 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Local\Apple
[2010.05.17 22:29:45 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.05.17 22:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.05.16 18:47:10 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler
[2010.05.15 23:09:30 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\4A Games
[2010.05.15 23:06:12 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Local\4A Games
[2010.05.15 23:02:42 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.05.15 23:02:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.05.15 23:02:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.05.15 23:02:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.05.15 23:02:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.05.15 21:52:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.05.15 20:50:32 | 000,000,000 | ---D | C] -- C:\Programme\METRO 2033
[2010.05.11 19:59:07 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\Populous Reincarnated
[2010.05.11 19:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Populous Reincarnated
[2010.05.11 19:59:02 | 000,000,000 | ---D | C] -- C:\Programme\Populous Reincarnated
[2010.05.11 19:57:45 | 000,132,096 | ---- | C] (Electronic Arts) -- C:\Windows\System32\EAEXEC.EXE
[2010.05.11 19:56:58 | 000,000,000 | ---D | C] -- C:\Programme\bullfrog
[2010.05.11 19:14:26 | 000,000,000 | ---D | C] -- C:\POP3.CD
[2010.05.11 18:44:09 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.05.11 18:44:09 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx7vb.dll
[2010.05.11 18:44:09 | 000,366,080 | ---- | C] (JB) -- C:\Windows\System32\vbskfr2.ocx
[2010.05.11 18:44:09 | 000,311,296 | ---- | C] (Puma Computer Systems, LLC.) -- C:\Windows\System32\puma lcd simulator v7.ocx
[2010.05.11 18:44:09 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comct232.ocx
[2010.05.11 18:44:09 | 000,161,280 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\Windows\System32\fmod.dll
[2010.05.11 18:44:09 | 000,151,552 | ---- | C] (xFX JumpStart®) -- C:\Windows\System32\dxvumeter3.ocx
[2010.05.11 18:44:09 | 000,069,632 | ---- | C] (Andrew Keat, aktools@ihug.co.nz, hxxp://aktools.rentmaster.co.nz) -- C:\Windows\System32\webupdate.ocx
[2010.05.11 18:44:09 | 000,040,960 | ---- | C] (Andrew Keat, aktools@ihug.co.nz, hxxp://aktools.rentmaster.co.nz) -- C:\Windows\System32\akprogressbar.ocx
[2010.05.11 18:44:09 | 000,040,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsetup.dll
[2010.05.11 18:44:09 | 000,035,840 | ---- | C] (xFX JumpStart) -- C:\Windows\System32\xfxslider.ocx
[2010.05.11 18:44:09 | 000,024,576 | ---- | C] (VBSmart) -- C:\Windows\System32\smartsubclass.dll
[2010.05.11 18:44:07 | 000,000,000 | ---D | C] -- C:\Programme\Atmosphere Lite
[2010.05.10 20:32:19 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\DIE SIEDLER - Aufstieg eines Königreichs
[2010.05.09 21:43:34 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\dvdcss
[2010.05.05 19:59:27 | 000,000,000 | ---D | C] -- C:\Programme\SEGA
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.03 16:42:34 | 000,022,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.03 16:42:34 | 000,022,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.03 16:39:55 | 006,291,456 | -HS- | M] () -- C:\Users\Magics\ntuser.dat
[2010.06.03 16:38:55 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 16:35:28 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2010.06.03 16:35:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.03 16:35:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.03 16:35:13 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.03 15:43:36 | 010,072,960 | -H-- | M] () -- C:\Users\Magics\AppData\Local\IconCache.db
[2010.06.03 14:01:53 | 000,001,220 | ---- | M] () -- C:\Users\Magics\Desktop\Spybot - Search & Destroy.lnk
[2010.06.03 12:46:05 | 000,002,969 | ---- | M] () -- C:\Users\Magics\Desktop\HiJackThis.lnk
[2010.06.03 00:09:19 | 000,057,918 | ---- | M] () -- C:\Users\Magics\Desktop\ct7.jpg
[2010.06.02 14:02:57 | 001,501,000 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.02 14:02:57 | 000,654,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.02 14:02:57 | 000,615,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.02 14:02:57 | 000,130,952 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.02 14:02:57 | 000,107,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.02 13:58:53 | 000,323,384 | ---- | M] () -- C:\Users\Magics\Desktop\b.htm
[2010.06.01 17:45:52 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Black Mirror 2.lnk
[2010.05.27 21:49:00 | 000,001,734 | ---- | M] () -- C:\Users\Magics\Desktop\SporeApp - Verknüpfung.lnk
[2010.05.26 02:28:33 | 000,524,288 | -HS- | M] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TMContainer00000000000000000002.regtrans-ms
[2010.05.26 02:28:33 | 000,524,288 | -HS- | M] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TMContainer00000000000000000001.regtrans-ms
[2010.05.26 02:28:33 | 000,065,536 | -HS- | M] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TM.blf
[2010.05.22 14:39:34 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2010.05.22 00:00:31 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.22 00:00:07 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.05.21 23:29:42 | 000,138,056 | ---- | M] () -- C:\Users\Magics\AppData\Roaming\PnkBstrK.sys
[2010.05.21 23:29:11 | 002,427,248 | ---- | M] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.05.16 18:47:13 | 000,001,867 | ---- | M] () -- C:\Users\Magics\Desktop\Defraggler.lnk
[2010.05.16 18:44:52 | 000,003,742 | ---- | M] () -- C:\Users\Magics\Documents\cc_20100516_184449.reg
[2010.05.16 15:28:43 | 000,016,111 | ---- | M] () -- C:\Users\Magics\Documents\Re_ Potwierdzenie zamówienia (kopia) DE.eml
[2010.05.11 19:59:03 | 000,001,215 | ---- | M] () -- C:\Users\Magics\Desktop\Populous MatchMaker.lnk
[2010.05.11 19:57:52 | 000,001,100 | ---- | M] () -- C:\Users\Magics\Desktop\Populous Menu.lnk
[2010.05.11 19:57:45 | 000,132,096 | ---- | M] (Electronic Arts) -- C:\Windows\System32\EAEXEC.EXE
[2010.05.11 19:57:45 | 000,024,576 | ---- | M] () -- C:\Windows\System32\EALTEST.EXE
[2010.05.09 21:19:36 | 002,248,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.09 14:14:15 | 000,075,528 | ---- | M] () -- C:\Users\Magics\AppData\Local\GDIPFONTCACHEV1.DAT
 
========== Files Created - No Company Name ==========
 
[2010.06.03 16:38:55 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 14:01:53 | 000,001,220 | ---- | C] () -- C:\Users\Magics\Desktop\Spybot - Search & Destroy.lnk
[2010.06.03 12:46:05 | 000,002,969 | ---- | C] () -- C:\Users\Magics\Desktop\HiJackThis.lnk
[2010.06.03 00:09:17 | 000,057,918 | ---- | C] () -- C:\Users\Magics\Desktop\ct7.jpg
[2010.06.02 13:58:52 | 000,323,384 | ---- | C] () -- C:\Users\Magics\Desktop\U.htm
[2010.06.01 17:45:52 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Black Mirror 2.lnk
[2010.05.27 21:49:00 | 000,001,734 | ---- | C] () -- C:\Users\Magics\Desktop\SporeApp - Verknüpfung.lnk
[2010.05.26 01:31:12 | 000,524,288 | -HS- | C] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TMContainer00000000000000000002.regtrans-ms
[2010.05.26 01:31:12 | 000,524,288 | -HS- | C] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TMContainer00000000000000000001.regtrans-ms
[2010.05.26 01:31:12 | 000,065,536 | -HS- | C] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TM.blf
[2010.05.26 00:16:08 | 3515,154,431 | ---- | C] () -- C:\Users\Magics\Desktop\Sims2-eXtreme_v1.01.iso
[2010.05.22 14:28:12 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2010.05.22 00:00:07 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.05.21 23:29:11 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.05.16 18:47:13 | 000,001,867 | ---- | C] () -- C:\Users\Magics\Desktop\Defraggler.lnk
[2010.05.16 18:44:51 | 000,003,742 | ---- | C] () -- C:\Users\Magics\Documents\cc_20100516_184449.reg
[2010.05.16 15:28:42 | 000,016,111 | ---- | C] () -- C:\Users\Magics\Documents\Re_ Potwierdzenie zamówienia (kopia) DE.eml
[2010.05.11 19:59:03 | 000,001,215 | ---- | C] () -- C:\Users\Magics\Desktop\Populous MatchMaker.lnk
[2010.05.11 19:57:52 | 000,001,100 | ---- | C] () -- C:\Users\Magics\Desktop\Populous Menu.lnk
[2010.05.11 19:57:45 | 000,024,576 | ---- | C] () -- C:\Windows\System32\EALTEST.EXE
[2010.02.16 22:02:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.02.16 22:02:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.02.16 21:29:46 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.02.13 23:25:50 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.13 21:26:02 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.11 19:34:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.02.11 19:30:39 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.10.22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 936 bytes -> C:\Users\Magics\Documents\Re_ Potwierdzenie zamówienia (kopia) DE.eml:OECustomProperty
< End of report >

--- --- ---

Extras.txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 03.06.2010 16:42:14 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Magics\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 29,74 Gb Free Space | 6,38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAGICS-PC
Current User Name: Magics
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00CC55E1-EA68-22D4-92DF-B94F287DCE40}" = ccc-core-static
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1 
"{0E76D6D4-5EFD-0714-1E65-E5B0ED1C9731}" = Catalyst Control Center Core Implementation
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D206DBD-6491-26BD-0DFA-165AA8A0CFFD}" = Catalyst Control Center Graphics Light
"{2D3B4614-7291-583D-A925-476924FF5A5F}" = Catalyst Control Center Graphics Previews Common
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}" = FlatOut 2
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5B479C22-7B50-5D31-7BD9-02D1260254D3}" = Catalyst Control Center HydraVision Full
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6D372DFB-666E-FD3D-8B23-C116A8F5A643}" = Catalyst Control Center Graphics Full Existing
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6E994B82-FE8B-2777-295A-4D6F4314E8DD}" = ccc-utility
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD(R) Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1A9A33E-F1E5-FBF4-8D72-E90BEAC7108A}" = HydraVision
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B3D726D7-12FC-B85D-E6C9-54536827A01A}" = Catalyst Control Center Graphics Previews Vista
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C176CB21-4E7D-D56D-905B-F4A4CB1301AD}" = Catalyst Control Center Graphics Full New
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C982FAE0-9E75-0BB0-933D-69046512C216}" = ATI AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3BD4C42-B54D-DD47-68EC-5DD1D6097E6F}" = CCC Help English
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20F8E93-3471-1808-AC39-7CE622FCBB4B}" = Catalyst Control Center InstallProxy
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9D5C97D-2FDD-4FE0-A4D6-551C5E6F430D}" = bhv Multimedia Führerschein und Verkehr 2009
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"ASIO4ALL" = ASIO4ALL
"Atmosphere Lite_is1" = Atmosphere Lite v6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Black Mirror 2_is1" = Black Mirror 2
"BTmod" = Oblivion - BTmod 2.20
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis WARHEAD(R) Patch" = Crysis WARHEAD(R) Patch
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defraggler" = Defraggler
"Drakensang_is1" = Drakensang
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hydrogen" = Hydrogen
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Populous MatchMaker" = Populous MatchMaker
"Power Tab Editor 1.7" = Power Tab Editor 1.7
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Riding Star 3" = Riding Star 3
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 500" = Left 4 Dead
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"UltraISO_is1" = UltraISO Premium V8.65
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
"X3TerranConflict_is1" = X3 Terran Conflict v2.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.05.2010 09:33:40 | Computer Name = Magics-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.150.3, Zeitstempel:
 0x4a6ad1a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x17161514  ID des fehlerhaften Prozesses:
 0x164c  Startzeit der fehlerhaften Anwendung: 0x01cafda136c5a854  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Java\jre6\bin\java.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 7595b882-6994-11df-98ed-00040efb018f
 
Error - 27.05.2010 13:58:06 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.05.2010 14:47:32 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.05.2010 17:26:16 | Computer Name = Magics-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SporeApp.exe, Version: 1.1.0.338,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: SporeApp.exe, Version: 1.1.0.338,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00faf4c4  ID des fehlerhaften
 Prozesses: 0x17cc  Startzeit der fehlerhaften Anwendung: 0x01cafdd5a7e010a4  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Electronic Arts\SPORE\Sporebin\SporeApp.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Electronic Arts\SPORE\Sporebin\SporeApp.exe
Berichtskennung:
 7afa5745-69d6-11df-8695-00040efb018f
 
Error - 29.05.2010 13:10:35 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.05.2010 07:52:05 | Computer Name = Magics-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 12.0.0.49974,
 Zeitstempel: 0x4475d140  Name des fehlerhaften Moduls: ISRT.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x446a0c9c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x034c3bf0
ID
 des fehlerhaften Prozesses: 0x1b8  Startzeit der fehlerhaften Anwendung: 0x01caffed259bd607
Pfad
 der fehlerhaften Anwendung: D:\setup.exe  Pfad des fehlerhaften Moduls: ISRT.dll  Berichtskennung:
 c3e9c283-6be1-11df-9730-00040efb018f
 
Error - 31.05.2010 11:28:14 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 01.06.2010 10:39:28 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 02.06.2010 17:18:41 | Computer Name = Magics-PC | Source = Application Hang | ID = 1002
Description = Programm ccleaner.exe, Version 2.28.0.1091 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: af0    Startzeit: 
01cb0298ec11d5f1    Endzeit: 3    Anwendungspfad: C:\Program Files\CCleaner\ccleaner.exe

Berichts-ID:
 6738a4ed-6e8c-11df-8ad1-00040efb018f  
 
Error - 03.06.2010 07:39:31 | Computer Name = Magics-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 0.272379808187436.exe, Version: 0.0.0.0,
 Zeitstempel: 0x499d3f6e  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x13ec  Startzeit der fehlerhaften Anwendung: 0x01cb03116d0164c0  Pfad der
 fehlerhaften Anwendung: C:\Users\Magics\AppData\Local\Temp\0.272379808187436.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: ac1a17be-6f04-11df-a230-00040efb018f
 
[ System Events ]
Error - 27.05.2010 09:36:25 | Computer Name = Magics-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?05.?2010 um 15:34:49 unerwartet heruntergefahren.
 
Error - 27.05.2010 10:05:14 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.05.2010 10:05:52 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.05.2010 09:53:25 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.05.2010 12:52:18 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.06.2010 07:31:56 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.06.2010 17:49:01 | Computer Name = Magics-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.06.2010 06:38:13 | Computer Name = MAGICS-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 03.06.2010 06:42:03 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03.06.2010 07:14:58 | Computer Name = Magics-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

--- --- ---

Weiterhin möchte ich anmerken, dass bei mir plötzlich eine Fehlermeldung nach dem Systemstart auftaucht. Angeblich wird die Datei "sshnas21.dll" im Userprofil Ordner nicht gefunden.

Grüße
Magics

cosinus · 03.06.2010, 20:13

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
O4 - HKCU..\Run: [Halo2] C:\Users\Magics\AppData\Local\Temp\sshnas21.DLL File not found
O33 - MountPoints2\{118227ce-1b34-11df-95cc-00040efb018f}\Shell - "" = AutoRun
O33 - MountPoints2\{118227ce-1b34-11df-95cc-00040efb018f}\Shell\AutoRun\command - "" = E:\StartUp.exe -- File not found
O33 - MountPoints2\{b9ecdea2-1738-11df-829e-6cf049010c3c}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ecdea2-1738-11df-829e-6cf049010c3c}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Magics · 03.06.2010, 21:11

Das hier ist der Log nach dem Restart

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cleansweep.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118227ce-1b34-11df-95cc-00040efb018f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118227ce-1b34-11df-95cc-00040efb018f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118227ce-1b34-11df-95cc-00040efb018f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118227ce-1b34-11df-95cc-00040efb018f}\ not found.
File E:\StartUp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ecdea2-1738-11df-829e-6cf049010c3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9ecdea2-1738-11df-829e-6cf049010c3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ecdea2-1738-11df-829e-6cf049010c3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9ecdea2-1738-11df-829e-6cf049010c3c}\ not found.
File F:\pushinst.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Magics
->Temp folder emptied: 558321 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Java cache emptied: 12245802 bytes
->FireFox cache emptied: 37577120 bytes
->Flash cache emptied: 3687 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66624 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48,00 mb

OTL by OldTimer - Version 3.2.5.3 log created on 06032010_220750

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 03.06.2010, 21:28

Gut. Dann probier jetzt mal Logs mit GMER und OSAM zu erstellen. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führt nur OSAM aus.

Magics · 04.06.2010, 12:29

Ok es ist geschehen.

Hier der GMER-LOG

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-04 13:21:12
Windows 6.1.7600 
Running: GMER.exe; Driver: C:\Users\Magics\AppData\Local\Temp\pwryypod.sys


---- System - GMER 1.0.15 ----

SSDT            921257B4                                                                                                            ZwCreateThread
SSDT            921257A0                                                                                                            ZwOpenProcess
SSDT            921257A5                                                                                                            ZwOpenThread
SSDT            921257AF                                                                                                            ZwTerminateProcess

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            83449AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            83449104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            834493F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            834322D8
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            83431898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            834491DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            83449958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            834496F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            83449F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8344A1A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     83062579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              83086F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                 8308E84C 4 Bytes  [B4, 57, 12, 92]
.text           ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                 8308E9E8 4 Bytes  [A0, 57, 12, 92]
.text           ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                 8308EA08 4 Bytes  [A5, 57, 12, 92]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                 8308ECB8 4 Bytes  [AF, 57, 12, 92]
?               System32\Drivers\spvm.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atipmdag.sys                                                                            section is writeable [0x91838000, 0x2E6316, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                               9075ACA0 5 Bytes  JMP 86E2D1D8 
.reloc          C:\Windows\system32\drivers\acehlp10.sys                                                                            section is executable [0x90793B80, 0x37FC7, 0xE0000060]
.text           amu78vb3.SYS                                                                                                        91D99000 12 Bytes  [44, 48, 43, 83, EE, 46, 43, ...]
.text           amu78vb3.SYS                                                                                                        91D9900D 9 Bytes  [27, 43, 83, 48, 4B, 43, 83, ...] {DAA ; INC EBX; OR DWORD [EAX+0x4b], 0x43; ADD DWORD [EAX], 0x0}
.text           amu78vb3.SYS                                                                                                        91D99017 20 Bytes  [00, DE, 47, D0, 8B, E6, 45, ...]
.text           amu78vb3.SYS                                                                                                        91D9902C 149 Bytes  [00, 00, 00, 00, D0, D1, 05, ...]
.text           amu78vb3.SYS                                                                                                        91D990C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                 
.reloc          C:\Windows\system32\drivers\acedrv10.sys                                                                            section is executable [0x9E074000, 0x459C1, 0xE0000060]
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                            section is executable [0x9E0D6300, 0x25D4C, 0xE0000060]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0x9E0FD300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0x9E140300, 0x1BEE, 0xE8000020]
.text           peauth.sys                                                                                                          9E14AC9D 28 Bytes  [1E, 72, 92, 2D, 51, A0, E5, ...]
.text           peauth.sys                                                                                                          9E14ACC1 28 Bytes  [1E, 72, 92, 2D, 51, A0, E5, ...]
PAGE            peauth.sys                                                                                                          9E150B9B 72 Bytes  [67, 9B, 91, 8F, EB, 15, 72, ...]
PAGE            peauth.sys                                                                                                          9E150BEC 9 Bytes  [50, A8, 13, 7F, FF, D9, 40, ...]
PAGE            peauth.sys                                                                                                          9E150BFA 97 Bytes  [6F, D6, EF, 85, F8, EF, 5C, ...]
PAGE            ...                                                                                                                 

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory                                              77495360 5 Bytes  JMP 0031000A 
.text           C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtWriteVirtualMemory                                                77495EE0 5 Bytes  JMP 0032000A 
.text           C:\Windows\system32\svchost.exe[1084] ntdll.dll!KiUserExceptionDispatcher                                           77496448 5 Bytes  JMP 0030000A 
.text           C:\Windows\system32\svchost.exe[1084] ole32.dll!CoCreateInstance                                                    76FE57FC 5 Bytes  JMP 0035000A 
.text           C:\Windows\system32\svchost.exe[1084] USER32.dll!GetCursorPos                                                       76ECC198 5 Bytes  JMP 00C0000A 
.text           C:\Windows\Explorer.EXE[2732] ntdll.dll!NtProtectVirtualMemory                                                      77495360 5 Bytes  JMP 0063000A 
.text           C:\Windows\Explorer.EXE[2732] ntdll.dll!NtWriteVirtualMemory                                                        77495EE0 5 Bytes  JMP 016D000A 
.text           C:\Windows\Explorer.EXE[2732] ntdll.dll!KiUserExceptionDispatcher                                                   77496448 5 Bytes  JMP 0062000A 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8BC08042] \SystemRoot\System32\Drivers\spvm.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [8BC086D6] \SystemRoot\System32\Drivers\spvm.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8BC08800] \SystemRoot\System32\Drivers\spvm.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8BC0813E] \SystemRoot\System32\Drivers\spvm.sys
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortNotification]                                          00147880
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortQuerySystemTime]                                       78800C75
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortReadPortUchar]                                         06750015
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortStallExecution]                                        C25DC033
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortWritePortUchar]                                        458B0008
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortWritePortUlong]                                        6A006A08
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    50056A24
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                         005AB7E8
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  0001B800
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortGetParentBusType]                                      C25D0000
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortRequestCallback]                                       CCCC0008
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                 CCCCCCCC
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  CCCCCCCC
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortCompleteRequest]                                       CCCCCCCC
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortCopyMemory]                                            53EC8B55
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortEtwTraceLog]                                           800C5D8B
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                             7500117B
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                127B806A
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  80647500
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  7500137B
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortInitialize]                                            157B805E
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortGetDeviceBase]                                         56587500
IAT             \SystemRoot\System32\Drivers\amu78vb3.SYS[ataport.SYS!AtaPortDeviceStateChange]                                     8008758B

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              8660D1F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                                859411F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    86E331F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                    86E331F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                    86E671F8
Device          \Driver\usbohci \Device\USBPDO-3                                                                                    86E331F8
Device          \Driver\usbohci \Device\USBPDO-4                                                                                    86E331F8
Device          \Driver\usbehci \Device\USBPDO-5                                                                                    86E671F8
Device          \Driver\PCI_PNP9429 \Device\00000056                                                                                spvm.sys
Device          \Driver\usbohci \Device\USBPDO-6                                                                                    86E331F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              859411F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        86CB31F8
Device          \Driver\sptd \Device\3179117430                                                                                     spvm.sys
Device          \Driver\cdrom \Device\CdRom1                                                                                        86CB31F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  859431F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  859431F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  859431F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  859431F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-6                                                                         859431F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{5423A26D-9082-4453-9929-8F29847544D3}                                            86D871F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             86D871F8
Device          \Driver\ACPI_HAL \Device\0000004b                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    86E331F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                    86E331F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                    86E671F8
Device          \Driver\usbohci \Device\USBFDO-3                                                                                    86E331F8
Device          \Driver\usbohci \Device\USBFDO-4                                                                                    86E331F8
Device          \Driver\usbehci \Device\USBFDO-5                                                                                    86E671F8
Device          \Driver\usbohci \Device\USBFDO-6                                                                                    86E331F8
Device          \Driver\amu78vb3 \Device\Scsi\amu78vb31Port4Path0Target0Lun0                                                        86EDD500
Device          \Driver\amu78vb3 \Device\Scsi\amu78vb31                                                                             86EDD500
Device           -> \Driver\atapi \Device\Harddisk0\DR0                                                                             86D9FD01

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xBB 0x62 0xFE 0x83 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x4C 0xB1 0x5C 0xEB ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xDD 0xEB 0xB9 0x8B ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x6D 0xCC 0x76 0xC5 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xBB 0x62 0xFE 0x83 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x4C 0xB1 0x5C 0xEB ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xDD 0xEB 0xB9 0x8B ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x6D 0xCC 0x76 0xC5 ...

---- Files - GMER 1.0.15 ----

File            C:\Windows\system32\drivers\atapi.sys                                                                               suspicious modification

---- EOF - GMER 1.0.15 ----

--- --- ---

Hier der OSAM-LOG

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:25:43 on 04.06.2010

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"awpikmc8" (awpikmc8) - "Microsoft Corporation" - C:\Windows\system32\drivers\awpikmc8.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\Windows\gdrv.sys
"ISO DVD/CD-ROM Device Driver" (ISODrive) - "EZB Systems, Inc." - C:\Program Files\UltraISO\drivers\ISODrive.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{E31004D1-A431-41B8-826F-E902F9D95C81} "Windows DreamScene" - "Microsoft Corporation" - C:\Windows\System32\DreamScene.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Program Files\UltraISO\isoshell.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Magics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATICustomerCare" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe
"BCU" - "DeviceVM, Inc." - "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe
"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
"Dragon Age: Origins - Content Updater" (DAUpdaterSvc) - "BioWare" - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
"ES lite Service for program management." (ES lite Service) - ? - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE  (File found, but it contains no detailed information)
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Users\Magics\DOWNLO~1\matrix3\matrix.scr  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/INDENT]
Heiliger! Diese Anleitung ist echt Filmreif!

Ich als Nerd bin wirklich beeindruckt

Grüße
Magics

cosinus · 04.06.2010, 14:27

Da gibts noch ne Manipulation einer Systemdatei, CF nimmt uns da viel Arbeit ab:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

03.06.2010, 21:28	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	IE-Explorer öffnet sich ungefragt! Hier die Logfile... Gut. Dann probier jetzt mal Logs mit GMER und OSAM zu erstellen. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führt nur OSAM aus. __________________ --> IE-Explorer öffnet sich ungefragt! Hier die Logfile...

IE-Explorer öffnet sich ungefragt! Hier die Logfile...

Log-Analyse und Auswertung: IE-Explorer öffnet sich ungefragt! Hier die Logfile...