TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)

1mannlan · 07.11.2010, 12:41

Hey,
ich habe mir wohl mal wieder einen Virus eingefangen. Woher er stammt weiß ich leider nicht, würde mich aber mal interessieren. Hab schon einen Thread mit dem gleichen Virus gefunden soweit ich weiß sind aber diese Entfernungs logs immer nur für einen Pc deshalb poste ich hier lieber nochmal.
Hijackthis log:
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:08, on 07.11.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Games\World_of_Tanks_closed_Beta\WoT.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Wolfgang\Desktop\HiJackThis204.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HKLM] C:\Users\Wolfgang\AppData\Roaming\Winbooterr\Svchost.exe
O4 - HKCU\..\Run: [HKCU] C:\Users\Wolfgang\AppData\Roaming\Winbooterr\Svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Users\Wolfgang\AppData\Roaming\Winbooterr\Svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Users\Wolfgang\AppData\Roaming\Winbooterr\Svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Vlc Albumcover refresh.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Wolfgang\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7651 bytes

--- --- ---

OTL Logs:

Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.11.2010 12:35:59 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\*NAME*\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 711,04 Gb Free Space | 76,34% Space Free | Partition Type: NTFS
 
Computer Name: ZOCKBUDE | User Name: *NAME* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0916-000001000000}" = 7-Zip 9.16 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Unlocker" = Unlocker 1.9.0-x64
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3143 Banner Remover 1.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks Closed Beta v.0.5.4.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 2.0.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.46a
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Pamela" = Pamela Pro 4.6
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 12900" = Audiosurf
"Steam App 4000" = Garry's Mod
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VisiPics_is1" = VisiPics V1.30
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.11.2010 07:58:54 | Computer Name = Zockbude | Source = VSS | ID = 8194
Description = 
 
Error - 01.11.2010 15:52:11 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.8.2985, 
Zeitstempel: 0x4c3b43ea  Name des fehlerhaften Moduls: ml_bookmarks.dll, Version: 
0.0.0.0, Zeitstempel: 0x4c3b43f6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000125a
ID
 des fehlerhaften Prozesses: 0x974  Startzeit der fehlerhaften Anwendung: 0x01cb79fe3c4cf54d
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll  Berichtskennung: 
83b094e1-e5f1-11df-810e-1c6f6540b871
 
Error - 02.11.2010 15:57:55 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WoT.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c653acd  Name des fehlerhaften Moduls: WoT.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c653acd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002afeff  ID des fehlerhaften Prozesses:
 0xbf0  Startzeit der fehlerhaften Anwendung: 0x01cb7ac75afa62df  Pfad der fehlerhaften
 Anwendung: C:\Games\World_of_Tanks_closed_Beta\WoT.exe  Pfad des fehlerhaften Moduls:
 C:\Games\World_of_Tanks_closed_Beta\WoT.exe  Berichtskennung: 7b84f52e-e6bb-11df-a1dc-1c6f6540b871
 
Error - 05.11.2010 20:54:58 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aebab8d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b802  Ausnahmecode: 0xc0000006  Fehleroffset: 0x0000000000056ceb
ID
 des fehlerhaften Prozesses: 0x938  Startzeit der fehlerhaften Anwendung: 0x01cb7cebaccdf463
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7a167ca4-e940-11df-9914-1c6f6540b871
 
Error - 05.11.2010 20:54:59 | Computer Name = Zockbude | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\winsta.dll"
 zugegriffen werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
 mit der gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern,
 oder der Datenträger fehlt.  Das Programm Windows-Explorer wurde wegen dieses Fehlers
 geschlossen.    Programm: Windows-Explorer  Datei: C:\Windows\System32\winsta.dll    Der 
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen
 Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem, das 
selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie 
weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk befindet,
   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht
 und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese sich auf
 einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen
 Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen und
 reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im
 Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C000009C  Datenträgertyp: 3
 
Error - 07.11.2010 06:25:14 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x240d7bde  ID des fehlerhaften
 Prozesses: 0x8ec  Startzeit der fehlerhaften Anwendung: 0x01cb7e660d079a9b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4e7f56eb-ea59-11df-8e5b-1c6f6540b871
 
Error - 07.11.2010 06:25:14 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x240d7bde  ID des fehlerhaften
 Prozesses: 0xbd0  Startzeit der fehlerhaften Anwendung: 0x01cb7e660d079a9b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4e7fa50b-ea59-11df-8e5b-1c6f6540b871
 
Error - 07.11.2010 06:25:14 | Computer Name = Zockbude | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3951,
 Zeitstempel: 0x4cc7ae16  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24077bde  ID des fehlerhaften
 Prozesses: 0x9f4  Startzeit der fehlerhaften Anwendung: 0x01cb7e660d079a9b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4e7f7dfb-ea59-11df-8e5b-1c6f6540b871
 
Error - 07.11.2010 06:55:39 | Computer Name = Zockbude | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Program
 Files (x86)\Internet Explorer\ielowutil.exe.   [IN_PAGE_ERROR Exception!! EIP = 0x10399b0]

 Bitte Avira informieren und die obige Datei übersenden!
 
Error - 07.11.2010 06:56:11 | Computer Name = Zockbude | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Windows\SysWOW64\getmac.exe.

 [IN_PAGE_ERROR Exception!! EIP = 0x10399b0]   Bitte Avira informieren und die obige
 Datei übersenden!
 
[ System Events ]
Error - 07.11.2010 06:33:48 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 07.11.2010 06:33:55 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 07.11.2010 06:33:56 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 07.11.2010 06:44:13 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 07.11.2010 06:44:36 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 07.11.2010 06:44:46 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 07.11.2010 06:55:39 | Computer Name = Zockbude | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 07.11.2010 06:56:11 | Computer Name = Zockbude | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 07.11.2010 07:00:51 | Computer Name = Zockbude | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 07.11.2010 07:00:53 | Computer Name = Zockbude | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira AntiVir Guard" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
 durchgeführt: Neustart des Diensts.
 
 
< End of report >

--- --- ---

OTL:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.11.2010 12:35:59 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\*NAME*\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 711,04 Gb Free Space | 76,34% Space Free | Partition Type: NTFS
 
Computer Name: ZOCKBUDE | User Name: *NAME* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*NAME*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Games\World_of_Tanks_closed_Beta\WoT.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*NAME*\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation)
DRV:64bit: - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation)
DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1039unic.sys (MCCI Corporation)
DRV:64bit: - (s1039obex) -- C:\Windows\SysNative\drivers\s1039obex.sys (MCCI Corporation)
DRV:64bit: - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1039nd5.sys (MCCI Corporation)
DRV:64bit: - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1039mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1039mdm) -- C:\Windows\SysNative\drivers\s1039mdm.sys (MCCI Corporation)
DRV:64bit: - (s1039mdfl) -- C:\Windows\SysNative\drivers\s1039mdfl.sys (MCCI Corporation)
DRV:64bit: - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\SysNative\drivers\s1039bus.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 F8 6A EE 87 56 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.11.06 18:38:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.29 14:18:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.06 18:38:18 | 000,000,000 | ---D | M]
 
[2010.09.17 18:00:56 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\mozilla\Extensions
[2010.11.06 18:40:44 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\mozilla\Firefox\Profiles\l3o1xypa.default\extensions
[2010.10.13 20:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*NAME*\AppData\Roaming\mozilla\Firefox\Profiles\l3o1xypa.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.04 18:09:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*NAME*\AppData\Roaming\mozilla\Firefox\Profiles\l3o1xypa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.01 10:40:32 | 000,000,000 | ---D | M] (OpenDownload) -- C:\Users\*NAME*\AppData\Roaming\mozilla\Firefox\Profiles\l3o1xypa.default\extensions\{F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}
[2010.11.06 18:40:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.17 14:14:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.18 18:07:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.20 17:43:16 | 000,000,998 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HKLM] C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O4 - HKCU..\Run: [HKCU] C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O4 - Startup: C:\Users\*NAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vlc Albumcover refresh.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*NAME*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*NAME*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{970e14cc-d90e-11df-93c9-1c6f6540b871}\Shell - "" = AutoRun
O33 - MountPoints2\{970e14cc-d90e-11df-93c9-1c6f6540b871}\Shell\AutoRun\command - "" = E:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.07 12:34:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*NAME*\Desktop\OTL.exe
[2010.11.07 11:54:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\*NAME*\Desktop\HiJackThis204.exe
[2010.11.07 11:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.11.07 11:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.11.07 11:45:07 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Roaming\Avira
[2010.11.07 11:33:25 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.11.07 11:33:25 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.07 11:33:25 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.11.07 11:33:25 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.11.07 11:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.11.07 11:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.11.06 18:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.11.06 17:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.11.06 17:56:34 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Adobe Flash Builder 4
[2010.11.06 17:55:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010.11.06 17:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010.11.06 17:51:28 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010.11.06 17:51:28 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010.11.06 17:51:28 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010.11.06 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010.11.06 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010.11.06 17:50:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.11.06 17:50:08 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.11.06 17:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.11.06 13:15:51 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Documents\200538011517-Dateien
[2010.11.05 21:12:45 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Documents\ICQ
[2010.11.05 14:26:16 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Desktop\Videos0001
[2010.11.01 21:13:24 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Desktop\Trance Collection 4
[2010.11.01 17:50:47 | 000,000,000 | ---D | C] -- C:\Screens
[2010.10.31 20:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisiPics
[2010.10.31 13:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More
[2010.10.31 13:31:35 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010.10.30 14:34:45 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Local\PunkBuster
[2010.10.29 15:13:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
[2010.10.29 14:30:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2010.10.27 04:49:59 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 04:49:59 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 04:49:59 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 04:49:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 04:49:59 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 04:49:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 04:49:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 04:49:54 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.10.26 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Local\Google
[2010.10.26 18:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.10.25 21:01:20 | 000,161,280 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdm.sys
[2010.10.25 21:01:20 | 000,127,488 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscebus.sys
[2010.10.25 21:01:20 | 000,018,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscemdfl.sys
[2010.10.25 21:01:20 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewhnt.sys
[2010.10.25 21:01:20 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscewh.sys
[2010.10.25 21:01:20 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecmnt.sys
[2010.10.25 21:01:20 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscecm.sys
[2010.10.25 21:01:01 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2010.10.25 21:01:01 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2010.10.25 21:01:01 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2010.10.25 21:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.10.25 21:00:49 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Roaming\Samsung
[2010.10.25 21:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.10.25 21:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2010.10.25 21:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2010.10.25 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2010.10.20 17:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover
[2010.10.18 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.10.18 18:07:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.10.18 18:07:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.10.18 18:07:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.10.18 05:01:32 | 000,036,864 | ---- | C] (TOSHIBA/MEI) -- C:\Windows\SysWow64\SDDEVMGR.dll
[2010.10.18 05:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2010.10.17 14:15:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.10.17 14:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.10.17 14:14:12 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.10.17 14:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.10.17 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Local\WindowsUpdate
[2010.10.16 15:07:58 | 000,161,904 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039mdm.sys
[2010.10.16 15:07:58 | 000,158,320 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039unic.sys
[2010.10.16 15:07:58 | 000,141,424 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039mgmt.sys
[2010.10.16 15:07:58 | 000,137,328 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039obex.sys
[2010.10.16 15:07:58 | 000,127,600 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039bus.sys
[2010.10.16 15:07:58 | 000,034,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039nd5.sys
[2010.10.16 15:07:58 | 000,019,568 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039mdfl.sys
[2010.10.16 15:07:58 | 000,015,984 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039whnt.sys
[2010.10.16 15:07:58 | 000,015,984 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039wh.sys
[2010.10.16 15:07:58 | 000,015,472 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039cmnt.sys
[2010.10.16 15:07:58 | 000,015,472 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039cm.sys
[2010.10.16 15:07:58 | 000,014,960 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039cr.sys
[2010.10.16 12:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010.10.16 12:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010.10.16 12:52:03 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Roaming\Winamp
[2010.10.16 12:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010.10.14 15:52:58 | 000,000,000 | ---D | C] -- C:\Allods 2
[2010.10.13 23:53:13 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.13 23:53:13 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.13 23:53:13 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.13 23:53:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.13 23:53:12 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.13 23:53:11 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.13 23:53:11 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.13 23:53:11 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.13 23:53:09 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.13 23:53:06 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.13 23:53:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.13 23:53:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.13 23:53:06 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.13 23:53:06 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.13 23:53:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.13 23:53:06 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.13 23:53:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.13 23:53:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.13 23:53:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.13 23:53:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.13 23:53:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.13 23:53:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.13 23:53:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.13 23:53:05 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.13 23:53:04 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.13 23:53:04 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.13 23:53:04 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.10.13 23:52:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.13 21:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity
[2010.10.13 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\Links
[2010.10.13 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\*NAME*\AppData\Roaming\Mp3tag
[2010.10.13 20:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2010.10.13 18:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.10.13 18:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.07 12:34:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*NAME*\Desktop\OTL.exe
[2010.11.07 12:33:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.07 11:54:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\*NAME*\Desktop\HiJackThis204.exe
[2010.11.07 11:33:22 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.07 11:33:22 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.07 11:30:34 | 001,641,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.07 11:30:34 | 000,707,246 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.07 11:30:34 | 000,660,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.07 11:30:34 | 000,152,838 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.07 11:30:34 | 000,125,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.07 11:25:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.07 11:24:30 | 004,857,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.07 11:24:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.07 11:24:10 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.06 18:04:50 | 374,310,976 | ---- | M] () -- C:\Users\*NAME*\Desktop\bada_SDK_1.1.0b1.exe
[2010.11.06 17:38:06 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI
[2010.11.06 13:15:54 | 000,105,748 | ---- | M] () -- C:\Users\*NAME*\Documents\200538011517.htm
[2010.11.01 10:29:18 | 000,146,467 | ---- | M] () -- C:\Users\*NAME*\Documents\kdk_0824.jpg
[2010.10.30 14:57:08 | 000,202,024 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.29 14:30:50 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.10.29 14:30:50 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.29 13:55:48 | 000,264,893 | ---- | M] () -- C:\Users\*NAME*\Documents\z0r-de_765.swf
[2010.10.25 21:06:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2010.10.23 15:27:41 | 009,609,966 | ---- | M] () -- C:\Users\*NAME*\Documents\rec_venqvenq3_28_May_2010_22_43_50.mp3
[2010.10.23 15:27:41 | 001,747,374 | ---- | M] () -- C:\Users\*NAME*\Documents\rec_venqvenq3_28_May_2010_22_33_56.mp3
[2010.10.23 15:27:41 | 000,826,734 | ---- | M] () -- C:\Users\*NAME*\Documents\rec_venqvenq3_28_May_2010_22_28_22.mp3
[2010.10.23 15:27:41 | 000,487,758 | ---- | M] () -- C:\Users\*NAME*\Documents\rec_venqvenq3_28_May_2010_22_31_52.mp3
[2010.10.20 17:43:16 | 000,000,998 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.10.13 20:51:49 | 000,286,720 | ---- | M] () -- C:\Users\*NAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vlc Albumcover refresh.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.06 18:02:14 | 374,310,976 | ---- | C] () -- C:\Users\*NAME*\Desktop\bada_SDK_1.1.0b1.exe
[2010.11.06 13:15:51 | 000,105,748 | ---- | C] () -- C:\Users\*NAME*\Documents\200538011517.htm
[2010.11.01 10:29:17 | 000,146,467 | ---- | C] () -- C:\Users\*NAME*\Documents\kdk_0824.jpg
[2010.10.29 14:30:52 | 000,202,024 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.29 14:30:50 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.10.29 14:30:50 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.29 13:55:48 | 000,264,893 | ---- | C] () -- C:\Users\*NAME*\Documents\z0r-de_765.swf
[2010.10.26 18:28:52 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.26 18:28:51 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.25 21:06:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2010.10.13 20:45:16 | 000,286,720 | ---- | C] () -- C:\Users\*NAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vlc Albumcover refresh.exe
[2010.09.26 10:38:06 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2010.09.17 19:56:08 | 001,617,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.17 18:54:02 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.09.17 18:52:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.09.15 09:41:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.15 09:41:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.15 09:41:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.15 09:41:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.11.06 11:22:53 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Audacity
[2010.09.19 15:17:21 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.05 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\FileZilla
[2010.11.07 11:27:03 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\ICQ
[2010.10.13 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Mp3tag
[2010.09.21 16:29:09 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Pamela
[2010.09.20 20:56:48 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Publish Providers
[2010.10.25 21:00:49 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Samsung
[2010.09.20 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Sony
[2010.09.23 06:08:47 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Subversion
[2010.09.20 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\Ulead Systems
[2010.09.17 18:58:56 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\W
[2010.09.17 18:58:20 | 000,000,000 | ---D | M] -- C:\Users\*NAME*\AppData\Roaming\wargaming.net
[2005.10.17 04:08:11 | 000,000,000 | RHSD | M] -- C:\Users\*NAME*\AppData\Roaming\Winbooterr
[2009.07.14 06:08:49 | 000,026,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

(Bei "vlc albumcover refresh" handelt es sich übrigens um keinen Virus, ist ein Programm von mir, nur das keiner denk es wäre was

)
Hoffe ihr könnt mir helfen.

cosinus · 08.11.2010, 00:00

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

1mannlan · 08.11.2010, 16:18

Hier die Volle Scanlog:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5070

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.11.2010 16:57:02
mbam-log-2010-11-08 (16-57-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 481738
Laufzeit: 36 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{l053t83x-bq87-74sj-mynk-3p7l54gke4ol} (Generic.Bot.H) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.SpyNet.M) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet.M) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.SpyNet.M) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet.M) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\*NAME*\AppData\Roaming\Winbooterr (Backdoor.SpyNet.M) -> No action taken.
C:\Windows\System32\Winbooterr (Trojan.Backdoor) -> No action taken.

Infizierte Dateien:
C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe (Generic.Bot.H) -> No action taken.
C:\Users\*NAME*\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\*NAME*\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.

cosinus · 09.11.2010, 01:00

Ältere Logs von früheren Scans mit Malwarebytes gibt es nicht, d.h. Du hast Malwarebytes jetzt zum ersten Mal ausgeführt?

1mannlan · 09.11.2010, 06:52

Auf diesem Rechner ja, wieso?

cosinus · 10.11.2010, 07:19

Weil einige hier schon ältere Logs, die aber auch alle wichtig sind, einfache verschwiegen/weggelassen haben...deswegen frag ich meist sicherheitshalber nach.

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [HKLM] C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O4 - HKCU..\Run: [HKCU] C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{970e14cc-d90e-11df-93c9-1c6f6540b871}\Shell - "" = AutoRun
O33 - MountPoints2\{970e14cc-d90e-11df-93c9-1c6f6540b871}\Shell\AutoRun\command - "" = E:\Startme.exe -- File not found
[2010.10.29 15:13:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
[2010.10.29 14:30:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
:Files
[2005.10.17 04:08:11 | 000,000,000 | RHSD | M] -- C:\Users\*NAME*\AppData\Roaming\Winbooterr
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

1mannlan · 10.11.2010, 16:18

Scheint geklappt zu haben, ich lass jetzt nochmal Malwarebytes scannen.

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM not found.
File C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU not found.
File C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies not found.
File C:\Users\*NAME*\AppData\Roaming\Winbooterr\Svchost.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{970e14cc-d90e-11df-93c9-1c6f6540b871}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{970e14cc-d90e-11df-93c9-1c6f6540b871}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{970e14cc-d90e-11df-93c9-1c6f6540b871}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{970e14cc-d90e-11df-93c9-1c6f6540b871}\ not found.
File E:\Startme.exe not found.
C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE} folder moved successfully.
C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8} folder moved successfully.
========== FILES ==========
File\Folder [2005.10.17 04:08:11 | 000,000,000 | RHSD | M] -- C:\Users\*NAME*\AppData\Roaming\Winbooterr not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: *NAME*
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1237227 bytes
->FireFox cache emptied: 47524646 bytes
->Flash cache emptied: 7956 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11102010_161447

Files\Folders moved on Reboot...
C:\Users\*NAME*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\*NAME*\AppData\Local\Mozilla\Firefox\Profiles\l3o1xypa.default\Cache\_CACHE_001_ moved successfully.
C:\Users\*NAME*\AppData\Local\Mozilla\Firefox\Profiles\l3o1xypa.default\Cache\_CACHE_002_ moved successfully.
C:\Users\*NAME*\AppData\Local\Mozilla\Firefox\Profiles\l3o1xypa.default\Cache\_CACHE_003_ moved successfully.
C:\Users\*NAME*\AppData\Local\Mozilla\Firefox\Profiles\l3o1xypa.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\*NAME*\AppData\Local\Mozilla\Firefox\Profiles\l3o1xypa.default\urlclassifier3.sqlite moved successfully.
C:\Users\*NAME*\AppData\Local\Mozilla\Firefox\Profiles\l3o1xypa.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Wie ist das eigentlich, ist Malwarebytes auch in der lage sowas zu löschen? Avira u. co bringens ja nicht fertig.

cosinus · 10.11.2010, 17:25

Du hast das *NAME* im Script auch zurückeditiert in den richtigen Namen?

1mannlan · 10.11.2010, 23:06

Ja, scheint aber nach erneutem Scan mit Malwarebytes alles weg zu sein.

cosinus · 10.11.2010, 23:19

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

1mannlan · 11.11.2010, 06:47

Hier die log:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-870A-UD3
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 191):
0x03014000 \SystemRoot\system32\ntoskrnl.exe
0x035F0000 \SystemRoot\system32\hal.dll
0x00B96000 \SystemRoot\system32\kdcom.dll
0x00C03000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C10000 \SystemRoot\system32\PSHED.dll
0x00C24000 \SystemRoot\system32\CLFS.SYS
0x00C82000 \SystemRoot\system32\CI.dll
0x00D42000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DE6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ED1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F28000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F31000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F3B000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F6E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F7B000 \SystemRoot\System32\drivers\partmgr.sys
0x00F90000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E63000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E8D000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E96000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00EC0000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00FA5000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys
0x010B0000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01256000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010BC000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0111A000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014E3000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01601000 \SystemRoot\System32\drivers\tcpip.sys
0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0118D000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x014D5000 \SystemRoot\System32\Drivers\spldr.sys
0x015D5000 \SystemRoot\SysWOW64\speedfan.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x015DC000 \SystemRoot\System32\Drivers\mup.sys
0x015EE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0103A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01235000 \SystemRoot\system32\DRIVERS\disk.sys
0x0180A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0183A000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01878000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018A2000 \SystemRoot\System32\Drivers\Null.SYS
0x018AB000 \SystemRoot\System32\Drivers\Beep.SYS
0x018B2000 \SystemRoot\System32\drivers\vga.sys
0x018C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x018E5000 \SystemRoot\System32\drivers\watchdog.sys
0x018F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x018FE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01907000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01910000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0191B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0192C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0194A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01957000 \SystemRoot\system32\drivers\afd.sys
0x02CB7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CFC000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02D07000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D10000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D36000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D45000 \SystemRoot\system32\DRIVERS\serial.sys
0x02D62000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D7D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02D91000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DE2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02DEE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C00000 \SystemRoot\System32\drivers\discache.sys
0x02C0F000 \SystemRoot\System32\Drivers\dfsc.sys
0x02C2D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02C3E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02C60000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02C86000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x02C9B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x13E68000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x14AFA000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x14AFC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x13E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x01074000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x13E46000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x040AE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04104000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x04111000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04122000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04160000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04192000 \SystemRoot\system32\DRIVERS\fdc.sys
0x0419F000 \SystemRoot\system32\DRIVERS\serenum.sys
0x041AB000 \SystemRoot\system32\DRIVERS\parport.sys
0x041C8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x041D8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04024000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04030000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0405F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0407A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x019E1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0409B000 \SystemRoot\system32\DRIVERS\appliand.sys
0x041EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x13E51000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x041FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04486000 \SystemRoot\system32\DRIVERS\ks.sys
0x044C9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x044DB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04535000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0454A000 \SystemRoot\system32\drivers\nvhda64v.sys
0x0456D000 \SystemRoot\system32\drivers\portcls.sys
0x045AA000 \SystemRoot\system32\drivers\drmk.sys
0x045CC000 \SystemRoot\system32\drivers\ksthunk.sys
0x056A5000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05901000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0591E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00010000 \SystemRoot\System32\win32k.sys
0x05920000 \SystemRoot\System32\drivers\Dxapi.sys
0x0592C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0593A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05953000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0595C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0596A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05977000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05985000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05991000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0599A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x059AD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x00900000 \SystemRoot\System32\ATMFD.DLL
0x059BB000 \SystemRoot\system32\drivers\luafv.sys
0x059DE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x05600000 \SystemRoot\system32\drivers\WudfPf.sys
0x05621000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05636000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x052B8000 \SystemRoot\system32\drivers\HTTP.sys
0x05380000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0539E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x053B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0524E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05CD4000 \SystemRoot\system32\drivers\peauth.sys
0x05D7A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05D85000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05DB2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05E86000 \SystemRoot\System32\DRIVERS\srv.sys
0x05F1C000 \SystemRoot\System32\drivers\dgderdrv.sys
0x05F26000 \SystemRoot\system32\drivers\spsys.sys
0x05F97000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77290000 \Windows\System32\ntdll.dll
0x478E0000 \Windows\System32\smss.exe
0xFF5B0000 \Windows\System32\apisetschema.dll
0xFFD80000 \Windows\System32\autochk.exe
0xFF4C0000 \Windows\System32\oleaut32.dll
0xFF470000 \Windows\System32\Wldap32.dll
0xFF3D0000 \Windows\System32\comdlg32.dll
0x77170000 \Windows\System32\kernel32.dll
0xFF350000 \Windows\System32\shlwapi.dll
0xFF0F0000 \Windows\System32\iertutil.dll
0xFEF70000 \Windows\System32\urlmon.dll
0x77070000 \Windows\System32\user32.dll
0xFEEF0000 \Windows\System32\difxapi.dll
0xFEEC0000 \Windows\System32\imm32.dll
0xFEDE0000 \Windows\System32\advapi32.dll
0xFE050000 \Windows\System32\shell32.dll
0xFDFE0000 \Windows\System32\gdi32.dll
0xFDEB0000 \Windows\System32\rpcrt4.dll
0xFDCD0000 \Windows\System32\setupapi.dll
0xFDC80000 \Windows\System32\ws2_32.dll
0xFDC70000 \Windows\System32\nsi.dll
0xFDBD0000 \Windows\System32\msvcrt.dll
0xFDBB0000 \Windows\System32\sechost.dll
0xFDB10000 \Windows\System32\clbcatq.dll
0xFD900000 \Windows\System32\ole32.dll
0x77460000 \Windows\System32\psapi.dll
0xFD8F0000 \Windows\System32\lpk.dll
0xFD820000 \Windows\System32\usp10.dll
0xFD710000 \Windows\System32\msctf.dll
0xFD6F0000 \Windows\System32\imagehlp.dll
0xFD5C0000 \Windows\System32\wininet.dll
0x77450000 \Windows\System32\normaliz.dll
0xFD580000 \Windows\System32\wintrust.dll
0xFD560000 \Windows\System32\devobj.dll
0xFD4C0000 \Windows\System32\comctl32.dll
0xFD450000 \Windows\System32\KernelBase.dll
0xFD410000 \Windows\System32\cfgmgr32.dll
0xFD2A0000 \Windows\System32\crypt32.dll
0xFD290000 \Windows\System32\msasn1.dll
0x75CB0000 \Windows\SysWOW64\normaliz.dll

Processes (total 54):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
444 csrss.exe
500 C:\Windows\System32\wininit.exe
532 csrss.exe
564 C:\Windows\System32\services.exe
596 C:\Windows\System32\winlogon.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\nvvsvc.exe
880 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
132 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\audiodg.exe
864 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\spoolsv.exe
1244 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1308 C:\Windows\System32\nvvsvc.exe
1344 C:\Windows\System32\svchost.exe
1464 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1496 C:\Windows\System32\dgdersvc.exe
1524 C:\Windows\System32\svchost.exe
1572 C:\Windows\SysWOW64\PnkBstrA.exe
1604 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1692 C:\Windows\System32\svchost.exe
1156 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1376 C:\Windows\System32\conhost.exe
2068 C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
2088 C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
2444 C:\Windows\System32\taskeng.exe
2508 C:\Windows\System32\dwm.exe
2544 C:\Windows\explorer.exe
2564 C:\Windows\System32\taskhost.exe
2840 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2868 C:\Users\*NAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vlc Albumcover refresh.exe
2968 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2796 C:\Windows\System32\SearchIndexer.exe
1804 C:\Program Files\Windows Media Player\wmpnetwk.exe
2384 WmiPrvSE.exe
3052 C:\Windows\System32\SearchProtocolHost.exe
2644 C:\Windows\System32\SearchFilterHost.exe
3124 C:\Windows\System32\svchost.exe
1736 C:\Windows\System32\sppsvc.exe
3568 C:\Windows\System32\svchost.exe
876 taskhost.exe
1328 WmiPrvSE.exe
4064 C:\Users\*NAME*\Desktop\MBRCheck.exe
3996 C:\Windows\System32\conhost.exe
3752 C:\Windows\System32\dllhost.exe
3908 C:\Windows\servicing\TrustedInstaller.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

cosinus · 11.11.2010, 07:52

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

08.11.2010, 00:00	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) - Standard$ TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) Hallo und Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! __________________ __________________

09.11.2010, 01:00	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) - Standard$ TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) Ältere Logs von früheren Scans mit Malwarebytes gibt es nicht, d.h. Du hast Malwarebytes jetzt zum ersten Mal ausgeführt? __________________ Logfiles bitte immer in CODE-Tags posten

10.11.2010, 17:25	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) - Standard$ TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) Du hast das NAME im Script auch zurückeditiert in den richtigen Namen? __________________ Logfiles bitte immer in CODE-Tags posten

11.11.2010, 07:52	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) - Standard$ TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)

Log-Analyse und Auswertung: TR/Stuby.438272 (AppData\Roaming\Winbooterr\Svchost.exe)