PC hängt sich ständig auf...Trojaner?

FiDoS · 16.09.2010, 17:41

Tach

Seit einigen Tagen hängt sich mein PC ständig auf
die CPU ist dann meistens auf 70-80%
SpyBot SD hat ein paar Trojaner(?) entdeckt zb Cydor oder Zlob Downloader
und viele mehr....

was kann ich dagegen tun?

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:44:12, on 16.09.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\SMART BRO\Modem.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\REINER\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=10148&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D9B53B0-80B3-443D-9986-3C32061298B9}: NameServer = 115.178.58.26 115.178.58.10
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10612 bytes

--- --- ---

FiDoS · 17.09.2010, 08:48

Brauch Hilfe

Chris4You · 17.09.2010, 08:51

Hi,

ist das ein 64-Bit System?

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

Bin aber jetzt dann erst mal wech...

chris

FiDoS · 17.09.2010, 09:08

jap 64

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4634

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.09.2010 09:09:01
mbam-log-2010-09-17 (09-09-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 285003
Laufzeit: 1 Stunde(n), 50 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

----------------------

EXTRA.TXTOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 17.09.2010 14:56:19 - Run 1
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Users\REINER\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,13 Gb Total Space | 245,72 Gb Free Space | 86,18% Space Free | Partition Type: NTFS
Drive D: | 12,76 Gb Total Space | 2,11 Gb Free Space | 16,57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: REINER-PC
Current User Name: REINER
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"TeamViewer 5" = TeamViewer 5
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.2
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.08.2010 13:37:44 | Computer Name = REINER-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 17.08.2010 13:40:10 | Computer Name = REINER-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 17.08.2010 13:40:31 | Computer Name = REINER-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 19.08.2010 06:04:26 | Computer Name = REINER-PC | Source = Application Hang | ID = 1002
Description = Programm Worm Food.exe, Version 5.0.30.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 63c    Startzeit: 
01cb3f85dba84d0a    Endzeit: 2    Anwendungspfad: E:\200 Free Best Flash Game\Worm Food.exe

Berichts-ID:
 24438235-ab79-11df-b323-c80aa93778ce  
 
Error - 19.08.2010 06:06:24 | Computer Name = REINER-PC | Source = Application Hang | ID = 1002
Description = Programm 3D Net Blazer.exe, Version 5.0.30.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 12b8    Startzeit: 01cb3f860f4ad280    Endzeit: 24    Anwendungspfad:
 E:\200 Free Best Flash Game\3D Net Blazer.exe    Berichts-ID: 6aa0c8eb-ab79-11df-b323-c80aa93778ce

 
Error - 19.08.2010 06:06:56 | Computer Name = REINER-PC | Source = Application Hang | ID = 1002
Description = Programm 9 Ball.exe, Version 5.0.30.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7a8    Startzeit: 
01cb3f8633bef1b7    Endzeit: 2    Anwendungspfad: E:\200 Free Best Flash Game\9 Ball.exe

Berichts-ID:
 7e8ec6ac-ab79-11df-b323-c80aa93778ce  
 
Error - 21.08.2010 02:11:23 | Computer Name = REINER-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16434 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: ad4    Startzeit: 01cb40f6fc08a636    Endzeit: 60000    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: bf7e3496-acea-11df-b1a7-c80aa93778ce  
 
Error - 22.08.2010 10:43:08 | Computer Name = REINER-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Symantec Eraser Control driver.  System Error: Das System kann die angegebene Datei
 nicht finden.  .
 
Error - 22.08.2010 10:43:08 | Computer Name = REINER-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Symantec Iron Driver.  System Error: Das System kann die angegebene Datei nicht finden.
.
 
Error - 22.08.2010 10:43:08 | Computer Name = REINER-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 Symantec Vista Network Dispatch Driver.  System Error: Das System kann die angegebene
 Datei nicht finden.  .
 
[ System Events ]
Error - 24.08.2010 08:41:21 | Computer Name = REINER-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 24.08.2010 19:28:13 | Computer Name = REINER-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{0D9B53B0-80B3-443D-9986-3C32061298B9} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 25.08.2010 03:01:48 | Computer Name = REINER-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{0D9B53B0-80B3-443D-9986-3C32061298B9} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 25.08.2010 08:34:48 | Computer Name = REINER-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{0D9B53B0-80B3-443D-9986-3C32061298B9} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 25.08.2010 09:06:30 | Computer Name = REINER-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 25.08.2010 15:25:08 | Computer Name = REINER-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
 bereits 2 Mal passiert.
 
Error - 27.08.2010 11:06:41 | Computer Name = REINER-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 27.08.2010 23:40:20 | Computer Name = REINER-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 29.08.2010 04:24:51 | Computer Name = REINER-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 31.08.2010 10:56:53 | Computer Name = REINER-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
 
< End of report >

--- --- ---
----------------------

OTL.TXTOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.09.2010 14:56:19 - Run 1
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Users\REINER\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,13 Gb Total Space | 245,72 Gb Free Space | 86,18% Space Free | Partition Type: NTFS
Drive D: | 12,76 Gb Total Space | 2,11 Gb Free Space | 16,57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: REINER-PC
Current User Name: REINER
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\REINER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\SMART BRO\Modem.exe (ZTE Corporation)
PRC - C:\Windows\SysWOW64\SupportAppXL\cdrom_mon.exe ()
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\REINER\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (Autorun CDROM Monitor) -- C:\Windows\SysNative\SupportAppXL\cdrom_mon.exe File not found
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Autorun CDROM Monitor) -- C:\Windows\SysWOW64\SupportAppXL\cdrom_mon.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys File not found
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=10148&l=dis
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a66}:2.0.0
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.17 06:56:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.17 06:56:20 | 000,000,000 | ---D | M]
 
[2010.07.31 23:57:45 | 000,000,000 | ---D | M] -- C:\Users\REINER\AppData\Roaming\mozilla\Extensions
[2010.09.16 21:17:18 | 000,000,000 | ---D | M] -- C:\Users\REINER\AppData\Roaming\mozilla\Firefox\Profiles\bvoe8gbk.default\extensions
[2010.08.10 20:12:09 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\REINER\AppData\Roaming\mozilla\Firefox\Profiles\bvoe8gbk.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2010.08.29 16:21:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\REINER\AppData\Roaming\mozilla\Firefox\Profiles\bvoe8gbk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.23 15:43:23 | 000,000,000 | ---D | M] -- C:\Users\REINER\AppData\Roaming\mozilla\Firefox\Profiles\bvoe8gbk.default\extensions\webmaster@keep-tube.com
[2010.08.24 18:59:59 | 000,002,393 | ---- | M] () -- C:\Users\REINER\AppData\Roaming\Mozilla\FireFox\Profiles\bvoe8gbk.default\searchplugins\askcom.xml
[2010.08.02 12:15:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.02 12:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.17 06:56:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.17 06:56:17 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.17 06:56:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.17 06:56:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.17 06:56:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.11 04:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\REINER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{72890cb1-a90f-11df-8447-c80aa93778ce}\Shell - "" = AutoRun
O33 - MountPoints2\{72890cb1-a90f-11df-8447-c80aa93778ce}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.17 14:52:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\REINER\Desktop\OTL.exe
[2010.09.17 07:05:09 | 000,000,000 | ---D | C] -- C:\Users\REINER\AppData\Roaming\Malwarebytes
[2010.09.17 07:04:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.17 07:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.17 07:04:52 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.17 07:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.09.16 22:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.09.16 22:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.09.01 23:30:50 | 000,000,000 | ---D | C] -- C:\Users\REINER\Desktop\Hi
[2010.09.01 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\REINER\AppData\Roaming\WinRAR
[2010.09.01 23:30:39 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.09.01 20:56:59 | 000,000,000 | ---D | C] -- C:\Users\REINER\AppData\Local\ElevatedDiagnostics
[2010.09.01 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010.09.01 00:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010.09.01 00:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.08.29 21:37:16 | 000,000,000 | R-SD | C] -- C:\Users\REINER\Documents\My Stationery
[2010.08.29 16:58:30 | 000,000,000 | ---D | C] -- C:\Users\REINER\AppData\Roaming\TeamViewer
[2010.08.29 16:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010.08.28 21:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010.08.28 10:16:51 | 000,000,000 | ---D | C] -- C:\Users\REINER\Documents\OneNote-Notizbücher
[2010.08.28 01:49:21 | 000,000,000 | ---D | C] -- C:\Users\REINER\AppData\Roaming\dvdcss
[2010.08.28 01:47:35 | 000,000,000 | -H-D | C] -- C:\Users\REINER\Desktop\ANGULIMALA
[2010.08.25 23:09:09 | 000,000,000 | ---D | C] -- C:\Users\REINER\AppData\Local\Diagnostics
[2010.08.25 00:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010.08.24 16:22:12 | 000,000,000 | ---D | C] -- C:\Users\REINER\AppData\Roaming\PhotoFiltre
[2010.08.24 16:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010.08.24 16:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre
[2010.08.22 21:43:48 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.08.22 21:43:46 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.08.22 21:43:46 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.08.22 21:43:46 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.08.22 21:43:45 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.08.22 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\REINER\AppData\Roaming\TuneUp Software
[2010.08.22 21:43:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010
[2010.08.22 21:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.08.22 21:42:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.08.22 21:01:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.17 14:57:55 | 005,767,168 | -HS- | M] () -- C:\Users\REINER\NTUSER.DAT
[2010.09.17 14:53:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\REINER\Desktop\OTL.exe
[2010.09.17 09:54:50 | 000,017,309 | ---- | M] () -- C:\Users\REINER\Desktop\OJJKKL.jpg
[2010.09.17 09:45:39 | 000,073,516 | ---- | M] () -- C:\Users\REINER\Desktop\Perfect072.jpg
[2010.09.17 07:33:11 | 000,198,986 | ---- | M] () -- C:\Users\REINER\Desktop\Foto5435
[2010.09.17 07:04:56 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.17 07:01:54 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.17 07:01:53 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.17 06:59:22 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.17 06:59:22 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.09.17 06:59:22 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.17 06:59:22 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.09.17 06:59:22 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.17 06:54:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.17 06:54:15 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.17 06:05:08 | 004,928,275 | -H-- | M] () -- C:\Users\REINER\AppData\Local\IconCache.db
[2010.09.16 22:04:39 | 000,001,258 | ---- | M] () -- C:\Users\REINER\Desktop\Spybot - Search & Destroy.lnk
[2010.09.15 01:30:51 | 000,007,603 | ---- | M] () -- C:\Users\REINER\AppData\Local\Resmon.ResmonCfg
[2010.09.15 01:10:40 | 000,119,471 | ---- | M] () -- C:\Users\REINER\Desktop\b3070c17dc.jpg
[2010.09.15 00:36:41 | 000,039,214 | ---- | M] () -- C:\Users\REINER\Desktop\Unbenannt.JPG
[2010.09.14 22:33:49 | 000,010,511 | ---- | M] () -- C:\Users\REINER\Desktop\bigeyedbunny.jpg
[2010.09.02 15:00:07 | 005,399,638 | ---- | M] () -- C:\Users\REINER\Desktop\Untitled 1.png
[2010.09.02 02:21:04 | 005,660,840 | ---- | M] () -- C:\Users\REINER\Desktop\Luffy_Gear_Second_by_AsilaydyingJohnyyy.jpg
[2010.09.01 16:10:04 | 002,095,311 | ---- | M] () -- C:\Users\REINER\Desktop\aa45494d56.gif
[2010.09.01 00:27:20 | 000,001,572 | ---- | M] () -- C:\Users\REINER\Desktop\DivX Movies.lnk
[2010.09.01 00:01:24 | 099,433,646 | ---- | M] () -- C:\Users\REINER\Desktop\yyy.wav
[2010.09.01 00:01:15 | 000,000,000 | ---- | M] () -- C:\Users\REINER\Desktop\sfds-backup1.wav
[2010.08.31 23:59:28 | 000,994,380 | ---- | M] () -- C:\Users\REINER\Desktop\sfds.wav
[2010.08.31 22:50:39 | 000,055,533 | ---- | M] () -- C:\Users\REINER\Desktop\sonstige15.jpg
[2010.08.29 23:06:36 | 000,123,349 | ---- | M] () -- C:\Users\REINER\Desktop\Untitled 5.png
[2010.08.29 22:58:15 | 000,097,917 | ---- | M] () -- C:\Users\REINER\Desktop\paedtidt.jpg
[2010.08.29 22:47:50 | 000,126,469 | ---- | M] () -- C:\Users\REINER\Desktop\stock-vector-sanskrit-seamless-vector-wallpaper-based-on-ancient-oriental-manuscript-3591956.jpg
[2010.08.29 21:37:06 | 000,089,484 | ---- | M] () -- C:\Users\REINER\Desktop\l_80a41e8a03d242e999f26b8a1783847c.jpg
[2010.08.29 21:21:27 | 000,168,957 | ---- | M] () -- C:\Users\REINER\Desktop\wheeloflife.jpg
[2010.08.29 16:58:26 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.08.28 10:16:50 | 000,001,352 | ---- | M] () -- C:\Users\REINER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.08.28 01:57:47 | 000,000,004 | ---- | M] () -- C:\Users\REINER\Desktop\vvbcb.ps
[2010.08.27 21:58:34 | 005,234,732 | ---- | M] () -- C:\Users\REINER\Desktop\angulimala.wav
[2010.08.27 18:38:35 | 015,186,988 | ---- | M] () -- C:\Users\REINER\Desktop\TiSarana.wav
[2010.08.27 18:23:07 | 002,106,293 | ---- | M] () -- C:\Users\REINER\Desktop\Unbenannt.wma
[2010.08.26 01:07:04 | 000,039,589 | ---- | M] () -- C:\Users\REINER\Desktop\51C463CDJ1L.jpg
[2010.08.25 07:18:27 | 000,552,753 | ---- | M] () -- C:\Users\REINER\Desktop\A Chinese Ghost Story Theme.wma
[2010.08.25 00:32:41 | 000,000,943 | ---- | M] () -- C:\Users\REINER\Desktop\Audacity.lnk
[2010.08.23 21:42:14 | 367,749,464 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2010.09.17 09:54:48 | 000,017,309 | ---- | C] () -- C:\Users\REINER\Desktop\OJJKKL.jpg
[2010.09.17 09:45:38 | 000,073,516 | ---- | C] () -- C:\Users\REINER\Desktop\Perfect072.jpg
[2010.09.17 09:08:32 | 000,053,901 | ---- | C] () -- C:\Users\REINER\Desktop\nix
[2010.09.17 09:06:38 | 000,065,214 | ---- | C] () -- C:\Users\REINER\Desktop\nix
[2010.09.17 07:32:32 | 000,198,986 | ---- | C] () -- C:\Users\REINER\Desktop\nix
[2010.09.17 07:04:56 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.16 22:04:39 | 000,001,258 | ---- | C] () -- C:\Users\REINER\Desktop\Spybot - Search & Destroy.lnk
[2010.09.15 01:10:39 | 000,119,471 | ---- | C] () -- C:\Users\REINER\Desktop\b3070c17dc.jpg
[2010.09.15 00:36:41 | 000,039,214 | ---- | C] () -- C:\Users\REINER\Desktop\Unbenannt.JPG
[2010.09.14 22:33:47 | 000,010,511 | ---- | C] () -- C:\Users\REINER\Desktop\bigeyedbunny.jpg
[2010.09.02 15:00:01 | 005,399,638 | ---- | C] () -- C:\Users\REINER\Desktop\Untitled 1.png
[2010.09.02 02:20:24 | 005,660,840 | ---- | C] () -- C:\Users\REINER\Desktop\Luffy_Gear_Second_by_AsilaydyingJohnyyy.jpg
[2010.09.01 16:07:32 | 002,095,311 | ---- | C] () -- C:\Users\REINER\Desktop\aa45494d56.gif
[2010.09.01 00:27:20 | 000,001,572 | ---- | C] () -- C:\Users\REINER\Desktop\DivX Movies.lnk
[2010.09.01 00:01:21 | 099,433,646 | ---- | C] () -- C:\Users\REINER\Desktop\yyy.wav
[2010.09.01 00:01:15 | 000,000,000 | ---- | C] () -- C:\Users\REINER\Desktop\sfds-backup1.wav
[2010.08.31 23:59:28 | 000,994,380 | ---- | C] () -- C:\Users\REINER\Desktop\sfds.wav
[2010.08.31 22:50:39 | 000,055,533 | ---- | C] () -- C:\Users\REINER\Desktop\sonstige15.jpg
[2010.08.31 22:36:59 | 000,496,015 | ---- | C] () -- C:\Users\REINER\Desktop\02012008033.jpg
[2010.08.29 23:06:34 | 000,123,349 | ---- | C] () -- C:\Users\REINER\Desktop\Untitled 5.png
[2010.08.29 22:58:14 | 000,097,917 | ---- | C] () -- C:\Users\REINER\Desktop\paedtidt.jpg
[2010.08.29 22:47:50 | 000,126,469 | ---- | C] () -- C:\Users\REINER\Desktop\stock-vector-sanskrit-seamless-vector-wallpaper-based-on-ancient-oriental-manuscript-3591956.jpg
[2010.08.29 21:37:04 | 000,089,484 | ---- | C] () -- C:\Users\REINER\Desktop\l_80a41e8a03d242e999f26b8a1783847c.jpg
[2010.08.29 21:21:27 | 000,168,957 | ---- | C] () -- C:\Users\REINER\Desktop\wheeloflife.jpg
[2010.08.29 16:58:26 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.08.28 10:16:50 | 000,001,352 | ---- | C] () -- C:\Users\REINER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.08.28 01:57:42 | 000,000,004 | ---- | C] () -- C:\Users\REINER\Desktop\vvbcb.ps
[2010.08.27 21:58:33 | 005,234,732 | ---- | C] () -- C:\Users\REINER\Desktop\angulimala.wav
[2010.08.27 19:18:14 | 000,583,108 | ---- | C] () -- C:\Users\REINER\Desktop\01012008030 - Kopie.jpg
[2010.08.27 18:38:35 | 015,186,988 | ---- | C] () -- C:\Users\REINER\Desktop\TiSarana.wav
[2010.08.27 18:23:07 | 002,106,293 | ---- | C] () -- C:\Users\REINER\Desktop\Unbenannt.wma
[2010.08.26 01:07:03 | 000,039,589 | ---- | C] () -- C:\Users\REINER\Desktop\51C463CDJ1L.jpg
[2010.08.25 07:18:27 | 000,552,753 | ---- | C] () -- C:\Users\REINER\Desktop\A Chinese Ghost Story Theme.wma
[2010.08.25 00:32:41 | 000,000,943 | ---- | C] () -- C:\Users\REINER\Desktop\Audacity.lnk
[2010.08.24 14:31:09 | 000,593,172 | ---- | C] () -- C:\Users\REINER\Desktop\01012008031.jpg
[2010.08.24 14:31:09 | 000,583,108 | ---- | C] () -- C:\Users\REINER\Desktop\01012008030.jpg
[2010.08.22 21:01:51 | 367,749,464 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.07 02:56:46 | 000,007,603 | ---- | C] () -- C:\Users\REINER\AppData\Local\Resmon.ResmonCfg
[2010.07.28 02:59:59 | 000,000,000 | ---- | C] () -- C:\Users\REINER\AppData\Local\QSwitch.txt
[2010.07.28 02:59:59 | 000,000,000 | ---- | C] () -- C:\Users\REINER\AppData\Local\DSwitch.txt
[2010.07.28 02:59:59 | 000,000,000 | ---- | C] () -- C:\Users\REINER\AppData\Local\AtStart.txt
[2010.07.28 02:59:57 | 000,000,281 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.11.09 20:02:34 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009.11.09 19:59:29 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009.11.09 19:58:34 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009.11.09 19:58:09 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009.11.05 07:36:53 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.11.05 07:36:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.11.05 07:36:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.11.05 07:36:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.11.05 07:35:40 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009.11.05 07:23:31 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2009.11.05 07:23:31 | 000,000,230 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009.09.29 21:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 06:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 04:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

--- --- ---

Chris4You · 18.09.2010, 19:43

Hi,

deinstalliere Spybot, der führt zu Problemen...

Da fahren einige seltsame Pics auf Deinem Desktop rum:

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen!
(nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Users\REINER\Desktop\OJJKKL.jpg
C:\Windows\explorer.exe
C:\Windows\SysWow64\explorer.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (Autorun CDROM Monitor) -- C:\Windows\SysNative\SupportAppXL\cdrom_mon.exe File not found
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010.08.24 18:59:59 | 000,002,393 | ---- | M] () -- C:\Users\REINER\AppData\Roaming\Mozilla\FireFox\Profiles\bvoe8gbk.default\searchplugins\askcom.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{72890cb1-a90f-11df-8447-c80aa93778ce}\Shell - "" = AutoRun
O33 - MountPoints2\{72890cb1-a90f-11df-8447-c80aa93778ce}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

:Commands
[emptytemp]
[resethosts]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Hast Du einen Realtek USB Card Reader? Dann Treiber neu installieren/updaten...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

FiDoS · 19.09.2010, 06:36

Upload auf Virustotal funktioniert irgendwie nicht..

%systemroot%\_OTL konnte nicht gefunden werden

MRB Check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ61 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 234):
0x02C15000 \SystemRoot\system32\ntoskrnl.exe
0x031F2000 \SystemRoot\system32\hal.dll
0x00BD2000 \SystemRoot\system32\kdcom.dll
0x00C12000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C56000 \SystemRoot\system32\PSHED.dll
0x00C6A000 \SystemRoot\system32\CLFS.SYS
0x00CC8000 \SystemRoot\system32\CI.dll
0x00EFC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E9D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EAA000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00EB3000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00EDD000 \SystemRoot\System32\drivers\partmgr.sys
0x00EF2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FBB000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D88000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD0000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00FD8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FE8000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00FEF000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00FF6000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DE4000 \SystemRoot\System32\drivers\mountmgr.sys
0x01081000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010A7000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x010D0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01100000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01107000 \SystemRoot\system32\DRIVERS\viaide.sys
0x012B3000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x013D1000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01200000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0122A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01247000 \SystemRoot\system32\DRIVERS\storport.sys
0x013DA000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013E5000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x0110F000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x0118A000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01000000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x0102F000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x0140C000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01453000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0145E000 \SystemRoot\system32\DRIVERS\arc.sys
0x01477000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01492000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01519000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x0152A000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01549000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x0155C000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x0157B000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01674000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01718000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01728000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x0184C000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01753000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019F0000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x01800000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01818000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01822000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x017B2000 \SystemRoot\system32\drivers\fltmgr.sys
0x01600000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01614000 \SystemRoot\System32\Drivers\msrpc.sys
0x01BB1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01587000 \SystemRoot\System32\Drivers\cng.sys
0x01BCB000 \SystemRoot\System32\drivers\pcw.sys
0x01BDC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01C58000 \SystemRoot\system32\drivers\ndis.sys
0x01D4A000 \SystemRoot\system32\drivers\NETIO.SYS
0x01DAA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01E03000 \SystemRoot\System32\drivers\tcpip.sys
0x01C00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01C4A000 \SystemRoot\system32\DRIVERS\wd.sys
0x02067000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x020B3000 \SystemRoot\System32\Drivers\spldr.sys
0x020BB000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x020D8000 \SystemRoot\System32\drivers\rdyboost.sys
0x02112000 \SystemRoot\System32\Drivers\mup.sys
0x02124000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0212D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x02167000 \SystemRoot\system32\DRIVERS\disk.sys
0x021B5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x021DF000 \SystemRoot\System32\Drivers\Null.SYS
0x021E8000 \SystemRoot\System32\Drivers\Beep.SYS
0x021EF000 \SystemRoot\System32\drivers\vga.sys
0x02000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02025000 \SystemRoot\System32\drivers\watchdog.sys
0x02035000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0203E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02047000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02050000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01DD5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0104D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01DE6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01BE6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03467000 \SystemRoot\system32\drivers\afd.sys
0x034F1000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x034FB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03540000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03549000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0356F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03585000 \SystemRoot\system32\DRIVERS\netbios.sys
0x035B1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x035CC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03400000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03451000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03594000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0359F000 \SystemRoot\System32\drivers\discache.sys
0x035E0000 \SystemRoot\System32\Drivers\dfsc.sys
0x0106B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0422A000 \SystemRoot\System32\Drivers\aswSP.SYS
0x0424D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04273000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04289000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0508C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05B8B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0428E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05B8D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05BD3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05056000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05067000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0442F000 \SystemRoot\system32\DRIVERS\athrx.sys
0x0459E000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x045AB000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0441E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x045E4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04382000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x045F3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05BE0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x045F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05BEF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x043CB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x046F9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04728000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04743000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04764000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0477E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04780000 \SystemRoot\system32\DRIVERS\ks.sys
0x047C3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04600000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0465A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0466F000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x066FA000 \SystemRoot\system32\DRIVERS\portcls.sys
0x06737000 \SystemRoot\system32\DRIVERS\drmk.sys
0x06759000 \SystemRoot\system32\drivers\ksthunk.sys
0x0675F000 \SystemRoot\system32\drivers\nvhda64v.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x06777000 \SystemRoot\System32\drivers\Dxapi.sys
0x06783000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06791000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0679D000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x067A8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x067BB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06600000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0662E000 \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys
0x0664C000 \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys
0x0666A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06685000 \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys
0x066A3000 \SystemRoot\system32\drivers\modem.sys
0x066B2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x00720000 \SystemRoot\System32\ATMFD.DLL
0x00940000 \SystemRoot\System32\cdd.dll
0x066C0000 \SystemRoot\system32\drivers\luafv.sys
0x067D8000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x067F2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x047D5000 \SystemRoot\system32\drivers\WudfPf.sys
0x066E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0780C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0785F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07872000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0788A000 \SystemRoot\system32\drivers\HTTP.sys
0x07952000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07970000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07988000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07ECD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07F1A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07F3D000 \SystemRoot\system32\drivers\peauth.sys
0x07FE3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07E2D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07E3F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08233000 \SystemRoot\System32\DRIVERS\srv.sys
0x082CB000 \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
0x082D3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x08306000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x08311000 \SystemRoot\system32\drivers\spsys.sys
0x76CF0000 \Windows\System32\ntdll.dll
0x47870000 \Windows\System32\smss.exe
0xFF010000 \Windows\System32\apisetschema.dll
0xFF020000 \Windows\System32\autochk.exe
0xFEED0000 \Windows\System32\rpcrt4.dll
0xFEE00000 \Windows\System32\usp10.dll
0xFED20000 \Windows\System32\oleaut32.dll
0x76EC0000 \Windows\System32\normaliz.dll
0xFED10000 \Windows\System32\nsi.dll
0xFECF0000 \Windows\System32\sechost.dll
0xFEA90000 \Windows\System32\iertutil.dll
0x76EB0000 \Windows\System32\psapi.dll
0xFEA40000 \Windows\System32\ws2_32.dll
0x76BF0000 \Windows\System32\user32.dll
0xFE830000 \Windows\System32\ole32.dll
0xFE7C0000 \Windows\System32\gdi32.dll
0xFE740000 \Windows\System32\difxapi.dll
0xFE630000 \Windows\System32\msctf.dll
0xFE550000 \Windows\System32\advapi32.dll
0xFE4B0000 \Windows\System32\clbcatq.dll
0xFE430000 \Windows\System32\shlwapi.dll
0xFE390000 \Windows\System32\msvcrt.dll
0xFE360000 \Windows\System32\imm32.dll
0xFE1E0000 \Windows\System32\urlmon.dll
0xFE1C0000 \Windows\System32\imagehlp.dll
0xFD430000 \Windows\System32\shell32.dll
0xFD420000 \Windows\System32\lpk.dll
0xFD240000 \Windows\System32\setupapi.dll
0x76AD0000 \Windows\System32\kernel32.dll
0xFD1F0000 \Windows\System32\Wldap32.dll
0xFD150000 \Windows\System32\comdlg32.dll
0xFD020000 \Windows\System32\wininet.dll
0xFCFE0000 \Windows\System32\cfgmgr32.dll
0xFCFA0000 \Windows\System32\wintrust.dll
0xFCE30000 \Windows\System32\crypt32.dll
0xFCD90000 \Windows\System32\comctl32.dll
0xFCD20000 \Windows\System32\KernelBase.dll
0xFCD00000 \Windows\System32\devobj.dll
0xFCCF0000 \Windows\System32\msasn1.dll
0x76EA0000 \Windows\SysWOW64\normaliz.dll

Processes (total 66):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
372 csrss.exe
472 C:\Windows\System32\wininit.exe
484 csrss.exe
520 C:\Windows\System32\services.exe
536 C:\Windows\System32\lsass.exe
544 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\svchost.exe

CureIT Log folgt..

FiDoS · 19.09.2010, 08:13

CureIT:

Gescannt: 18747
Infiziert: 0

Chris4You · 20.09.2010, 07:46

Hi,

das MBR-Log ist nicht vollständig bitte in Code-Boxen posten...

Führe bitte auch das OTL-Script durch, dazu bitte nur den Inhalt der Codebox ind das OTL-Fenster kopieren...

chris

PC hängt sich ständig auf...Trojaner?

Plagegeister aller Art und deren Bekämpfung: PC hängt sich ständig auf...Trojaner?