Hallo Leute,

[TLR]
diese Nacht um 2:00 ca ist mir ein Missgeschick passiert. Ich habe ein Flashgame im Firefox gestartet und es hat mir wahrscheinlich in der selben Zeit die AV Security Suite gedownloaded & installiert. Allerdings habe ich direkt keine .exe gestartet oder irgendetwas angeklickt. Trotzdem war dann in der Taskleiste rechts unten ein neues Symbol und es kamen die Meldungen. Sofolt habe ich das Internet gekappt und den Laptop neu gestartet (im abgesicherten Modus). Dort habe ich dann alle Dateien in Windows gelöscht, die zum Zeitpunkt der wahrscheinlichen Installation mir suspekt vor kamen (also ich habe nichts gelöscht was ich zum starten brauche oder so). Danach neu gestartet aber es war immer noch da, wie es zu erwarten war. Ich habe deshalb die Anweisungen von dieser Seite
http://www.trojaner-board.de/86690-a...entfernen.html
befolgt. Malware hat 3 Sachen detected, wobei nur 2 von AV Security Suite waren und das 3. war diese eXplorer.exe die ich aus dem Thread herunter geladen habe.

Allerdings habe ich noch eine Frage und zwar wie man sich vor sowas schützen kann. Avira Antivir war eingeschalten. Wahrscheinlich bräuchte ich da noch eine Firewall, oder?
[TLR Ende]


OTLogfiles:
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 7/11/2010 3:35:34 AM - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = H:\
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 41.99 Gb Free Space | 56.35% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 200.03 Gb Free Space | 95.74% Space Free | Partition Type: NTFS
Drive E: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 149.04 Gb Total Space | 80.47 Gb Free Space | 53.99% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 56.09 Gb Free Space | 37.63% Space Free | Partition Type: NTFS
Drive H: | 976.13 Mb Total Space | 966.27 Mb Free Space | 98.99% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
 
Computer Name: JOETHEMIGHT
Current User Name: Joe
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - H:\OTL.exe (OldTimer Tools)
PRC - D:\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - D:\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Users\Joe\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - H:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Ctafiltv) -- C:\Windows\SysNative\drivers\Ctafiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/|hxxp://boersen.manager-magazin.de/spo_mmo/kurse_listen.htm?sektion=dax&u=0&p=0&k=0|hxxp://www.teleboerse.de/boersenkurse/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: d:\Mozilla Firefox\components [2010/06/27 17:58:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: d:\Mozilla Firefox\plugins [2010/06/27 17:58:20 | 000,000,000 | ---D | M]
 
[2010/05/28 16:42:55 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\mozilla\Extensions
[2010/07/11 00:12:26 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\mozilla\Firefox\Profiles\fdjhe7cn.default\extensions
[2010/06/29 13:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\mozilla\Firefox\Profiles\fdjhe7cn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/05/31 20:23:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joe\AppData\Roaming\mozilla\Firefox\Profiles\fdjhe7cn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/21 14:48:41 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Joe\AppData\Roaming\mozilla\Firefox\Profiles\fdjhe7cn.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\system32\AmbRunE.DLL File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CtaMon] C:\Windows\SysWow64\CtaMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [DataCardMonitor] d:\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] D:\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [ICQ] D:\ICQ7.1\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - d:\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - d:\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/25 17:50:52 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ]
O32 - AutoRun File - [2006/09/25 18:01:39 | 004,386,816 | R--- | M] () - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/25 18:01:39 | 000,000,046 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{91e48d72-6cd6-11df-b8b5-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{91e48d72-6cd6-11df-b8b5-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{91e48d76-6cd6-11df-b8b5-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{91e48d76-6cd6-11df-b8b5-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{a672b708-7f5a-11df-a53f-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{a672b708-7f5a-11df-a53f-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{a672b70b-7f5a-11df-a53f-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{a672b70b-7f5a-11df-a53f-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1c31be5-7d47-11df-937a-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{b1c31be5-7d47-11df-937a-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1c31be8-7d47-11df-937a-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{b1c31be8-7d47-11df-937a-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd2cac7b-c3c6-11de-ab2a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bd2cac7b-c3c6-11de-ab2a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006/09/25 18:01:39 | 004,386,816 | R--- | M] ()
O33 - MountPoints2\{dbb479d6-7d58-11df-a88b-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb479d6-7d58-11df-a88b-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{dbb479db-7d58-11df-a88b-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb479db-7d58-11df-a88b-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\Shell - "" = AutoRun
O33 - MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\Shell\directx\command - "" = J:\DirectX9\dxsetup.exe -- File not found
O33 - MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\Shell\setup\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2004/10/22 05:16:58 | 000,118,736 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/11 02:53:46 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Malwarebytes
[2010/07/11 02:53:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/11 02:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/11 02:53:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/11 01:56:32 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\lldvgkybw
[2010/07/09 12:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/07/09 01:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010/07/09 01:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/07/09 00:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/07/08 14:14:30 | 010,059,048 | ---- | C] (Microsoft Corporation) -- C:\Users\Joe\tfrcable_x64.exe
[2010/07/08 14:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/07/08 14:09:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\MigWiz
[2010/07/02 16:29:49 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2010/07/02 16:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010/07/02 16:27:42 | 000,600,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\CHAPO64.dll
[2010/07/02 16:27:42 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\CHAPO32.dll
[2010/07/02 16:27:42 | 000,285,184 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\CHECFX64.dll
[2010/07/02 16:27:42 | 000,235,520 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\CtaCInst.dll
[2010/07/02 16:27:42 | 000,218,624 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\CHECFX32.dll
[2010/07/02 16:27:42 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\CHppld64.dll
[2010/07/02 16:27:42 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\Ctafiltv.sys
[2010/07/02 16:27:33 | 000,042,496 | R--- | C] (Creative Technology Ltd.) -- C:\Windows\AddCat.exe
[2010/07/02 16:27:33 | 000,009,728 | R--- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\CtaMon.dll
[2010/07/02 16:27:33 | 000,008,704 | R--- | C] (Creative Technology Ltd.) -- C:\Windows\CtaDefE.exe
[2010/07/02 16:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/07/01 23:00:04 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\DAEMON Tools Lite
[2010/07/01 23:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/07/01 22:56:47 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\CyberLink
[2010/06/30 22:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/06/30 22:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/06/29 21:48:17 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Rawr
[2010/06/29 19:02:59 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Rawr v2.3.19
[2010/06/28 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Acreon
[2010/06/28 20:55:13 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\._Revolution_
[2010/06/24 08:19:05 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 08:19:05 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/24 08:19:05 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 08:19:05 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/24 08:19:05 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 08:19:05 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/24 08:19:05 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/24 08:19:05 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 09:47:14 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/23 09:47:11 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/23 09:47:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/23 09:47:11 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/23 09:47:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 09:47:11 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 09:47:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/23 09:47:11 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/21 20:59:23 | 000,691,712 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2010/06/21 20:59:23 | 000,132,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2010/06/21 20:59:23 | 000,116,864 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2010/06/21 20:59:23 | 000,116,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbfake.sys
[2010/06/21 20:59:23 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2010/06/21 20:59:19 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bmutil.dll
[2010/06/21 20:59:19 | 000,294,912 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bminstall.dll
[2010/06/21 20:59:19 | 000,126,976 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bmdumpd.bin
[2010/06/21 20:59:19 | 000,022,528 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\drivers\BMLoad.sys
[2010/06/21 20:59:19 | 000,018,816 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\drivers\tcpipBM.sys
[2010/06/21 20:59:19 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sporder.dll
[2010/06/21 14:00:13 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\Recorder
[2010/06/21 14:00:13 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Recorder
[2010/06/21 13:59:08 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/06/21 13:59:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/06/19 18:29:48 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010/06/19 18:29:48 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010/06/19 18:29:46 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010/06/19 18:29:46 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2010/06/19 18:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010/06/19 18:29:28 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/06/19 18:29:28 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2010/06/19 18:29:28 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2010/06/19 18:29:28 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2010/06/19 18:29:28 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2010/06/19 18:29:28 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2010/06/19 18:29:28 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2010/06/19 18:29:28 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2010/06/19 18:29:28 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2010/06/19 18:29:28 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2010/06/19 18:29:27 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2010/06/19 18:29:27 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2010/06/19 18:29:27 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2010/06/19 18:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2010/06/16 17:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/06/16 17:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/06/16 17:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/16 17:55:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/16 17:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/16 17:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/16 17:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/16 17:53:07 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/16 17:35:17 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Microsoft Help
[2010/06/15 04:16:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2010/06/15 04:16:22 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/11 03:32:00 | 000,001,780 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2010/07/11 03:31:39 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010/07/11 03:31:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/11 03:31:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/11 03:31:11 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/11 03:30:42 | 002,359,296 | -HS- | M] () -- C:\Users\Joe\NTUSER.DAT
[2010/07/11 03:22:47 | 000,000,716 | ---- | M] () -- C:\Users\Joe\Desktop\CCleaner.lnk
[2010/07/11 02:53:37 | 000,000,690 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/11 02:48:24 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/11 02:48:24 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010/07/11 02:48:24 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/11 02:48:24 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010/07/11 02:48:24 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/11 02:36:53 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/11 02:36:53 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/11 00:11:29 | 000,000,552 | ---- | M] () -- C:\Users\Joe\Desktop\World of Warcraft.lnk
[2010/07/09 22:07:19 | 000,001,424 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2010/07/09 22:06:53 | 000,484,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/09 15:43:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/09 12:12:20 | 000,132,160 | ---- | M] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/08 17:10:37 | 000,013,687 | ---- | M] () -- C:\Users\Joe\Desktop\Aktien.xlsx
[2010/07/08 14:14:34 | 010,059,048 | ---- | M] (Microsoft Corporation) -- C:\Users\Joe\tfrcable_x64.exe
[2010/07/06 02:58:36 | 000,000,299 | ---- | M] () -- C:\Users\Joe\Documents\Neu1.eqf
[2010/07/04 00:14:59 | 000,082,785 | ---- | M] () -- C:\Users\Joe\Documents\Crytash.xml
[2010/07/02 16:27:46 | 000,000,383 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/07/02 16:27:27 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/07/02 16:27:27 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/07/02 16:27:27 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/07/02 16:27:27 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/07/01 23:00:40 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/06/29 13:28:43 | 000,001,241 | ---- | M] () -- C:\Users\Joe\Desktop\DVDVideoSoft Free Studio.lnk
[2010/06/21 20:59:26 | 000,000,684 | ---- | M] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager.lnk
[2010/06/21 13:59:08 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/06/21 13:59:07 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/06/17 15:37:54 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/06/16 01:37:44 | 000,016,122 | ---- | M] () -- C:\Users\Joe\Documents\Kontoauszug_140958000_Nr.005_vom_31.05.2010_20100616013716.pdf
[2010/06/15 04:16:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2010/06/15 04:16:22 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/07/11 03:22:47 | 000,000,716 | ---- | C] () -- C:\Users\Joe\Desktop\CCleaner.lnk
[2010/07/11 02:53:37 | 000,000,690 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/09 15:43:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/06 02:58:36 | 000,000,299 | ---- | C] () -- C:\Users\Joe\Documents\Neu1.eqf
[2010/07/02 16:30:05 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2010/07/02 16:27:46 | 000,032,487 | R--- | C] () -- C:\Windows\SysNative\xfiCta.ini
[2010/07/02 16:27:33 | 000,008,604 | R--- | C] () -- C:\Windows\CHAPO64.ssc
[2010/07/02 16:27:33 | 000,006,732 | R--- | C] () -- C:\Windows\CHECFX64.ssc
[2010/07/02 16:27:33 | 000,000,504 | R--- | C] () -- C:\Windows\CtaMCcfg.ini
[2010/07/01 23:00:40 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/06/21 20:59:26 | 000,000,684 | ---- | C] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager.lnk
[2010/06/19 18:29:46 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/06/19 18:29:28 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2010/06/19 18:29:28 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2010/06/19 18:29:28 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2010/06/19 18:29:28 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2010/06/19 18:29:27 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2010/06/19 18:29:27 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2010/06/19 18:29:27 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2010/06/19 18:29:27 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2010/06/16 01:37:44 | 000,016,122 | ---- | C] () -- C:\Users\Joe\Documents\Kontoauszug_140958000_Nr.005_vom_31.05.2010_20100616013716.pdf
[2010/05/29 15:05:24 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010/05/29 15:05:24 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010/05/28 14:51:27 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/28 15:43:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/10/28 15:38:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/28 15:38:14 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/08/19 10:33:09 | 000,000,031 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/09/18 09:45:54 | 000,001,515 | R--- | C] () -- C:\Windows\Ctacfg.ini
< End of report >
         

--- --- ---

Extra file:
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 7/11/2010 3:35:34 AM - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = H:\
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 41.99 Gb Free Space | 56.35% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 200.03 Gb Free Space | 95.74% Space Free | Partition Type: NTFS
Drive E: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 149.04 Gb Total Space | 80.47 Gb Free Space | 53.99% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 56.09 Gb Free Space | 37.63% Space Free | Partition Type: NTFS
Drive H: | 976.13 Mb Total Space | 966.27 Mb Free Space | 98.99% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
 
Computer Name: JOETHEMIGHT
Current User Name: Joe
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB 2.0 2.0M UVC WebCam" = USB 2.0 2.0M UVC WebCam
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B3DFF4C8-50BA-463D-8334-4BAFE7172EA6}" = SB Arena Headset
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"ST6UNST #1" = Recorder
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SysInfo" = Creative Systeminformationen
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Warhammer Online - Age of Reckoning_is1" = Warhammer Online - Age of Reckoning
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/21/2010 1:45:46 PM | Computer Name = JoetheMight | Source = RasClient | ID = 20227
Description = 
 
Error - 6/22/2010 4:24:06 AM | Computer Name = JoetheMight | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/23/2010 4:21:06 AM | Computer Name = JoetheMight | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/23/2010 7:09:37 PM | Computer Name = JoetheMight | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.1.10,
 Zeitstempel: 0x4c06fc6d  Name des fehlerhaften Moduls: MSVCP80.dll, Version: 8.0.50727.4927,
 Zeitstempel: 0x4a275370  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000100b5  ID des fehlerhaften
 Prozesses: 0x944  Startzeit der fehlerhaften Anwendung: 0x01cb12a73a61ace9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
Berichtskennung:
 6458937f-7f1c-11df-9f5d-90e6ba947e40
 
Error - 6/24/2010 3:10:29 AM | Computer Name = JoetheMight | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/26/2010 6:24:01 AM | Computer Name = JoetheMight | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/26/2010 7:09:40 PM | Computer Name = JoetheMight | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.1.10,
 Zeitstempel: 0x4c06fc6d  Name des fehlerhaften Moduls: MSVCP80.dll, Version: 8.0.50727.4927,
 Zeitstempel: 0x4a275370  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000100b5  ID des fehlerhaften
 Prozesses: 0xc40  Startzeit der fehlerhaften Anwendung: 0x01cb1545c95daf82  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
Berichtskennung:
 e55bd01a-8177-11df-8f26-90e6ba947e40
 
Error - 6/27/2010 5:11:52 AM | Computer Name = JoetheMight | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/28/2010 7:22:35 AM | Computer Name = JoetheMight | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/28/2010 6:30:24 PM | Computer Name = JoetheMight | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 7/10/2010 8:44:58 PM | Computer Name = JoetheMight | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/10/2010 8:44:58 PM | Computer Name = JoetheMight | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/10/2010 8:44:58 PM | Computer Name = JoetheMight | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/10/2010 8:44:58 PM | Computer Name = JoetheMight | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/10/2010 8:44:58 PM | Computer Name = JoetheMight | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/10/2010 8:47:25 PM | Computer Name = JoetheMight | Source = DCOM | ID = 10005
Description = 
 
Error - 7/10/2010 8:47:25 PM | Computer Name = JoetheMight | Source = DCOM | ID = 10005
Description = 
 
Error - 7/10/2010 8:47:24 PM | Computer Name = JoetheMight | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/10/2010 8:53:42 PM | Computer Name = JoetheMight | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/10/2010 9:22:09 PM | Computer Name = JoetheMight | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

--- --- ---

Hallo und

Zitat:

Allerdings habe ich direkt keine .exe gestartet oder irgendetwas angeklickt.

Dazu reichen Sicherheitslücken in diversen Applikationen, wenn Du als Admin surfst und veraltete Software von Java und AdobeFlash verwendest, sind Infektionen schon fast vorprogrammiert!

Mach bitte einen Vollscan mit Malwarebytes und poste das Log.

Also wie gesagt ich hab Malwarebytes durchlaufen lassen - mehrmals und es wird nichts mehr gefunden. Im Log steht auch nichts mehr

Ich will trotzdem die Logs sehen und zwar alle!

ok

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11.07.2010 03:29:58
mbam-log-2010-07-11 (03-29-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 307801
Laufzeit: 35 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roskfrwk (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Joe\AppData\Local\lldvgkybw\rdetjsktssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\Users\Joe\AppData\Local\Temp\ndOd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\eXplorer.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

Noch mehr Logs oder war es das einzige mit Funden?

War der einzige

3 danach auch nach inet verbindung (ca 38 stunden lang den laptop an mit internet) keine funde

Zitat:

Datenbank Version: 4052

Ok, aber Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4306

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.07.2010 23:28:46
mbam-log-2010-07-12 (23-28-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 230596
Laufzeit: 29 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Wie gesagt ich hab erst AV Security Suite weg gemacht und dann wieder zum Internet verbinden (dachte das wär sicherer).

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\system32\AmbRunE.DLL File not found
O32 - AutoRun File - [2006/09/25 17:50:52 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ]
O32 - AutoRun File - [2006/09/25 18:01:39 | 004,386,816 | R--- | M] () - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/25 18:01:39 | 000,000,046 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{91e48d72-6cd6-11df-b8b5-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{91e48d72-6cd6-11df-b8b5-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{91e48d76-6cd6-11df-b8b5-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{91e48d76-6cd6-11df-b8b5-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{a672b708-7f5a-11df-a53f-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{a672b708-7f5a-11df-a53f-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{a672b70b-7f5a-11df-a53f-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{a672b70b-7f5a-11df-a53f-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1c31be5-7d47-11df-937a-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{b1c31be5-7d47-11df-937a-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1c31be8-7d47-11df-937a-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{b1c31be8-7d47-11df-937a-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd2cac7b-c3c6-11de-ab2a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bd2cac7b-c3c6-11de-ab2a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006/09/25 18:01:39 | 004,386,816 | R--- | M] ()
O33 - MountPoints2\{dbb479d6-7d58-11df-a88b-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb479d6-7d58-11df-a88b-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{dbb479db-7d58-11df-a88b-90e6ba947e40}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb479db-7d58-11df-a88b-90e6ba947e40}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\Shell - "" = AutoRun
O33 - MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\Shell\directx\command - "" = J:\DirectX9\dxsetup.exe -- File not found
O33 - MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\Shell\setup\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2004/10/22 05:16:58 | 000,118,736 | R--- | M] (Macrovision Corporation)
[2010/07/11 03:31:39 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010/07/11 01:56:32 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\lldvgkybw
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joe
->Temp folder emptied: 1490331 bytes
->Temporary Internet Files folder emptied: 8366391 bytes
->Java cache emptied: 10680297 bytes
->FireFox cache emptied: 39709159 bytes
->Flash cache emptied: 45563 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4694016 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1083946 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07132010_124637

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. E:\setup.exe scheduled to be moved on reboot.
C:\Users\Joe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RunDLLEntry not found.
File not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e48d72-6cd6-11df-b8b5-90e6ba947e40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e48d72-6cd6-11df-b8b5-90e6ba947e40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e48d72-6cd6-11df-b8b5-90e6ba947e40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e48d72-6cd6-11df-b8b5-90e6ba947e40}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e48d76-6cd6-11df-b8b5-90e6ba947e40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e48d76-6cd6-11df-b8b5-90e6ba947e40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e48d76-6cd6-11df-b8b5-90e6ba947e40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e48d76-6cd6-11df-b8b5-90e6ba947e40}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a672b708-7f5a-11df-a53f-90e6ba947e40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a672b708-7f5a-11df-a53f-90e6ba947e40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a672b708-7f5a-11df-a53f-90e6ba947e40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a672b708-7f5a-11df-a53f-90e6ba947e40}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a672b70b-7f5a-11df-a53f-90e6ba947e40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a672b70b-7f5a-11df-a53f-90e6ba947e40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a672b70b-7f5a-11df-a53f-90e6ba947e40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a672b70b-7f5a-11df-a53f-90e6ba947e40}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1c31be5-7d47-11df-937a-90e6ba947e40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1c31be5-7d47-11df-937a-90e6ba947e40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1c31be5-7d47-11df-937a-90e6ba947e40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1c31be5-7d47-11df-937a-90e6ba947e40}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1c31be8-7d47-11df-937a-90e6ba947e40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1c31be8-7d47-11df-937a-90e6ba947e40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1c31be8-7d47-11df-937a-90e6ba947e40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1c31be8-7d47-11df-937a-90e6ba947e40}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd2cac7b-c3c6-11de-ab2a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd2cac7b-c3c6-11de-ab2a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd2cac7b-c3c6-11de-ab2a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd2cac7b-c3c6-11de-ab2a-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb479d6-7d58-11df-a88b-90e6ba947e40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb479d6-7d58-11df-a88b-90e6ba947e40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb479d6-7d58-11df-a88b-90e6ba947e40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb479d6-7d58-11df-a88b-90e6ba947e40}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb479db-7d58-11df-a88b-90e6ba947e40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb479db-7d58-11df-a88b-90e6ba947e40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb479db-7d58-11df-a88b-90e6ba947e40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb479db-7d58-11df-a88b-90e6ba947e40}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de640265-8553-11df-8f30-f95893e30d3f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de640265-8553-11df-8f30-f95893e30d3f}\ not found.
File J:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de640265-8553-11df-8f30-f95893e30d3f}\ not found.
File J:\DirectX9\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de640265-8553-11df-8f30-f95893e30d3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de640265-8553-11df-8f30-f95893e30d3f}\ not found.
File J:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
C:\Windows\SysNative\acovcnt.exe moved successfully.
Folder C:\Users\Joe\AppData\Local\lldvgkybw\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joe
->Temp folder emptied: 1490331 bytes
->Temporary Internet Files folder emptied: 8366391 bytes
->Java cache emptied: 10680297 bytes
->FireFox cache emptied: 39709159 bytes
->Flash cache emptied: 45563 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4694016 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1083946 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07132010_124637

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. E:\setup.exe scheduled to be moved on reboot.
C:\Users\Joe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Da Du ein 64-Bit-Windows verwendest, sind wir mit unseren "Standardtools" schon am Ende, denn viele sind mit dem 64-Bit-Win nicht kompatibel. Viel mehr ist aber auch nicht wirklich nötig...

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/13/2010 at 06:35 PM

Application Version : 4.40.1002

Core Rules Database Version : 5190
Trace Rules Database Version: 3002

Scan type : Complete Scan
Total Scan Time : 01:16:30

Memory items scanned : 631
Memory threats detected : 0
Registry items scanned : 14522
Registry threats detected : 0
File items scanned : 189891
File threats detected : 10

Adware.Tracking Cookie
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@ad.yieldmanager[2].txt
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@doubleclick[1].txt
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@serving-sys[1].txt
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@content.yieldmanager[1].txt
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@bs.serving-sys[2].txt
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@content.yieldmanager[3].txt
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@atwola[1].txt
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@atdmt[1].txt
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@tradedoubler[1].txt
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@msnportal.112.2o7[1].txt

Kommt auch der von Malwarebytes noch?