Firefox öffnet bei Suche mit Google Spamseiten

Etotherik · 15.12.2010, 11:15

Hallo,

ich habe seit neusten ein Problem mit einem Schädling. Immer wenn ich bei Google auf einen Link klicke wird nicht dieses Seite geöffnet sondern irgendeine Seite mit Werbung. Nachdem man dann ca. 3 mal auf den selben Link gedrückt hat wird die Richtige Seite geöffnet.

Habe mich dazu schon einmal über die Suche informiert, doch mir schienen die Angebotenen Lösungen sehr speziell zu geschnitten zu sein.

Ich benutze Win 7 Home Premium mit Comodo Internet Security Premium.

Hier mal ein paar Logs:

OTL:

Code:

ATTFilter

OTL logfile created on: 15.12.2010 10:37:50 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,72 Gb Total Space | 239,16 Gb Free Space | 52,60% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.15 10:36:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.12.13 20:44:01 | 000,121,576 | ---- | M] (dotSyntax, LLC) -- C:\Program Files (x86)\Digsby\lib\digsby-app.exe
PRC - [2010.10.22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.07.27 23:40:54 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010.03.02 15:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2010.02.24 13:59:08 | 000,067,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.15 10:36:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.09.10 22:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009.07.14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
SRV:64bit: - [2010.09.10 22:41:42 | 002,528,856 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010.08.26 13:40:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.04.09 12:37:36 | 001,223,024 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2010.03.25 23:47:34 | 000,168,448 | ---- | M] (Sony of America Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2010.03.08 10:04:04 | 000,822,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010.02.08 09:46:46 | 000,302,448 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService)
SRV:64bit: - [2010.01.20 14:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2010.11.23 15:39:08 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.10.22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.10.19 18:37:57 | 005,250,048 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.09.09 21:40:19 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.08.26 13:45:00 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.26 13:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.07.27 23:40:54 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.04.08 13:27:18 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.03.12 16:15:40 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.02.24 13:59:08 | 000,067,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.11.25 03:49:14 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.11.25 03:49:04 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.09.21 15:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 15:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.10.20 11:51:49 | 000,353,360 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\a2djavs.sys -- (a2djavs)
DRV:64bit: - [2010.10.20 11:51:49 | 000,092,240 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\a2djusb.sys -- (a2djusb_svc)
DRV:64bit: - [2010.09.10 22:40:42 | 000,020,864 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2010.07.27 22:10:03 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.20 11:06:18 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.19 11:03:49 | 000,093,184 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.03.19 11:03:46 | 000,077,312 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.03.18 21:47:39 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.03.18 21:47:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.03.18 21:47:38 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.03.18 21:47:37 | 000,334,888 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.18 21:47:03 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.03.18 10:16:10 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.03.17 21:02:57 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.03.03 23:56:59 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.11 20:19:26 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.11.20 23:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.20 16:02:25 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.10.10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.09.15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.21 16:03:56 | 000,044,560 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a2djavs_x64.sys -- (a2djavs_x64)
DRV:64bit: - [2009.04.21 16:03:53 | 000,249,872 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a2djusb_x64.sys -- (a2djusb_x64)
DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2010.02.24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVED&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 21:35:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 21:35:38 | 000,000,000 | ---D | M]
 
[2010.12.03 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.15 09:58:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0198mpz3.default\extensions
[2010.12.06 11:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0198mpz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.10 21:35:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0198mpz3.default\extensions\vshare@toolbar
[2010.12.03 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t4a4i8fy.default\extensions
[2010.11.22 18:44:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.18 10:01:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: Apoint - hkey= - key= - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.15 10:38:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Viren Entfernung
[2010.12.15 10:36:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.14 19:19:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\immer dieses techno geschranze
[2010.12.13 21:18:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\podcasts & sets
[2010.12.13 15:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.12.13 15:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.12.07 19:50:51 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.07 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.07 18:00:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.07 18:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.07 18:00:26 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.07 18:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.06 21:41:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\set und so
[2010.12.06 12:21:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{09E0C01F-3E52-43FD-9043-3A75BA69A3D0}
[2010.12.04 14:20:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sunbelt Software
[2010.12.04 14:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
[2010.12.04 14:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.12.04 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.12.02 10:12:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fw mapping
[2010.12.01 19:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{013BB0BF-30DA-4354-AD33-636A6EB72DA6}
[2010.12.01 19:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2010.12.01 19:08:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}
[2010.12.01 19:07:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
[2010.12.01 16:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010.12.01 13:39:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Average Quality
[2010.12.01 00:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.01 00:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.11.30 23:39:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Songs needed in HQ
[2010.11.30 23:39:44 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\High Quality
[2010.11.30 20:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2010.11.30 20:16:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Native Instruments
[2010.11.30 20:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2010.11.30 17:39:02 | 000,000,000 | ---D | C] -- C:\Programme\Native Instruments
[2010.11.29 22:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010.11.29 22:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\backups
[2010.11.29 22:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SourceCode
[2010.11.29 22:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\files
[2010.11.29 22:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Docs
[2010.11.25 00:31:12 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\FUSSBALL MANAGER 10 ONLINE
[2010.11.24 16:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.11.24 16:08:11 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\FUSSBALL MANAGER 10
[2010.11.24 15:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA SPORTS
[2010.11.22 18:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2010.11.22 18:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2010.11.22 18:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.15 10:40:18 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010.12.15 10:39:16 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.15 10:39:16 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.15 10:36:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.15 10:19:22 | 002,760,605 | ---- | M] () -- C:\Users\***\Desktop\otl4_htm.zip
[2010.12.15 09:40:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.15 09:40:18 | 3207,114,752 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.14 15:18:33 | 000,004,604 | ---- | M] () -- C:\Users\***\Desktop\Abschlussbericht.xml
[2010.12.10 15:03:59 | 159,383,596 | ---- | M] () -- C:\Users\***\Desktop\yep.wav
[2010.12.10 13:05:18 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.10 13:05:18 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.10 13:05:18 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.10 13:05:18 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.10 13:05:18 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.07 20:02:42 | 000,027,258 | ---- | M] () -- C:\Users\Public\Documents\cc_20101207_200238.reg
[2010.11.30 20:16:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_a2djusb_01009.Wdf
[2010.11.29 22:07:13 | 000,085,888 | ---- | M] () -- C:\Program Files (x86)\Uninstall.exe
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.15 10:19:06 | 002,760,605 | ---- | C] () -- C:\Users\***\Desktop\otl4_htm.zip
[2010.12.14 15:18:33 | 000,004,604 | ---- | C] () -- C:\Users\***\Desktop\Abschlussbericht.xml
[2010.12.10 14:48:56 | 159,383,596 | ---- | C] () -- C:\Users\***\Desktop\yep.wav
[2010.12.07 20:02:40 | 000,027,258 | ---- | C] () -- C:\Users\Public\Documents\cc_20101207_200238.reg
[2010.11.30 20:16:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_a2djusb_01009.Wdf
[2010.11.29 22:07:16 | 000,578,541 | ---- | C] () -- C:\Program Files (x86)\WinSetupFromUSB.log
[2010.11.29 22:07:10 | 000,085,888 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe
[2010.09.24 13:00:12 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.31 10:50:30 | 000,000,241 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.08.31 10:50:30 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.08.31 10:50:12 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.08.31 10:50:12 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.08.08 18:21:23 | 000,000,032 | ---- | C] () -- C:\Users\***\AppData\Local\xobni_installer_updater.log
[2010.08.07 15:32:58 | 000,011,264 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.31 10:11:13 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.27 11:53:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.16 21:57:25 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.23 23:59:54 | 000,514,773 | ---- | C] () -- C:\Program Files (x86)\WinSetupFromUSB_0-1-1.exe
[2008.10.23 23:59:45 | 000,013,326 | ---- | C] () -- C:\Program Files (x86)\ReadMe.txt
[2008.10.22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2010.10.17 20:54:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ableton
[2010.07.27 22:35:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.07.31 10:32:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.07 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.09.28 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FOG Downloader
[2010.09.28 11:54:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2010.10.29 07:39:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.07.27 23:37:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.08.01 13:07:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2010.10.03 21:22:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg
[2010.07.31 10:11:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2010.11.02 14:50:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian
[2010.08.15 17:14:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.10.03 22:11:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VST3 Presets
[2010.11.02 23:27:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2010.10.24 13:00:14 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
 
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
 
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
 
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
 
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
 
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2009.11.20 23:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
 
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
 
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< End of report >

Etotherik · 15.12.2010, 11:17

OTL Extra:

Code:
ATTFilter

OTL Extras logfile created on: 15.12.2010 10:37:50 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,72 Gb Total Space | 239,16 Gb Free Space | 52,60% Space Free | Partition Type: NTFS Computer Name: ERIK-VAIO | User Name: Erik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes "{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23A66953-369C-4d22-A189-C6E403D4A19F}" = Native Instruments Audio 2 DJ "{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit) "{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA57D9DF-BE05-416A-96E4-2BB4884308E7}" = MSI_SPF_x64 "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "Redirection Port Monitor" = RedMon - Redirection Port Monitor "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{119F5471-91A6-47CC-80AB-380845C08E27}" = LevelR "{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen 2.42 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21D1464A-1C54-451E-B780-3ECB3DF8BD4E}" = VAIO Content Monitoring Settings "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22 "{2BDD5DFD-9F1F-4754-8BEB-A780D49E8C73}" = Sony Home Network Library "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{44E0DB64-566D-4126-82E6-206B4D76E902}" = VAIO Original Function Settings "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5 "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{50FF1E1F-F8ED-4B63-AF68-5AB15F23F089}" = VAIO Care "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{641DD10E-47E0-4A1D-B858-EF507F948C50}" = VAIO Hardware Diagnostics "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer "{6D423AE8-0E7D-4703-8EF7-500C5D36FD7F}" = Sony Home Network Library "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.0.0 "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{7D556460-6E5A-4C53-BCDD-7A7EAEBC169A}" = VAIO Entertainment Platform "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84FFB317-A08A-4AEE-95EA-7FBA69A3F924}" = VAIO Entertainment Platform "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite MFC-235C "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3 "{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "ASIO4ALL" = ASIO4ALL "Audacity_is1" = Audacity 1.2.6 "Digsby" = Digsby "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.3.4.1 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "FreePDF_XP" = FreePDF (Remove only) "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "IrfanView" = IrfanView (remove only) "Live 8.1.4" = Live 8.1.4 "Mafia II_is1" = Mafia II "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "mIRC" = mIRC "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Native Instruments Audio 2 DJ" = Native Instruments Audio 2 DJ "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor" = Native Instruments Traktor "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "rgc:audio Triangle II Monophonic Synthesizer_is1" = rgc:audio Triangle II "ShotOnline" = ShotOnline "SopCast" = SopCast 3.2.9 "Steam App 10" = Counter-Strike "Steam App 240" = Counter-Strike: Source "Totalcmd" = Total Commander (Remove or Repair) "TuneUp Utilities" = TuneUp Utilities "VAIO Help and Support" = "VAIO Premium Partners" = VAIO Premium Partners "VAIO screensaver" = VAIO screensaver "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.1.4 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "WinSetupFromUSB" = WinSetupFromUSB ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.11.2010 12:58:51 | Computer Name = Erik-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2028 Error - 30.11.2010 12:58:51 | Computer Name = Erik-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2028 Error - 30.11.2010 14:53:06 | Computer Name = Erik-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 30.11.2010 14:53:06 | Computer Name = Erik-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6857585 Error - 30.11.2010 14:53:06 | Computer Name = Erik-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6857585 Error - 01.12.2010 04:40:10 | Computer Name = Erik-VAIO | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: digsby-app.exe, Version: 1.0.0.0, Zeitstempel: 0x49c25e1d Name des fehlerhaften Moduls: libxml2.dll, Version: 0.0.0.0, Zeitstempel: 0x4c07c98d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0007ad3a ID des fehlerhaften Prozesses: 0xd88 Startzeit der fehlerhaften Anwendung: 0x01cb912d1663ed04 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Digsby\lib\digsby-app.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Digsby\lib\libxml2.dll Berichtskennung: 9b198f06-fd26-11df-ae2d-f07bcbe88348 Error - 01.12.2010 11:18:43 | Computer Name = Erik-VAIO | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: audacity.exe, Version: 0.0.0.0, Zeitstempel: 0x455814e4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel: 0x4ba9b29c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038c19 ID des fehlerhaften Prozesses: 0x524 Startzeit der fehlerhaften Anwendung: 0x01cb916ab929c9e4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Audacity\audacity.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 4820e8a4-fd5e-11df-90d4-f07bcbe88348 Error - 01.12.2010 12:18:16 | Computer Name = Erik-VAIO | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: audacity.exe, Version: 0.0.0.0, Zeitstempel: 0x455814e4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel: 0x4ba9b29c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038c19 ID des fehlerhaften Prozesses: 0x524 Startzeit der fehlerhaften Anwendung: 0x01cb917355cbb515 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Audacity\audacity.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 99fc583b-fd66-11df-90d4-f07bcbe88348 Error - 01.12.2010 12:18:53 | Computer Name = Erik-VAIO | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: audacity.exe, Version: 0.0.0.0, Zeitstempel: 0x455814e4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel: 0x4ba9b29c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038c19 ID des fehlerhaften Prozesses: 0x464 Startzeit der fehlerhaften Anwendung: 0x01cb91736aca01f6 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Audacity\audacity.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: affb9e1f-fd66-11df-90d4-f07bcbe88348 Error - 01.12.2010 12:19:58 | Computer Name = Erik-VAIO | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: audacity.exe, Version: 0.0.0.0, Zeitstempel: 0x455814e4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel: 0x4ba9b29c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038c19 ID des fehlerhaften Prozesses: 0x1770 Startzeit der fehlerhaften Anwendung: 0x01cb917377eeea6c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Audacity\audacity.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d6e917aa-fd66-11df-90d4-f07bcbe88348 [ System Events ] Error - 06.12.2010 06:17:06 | Computer Name = Erik-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 06.12.2010 06:25:35 | Computer Name = Erik-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 06.12.2010 07:17:43 | Computer Name = Erik-VAIO | Source = DCOM | ID = 10010 Description = Error - 06.12.2010 07:21:25 | Computer Name = Erik-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 06.12.2010 11:40:39 | Computer Name = Erik-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 07.12.2010 03:26:38 | Computer Name = Erik-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 07.12.2010 08:15:57 | Computer Name = Erik-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 07.12.2010 13:14:21 | Computer Name = Erik-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 07.12.2010 15:36:09 | Computer Name = Erik-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 08.12.2010 05:44:23 | Computer Name = Erik-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. < End of report >

Etotherik · 15.12.2010, 11:20

Malwarebytes Quickscan

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5317

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.12.2010 11:20:24
mbam-log-2010-12-15 (11-20-24).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156048
Laufzeit: 2 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Etotherik · 15.12.2010, 11:49

Gmer Log:

Code:

ATTFilter

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-15 11:48:03
Windows 6.1.7600  
Running: k2p5g4mo.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011b107a3a4                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d49816                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe88348                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe88348@68ebae3c245f                            0xDC 0x1C 0xA6 0xEE ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe88348@70f395817dea                            0x0D 0x4C 0x73 0xFA ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe88348@002243e3cc38                            0x1D 0x3A 0xCE 0x5F ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x2F 0x8E 0x5E 0x9F ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xC1 0xC3 0x3A 0x0F ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x6D 0x60 0x2F 0x0B ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011b107a3a4 (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d49816 (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe88348 (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe88348@68ebae3c245f                                0xDC 0x1C 0xA6 0xEE ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe88348@70f395817dea                                0x0D 0x4C 0x73 0xFA ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe88348@002243e3cc38                                0x1D 0x3A 0xCE 0x5F ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x2F 0x8E 0x5E 0x9F ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xC1 0xC3 0x3A 0x0F ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x6D 0x60 0x2F 0x0B ...

---- EOF - GMER 1.0.15 ----

Etotherik · 17.12.2010, 13:31

kann mir jemand helfen?

cosinus · 17.12.2010, 15:49

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Etotherik · 17.12.2010, 21:53

Hier das Ergebnis des vollständigen Suchlaufes

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5345

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.12.2010 21:52:13
mbam-log-2010-12-17 (21-52-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 353293
Laufzeit: 54 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 19.12.2010, 15:27

Sieht unauffällig aus. Werden immer noch die Seiten umgelenkt?
Wenn ja, hast du zufällig einen Router, bei dem das Standardpasswort nicht verändert wurde?

Etotherik · 19.12.2010, 17:09

nein hab extra ein anderes password. bin auch der einzige im wlan net unserer wg mit diesem problem.

es öffnen sich auch manchmal einfach neue tabs mit spam seiten. es nervt!

aber extra deswegen den pc neu zumachen wäre äußerst schlecht!

cosinus · 19.12.2010, 17:41

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Etotherik · 20.12.2010, 22:42

Combofix Log

Code:

ATTFilter

ComboFix 10-12-20.01 - Erik 20.12.2010  21:12:30.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4078.2237 [GMT 1:00]
ausgeführt von:: c:\users\Erik\Desktop\cofi.exe
AV: COMODO Antivirus *Disabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SysWow64\ui

.
(((((((((((((((((((((((   Dateien erstellt von 2010-11-20 bis 2010-12-20  ))))))))))))))))))))))))))))))
.

2010-12-20 20:59 . 2010-12-20 20:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-20 16:15 . 2010-12-20 16:15	--------	d--h--w-	c:\programdata\CanonBJ
2010-12-20 16:15 . 2009-07-14 01:40	83968	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
2010-12-19 10:55 . 2010-12-19 10:55	--------	d-----w-	c:\users\Erik\AppData\Roaming\PC-FAX TX
2010-12-17 11:59 . 2010-11-10 05:35	8199504	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3E71186-8082-49F4-A566-F385520C03E1}\mpengine.dll
2010-12-13 14:52 . 2010-12-13 14:52	--------	d-----w-	c:\program files (x86)\ESET
2010-12-13 14:37 . 2010-12-13 14:39	--------	d-----w-	c:\program files (x86)\trend micro
2010-12-07 18:50 . 2010-12-07 18:50	--------	d-----w-	c:\program files\CCleaner
2010-12-07 17:00 . 2010-12-07 17:00	--------	d-----w-	c:\users\Erik\AppData\Roaming\Malwarebytes
2010-12-07 17:00 . 2010-11-29 16:42	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-07 17:00 . 2010-12-07 17:00	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-07 17:00 . 2010-12-07 17:00	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-07 17:00 . 2010-11-29 16:42	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-06 11:21 . 2010-12-06 11:21	--------	dc-h--w-	c:\programdata\{09E0C01F-3E52-43FD-9043-3A75BA69A3D0}
2010-12-04 13:20 . 2010-12-04 13:20	--------	d-----w-	c:\users\Erik\AppData\Local\Sunbelt Software
2010-12-04 13:13 . 2010-12-06 10:21	--------	dc----w-	c:\programdata\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2010-12-04 13:13 . 2010-12-04 13:22	--------	d-----w-	c:\programdata\Lavasoft
2010-12-04 13:13 . 2010-12-04 13:13	--------	d-----w-	c:\program files (x86)\Lavasoft
2010-12-01 18:08 . 2010-12-01 18:08	--------	dc-h--w-	c:\programdata\{013BB0BF-30DA-4354-AD33-636A6EB72DA6}
2010-12-01 18:08 . 2010-12-01 18:08	--------	d-----w-	c:\program files (x86)\Common Files\Native Instruments
2010-12-01 18:08 . 2010-12-01 18:08	--------	dc-h--w-	c:\programdata\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}
2010-12-01 18:07 . 2010-12-01 18:07	--------	dc-h--w-	c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
2010-12-01 15:16 . 2010-12-01 15:16	--------	d-----w-	c:\program files (x86)\Audacity
2010-11-30 23:26 . 2010-12-07 18:59	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-11-30 23:26 . 2010-11-30 23:26	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2010-11-30 19:16 . 2010-11-30 19:16	--------	d-----w-	c:\programdata\Native Instruments
2010-11-30 19:16 . 2010-12-01 18:08	--------	d-----w-	c:\program files\Common Files\Native Instruments
2010-11-30 19:05 . 2010-12-01 17:47	--------	d-----w-	c:\program files (x86)\Native Instruments
2010-11-30 16:39 . 2010-12-06 11:21	--------	d-----w-	c:\program files\Native Instruments
2010-11-29 21:28 . 2010-11-30 12:08	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2010-11-29 21:15 . 2010-11-29 22:22	--------	d-----w-	c:\program files (x86)\backups
2010-11-29 21:07 . 2010-11-29 21:07	--------	d-----w-	c:\program files (x86)\SourceCode
2010-11-29 21:07 . 2010-11-29 21:07	85888	----a-w-	c:\program files (x86)\Uninstall.exe
2010-11-29 21:07 . 2010-11-29 21:07	--------	d-----w-	c:\program files (x86)\files
2010-11-29 21:07 . 2010-11-29 21:07	--------	d-----w-	c:\program files (x86)\Docs
2010-11-24 15:49 . 2010-11-25 07:29	--------	d-----w-	c:\programdata\Electronic Arts
2010-11-24 15:09 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2010-11-24 14:43 . 2010-11-24 14:43	--------	d-----w-	c:\program files (x86)\EA SPORTS
2010-11-22 17:44 . 2010-12-07 19:32	--------	d-----w-	c:\program files (x86)\pdfforge Toolbar
2010-11-22 17:44 . 2010-11-22 17:44	--------	d-----w-	c:\program files (x86)\Application Updater
2010-11-22 17:44 . 2010-11-22 17:44	--------	d-----w-	c:\program files (x86)\Common Files\Spigot

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 10:51 . 2010-10-20 10:51	92240	----a-w-	c:\windows\system32\drivers\a2djusb.sys
2010-10-20 10:51 . 2010-10-20 10:51	353360	----a-w-	c:\windows\system32\drivers\a2djavs.sys
2010-10-19 09:41 . 2010-07-30 11:14	270720	------w-	c:\windows\system32\MpSigStub.exe
2010-09-24 12:00 . 2010-09-24 12:00	952	--sha-w-	c:\programdata\KGyGaAvL.sys
2008-10-23 23:20 . 2008-10-23 22:59	514773	----a-w-	c:\program files (x86)\WinSetupFromUSB_0-1-1.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BrMfcWnd"=c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3"=c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
"FreePDF Assistant"=c:\program files (x86)\FreePDF_XP\fpassist.exe
"SHTtray.exe"=c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R3 a2djavs;Audio 2 DJ WDM Audio;c:\windows\system32\Drivers\a2djavs.sys [2010-10-20 353360]
R3 a2djavs_x64;a2djavs_x64;c:\windows\system32\Drivers\a2djavs_x64.sys [2009-04-21 44560]
R3 a2djusb_svc;Audio 2 DJ;c:\windows\system32\Drivers\a2djusb.sys [2010-10-20 92240]
R3 a2djusb_x64;a2djusb_x64;c:\windows\system32\Drivers\a2djusb_x64.sys [2009-04-21 249872]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-18 334888]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-18 39464]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-03-03 158720]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]
R3 SampleCollector;Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2010-03-25 168448]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 1223024]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-27 834544]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2010-09-10 20864]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-09-10 249496]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-09-10 33208]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-03-19 93184]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-03-19 77312]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-08-26 1403200]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-03-08 822784]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-03-18 86120]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-02-11 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-10-20 393216]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10060320]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 8892360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/home
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\0198mpz3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Apoint - %ProgramFiles%\Apoint\Apoint.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2480485352-2265328641-4172169212-1001\Software\SecuROM\License information*]
"datasecu"=hex:04,f4,12,c6,7c,f4,61,b5,3b,9e,7f,cd,50,36,cd,4e,ee,42,29,99,66,
   c8,ed,55,cd,94,21,3c,6f,d3,b1,05,ae,4d,b6,77,58,0b,59,84,06,ba,2b,8e,cf,e2,\
"rkeysecu"=hex:7e,69,d5,74,a1,f1,a7,fe,40,97,6f,c2,ea,fc,53,16

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-12-20  22:32:12
ComboFix-quarantined-files.txt  2010-12-20 21:32

Vor Suchlauf: 14 Verzeichnis(se), 257.446.096.896 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 257.193.590.784 Bytes frei

- - End Of File - - 8AB1279C4BDB06C5DF0AB2A262F582F8

cosinus · 21.12.2010, 09:34

Zitat:

FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

Von Personal-Firewall-Geschichten kann ich nur abraten...deinstallieren und Windows-Firewall ggf. mit DSL-Router verwenden ist effektiver - weniger ist mehr.

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Etotherik · 21.12.2010, 12:50

ok danke für den tipp! und als free antivir prog? kann ich da weiterhin comodo benutzen oder lieber anti vir?

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		 (build 7600), 64-bit
Base Board Manufacturer:	Sony Corporation
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		Sony Corporation
System Product Name:		VPCF12C5E
Logical Drives Mask:		0x00000034

Kernel Drivers (total 202):
  0x0341A000 \SystemRoot\system32\ntoskrnl.exe
  0x039F6000 \SystemRoot\system32\hal.dll
  0x00BAD000 \SystemRoot\system32\kdcom.dll
  0x00C12000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00C56000 \SystemRoot\system32\PSHED.dll
  0x00C6A000 \SystemRoot\system32\CLFS.SYS
  0x00CC8000 \SystemRoot\system32\CI.dll
  0x00E2B000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00ECF000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x01097000 \SystemRoot\System32\Drivers\spzl.sys
  0x011BD000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x011C6000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x01000000 \SystemRoot\system32\drivers\ACPI.sys
  0x01057000 \SystemRoot\system32\drivers\msisadrv.sys
  0x01061000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00EDE000 \SystemRoot\system32\drivers\pci.sys
  0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
  0x01083000 \SystemRoot\system32\drivers\compbatt.sys
  0x00F11000 \SystemRoot\system32\drivers\BATTC.SYS
  0x00F1D000 \SystemRoot\system32\drivers\volmgr.sys
  0x00F32000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00F8E000 \SystemRoot\System32\drivers\mountmgr.sys
  0x012A1000 \SystemRoot\system32\drivers\iaStor.sys
  0x014A9000 \SystemRoot\system32\drivers\atapi.sys
  0x014B2000 \SystemRoot\system32\drivers\ataport.SYS
  0x014DC000 \SystemRoot\system32\drivers\amdxata.sys
  0x014E7000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01533000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01547000 \SystemRoot\System32\Drivers\PxHlpa64.sys
  0x01608000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01553000 \SystemRoot\System32\Drivers\msrpc.sys
  0x017AB000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01200000 \SystemRoot\System32\Drivers\cng.sys
  0x017C5000 \SystemRoot\System32\drivers\pcw.sys
  0x017D6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01867000 \SystemRoot\system32\drivers\ndis.sys
  0x01959000 \SystemRoot\system32\drivers\NETIO.SYS
  0x019B9000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
  0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x015B1000 \SystemRoot\system32\drivers\volsnap.sys
  0x0184A000 \SystemRoot\System32\Drivers\spldr.sys
  0x00FA8000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01852000 \SystemRoot\System32\Drivers\mup.sys
  0x019E4000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x00D88000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x017E0000 \SystemRoot\system32\drivers\disk.sys
  0x00DC2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x04512000 \SystemRoot\System32\DRIVERS\cmderd.sys
  0x0451B000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x04545000 \SystemRoot\System32\DRIVERS\cmdguard.sys
  0x04587000 \SystemRoot\System32\Drivers\Null.SYS
  0x04590000 \SystemRoot\System32\Drivers\Beep.SYS
  0x04597000 \SystemRoot\System32\drivers\vga.sys
  0x045A5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x045CA000 \SystemRoot\System32\drivers\watchdog.sys
  0x045DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x045E3000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x045EC000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x045F5000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x04200000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x04211000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x0422F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0423C000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
  0x04247000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x02E60000 \SystemRoot\system32\drivers\afd.sys
  0x02EEA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x02EF3000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x02F19000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x02F2F000 \SystemRoot\system32\DRIVERS\inspect.sys
  0x02F47000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x02F56000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x02F71000 \SystemRoot\system32\drivers\termdd.sys
  0x02F85000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x02FD6000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x02FE2000 \SystemRoot\system32\drivers\mssmbios.sys
  0x02FED000 \SystemRoot\System32\drivers\discache.sys
  0x02E00000 \SystemRoot\System32\Drivers\dfsc.sys
  0x02E1E000 \SystemRoot\system32\drivers\blbdrive.sys
  0x02E2F000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x04A36000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x0555D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x0463D000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x04731000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04777000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x0479B000 \SystemRoot\system32\drivers\usbehci.sys
  0x0555F000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x05898000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
  0x05F45000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x05F52000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x05F72000 \SystemRoot\system32\drivers\rimssne64.sys
  0x05F92000 \SystemRoot\system32\drivers\1394ohci.sys
  0x05FD0000 \SystemRoot\system32\drivers\risdsne64.sys
  0x05800000 \SystemRoot\system32\DRIVERS\yk62x64.sys
  0x05864000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x05882000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x047AC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x05FE9000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x05FF8000 \SystemRoot\system32\drivers\SFEP.sys
  0x04600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x055B5000 \SystemRoot\System32\Drivers\auulkwpg.SYS
  0x0460D000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x04616000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x05FFB000 \SystemRoot\system32\drivers\CmBatt.sys
  0x0462C000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x04A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x0428C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x04A16000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x042B0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x01273000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x00E00000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x00FE2000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x05891000 \SystemRoot\system32\drivers\swenum.sys
  0x0622C000 \SystemRoot\system32\drivers\ks.sys
  0x0626F000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x06281000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x062DB000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x062F0000 \SystemRoot\system32\drivers\nvhda64v.sys
  0x06309000 \SystemRoot\system32\drivers\portcls.sys
  0x06346000 \SystemRoot\system32\drivers\drmk.sys
  0x06368000 \SystemRoot\system32\drivers\ksthunk.sys
  0x07C7F000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x07EA8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x07EC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x07EC7000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x07EF5000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
  0x000D0000 \SystemRoot\System32\win32k.sys
  0x07C00000 \SystemRoot\System32\drivers\Dxapi.sys
  0x07C24000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x07C32000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x07C4B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x07C54000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x07C61000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x042DF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x06200000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x021A2000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00530000 \SystemRoot\System32\TSDDD.dll
  0x00740000 \SystemRoot\System32\cdd.dll
  0x021B0000 \SystemRoot\system32\drivers\luafv.sys
  0x021D3000 \SystemRoot\system32\drivers\WudfPf.sys
  0x06213000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x072EF000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x07342000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x07355000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x07200000 \SystemRoot\system32\drivers\HTTP.sys
  0x072C8000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x0736D000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x07385000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x073B2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x044E7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x0820D000 \SystemRoot\System32\Drivers\adfs.SYS
  0x08225000 \SystemRoot\system32\drivers\peauth.sys
  0x082CB000 \??\C:\Windows\system32\drivers\regi.sys
  0x082D3000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x082DE000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x0830B000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x0831D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x08327000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x09421000 \SystemRoot\System32\DRIVERS\srv.sys
  0x094B7000 \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
  0x09530000 \SystemRoot\System32\Drivers\a2djusb.sys
  0x0954B000 \SystemRoot\System32\Drivers\a2djavs.sys
  0x77540000 \Windows\System32\ntdll.dll
  0x478A0000 \Windows\System32\smss.exe
  0xFF860000 \Windows\System32\apisetschema.dll
  0xFF3E0000 \Windows\System32\autochk.exe
  0xFF7D0000 \Windows\System32\shlwapi.dll
  0xFF6F0000 \Windows\System32\advapi32.dll
  0xFF610000 \Windows\System32\oleaut32.dll
  0xFF570000 \Windows\System32\comdlg32.dll
  0xFF390000 \Windows\System32\setupapi.dll
  0xFF210000 \Windows\System32\urlmon.dll
  0xFF170000 \Windows\System32\msvcrt.dll
  0xFF140000 \Windows\System32\imm32.dll
  0x77710000 \Windows\System32\psapi.dll
  0xFF120000 \Windows\System32\sechost.dll
  0xFF050000 \Windows\System32\usp10.dll
  0xFF040000 \Windows\System32\lpk.dll
  0xFEFF0000 \Windows\System32\ws2_32.dll
  0xFEFD0000 \Windows\System32\imagehlp.dll
  0x77700000 \Windows\System32\normaliz.dll
  0xFEF50000 \Windows\System32\difxapi.dll
  0xFED40000 \Windows\System32\ole32.dll
  0x77440000 \Windows\System32\user32.dll
  0xFECA0000 \Windows\System32\clbcatq.dll
  0xFEC50000 \Windows\System32\Wldap32.dll
  0xFEC40000 \Windows\System32\nsi.dll
  0xFDEB0000 \Windows\System32\shell32.dll
  0xFDD80000 \Windows\System32\wininet.dll
  0xFDC70000 \Windows\System32\msctf.dll
  0x77320000 \Windows\System32\kernel32.dll
  0xFDA10000 \Windows\System32\iertutil.dll
  0xFD8E0000 \Windows\System32\rpcrt4.dll
  0xFD870000 \Windows\System32\gdi32.dll
  0xFD7D0000 \Windows\System32\comctl32.dll
  0xFD660000 \Windows\System32\crypt32.dll
  0xFD5F0000 \Windows\System32\KernelBase.dll
  0xFD5B0000 \Windows\System32\wintrust.dll
  0xFD590000 \Windows\System32\devobj.dll
  0xFD550000 \Windows\System32\cfgmgr32.dll
  0xFD540000 \Windows\System32\msasn1.dll
  0x75CD0000 \Windows\SysWOW64\normaliz.dll

Processes (total 81):
       0 System Idle Process
       4 System
     392 C:\Windows\System32\smss.exe
     572 csrss.exe
     656 C:\Windows\System32\wininit.exe
     672 csrss.exe
     732 C:\Windows\System32\services.exe
     748 C:\Windows\System32\lsass.exe
     756 C:\Windows\System32\lsm.exe
     904 C:\Windows\System32\svchost.exe
     976 C:\Windows\System32\nvvsvc.exe
     144 C:\Windows\System32\svchost.exe
     588 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
     768 C:\Windows\System32\winlogon.exe
     900 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\svchost.exe
    1340 C:\Windows\System32\svchost.exe
    1572 C:\Windows\System32\nvvsvc.exe
    1676 C:\Windows\System32\wlanext.exe
    1692 C:\Windows\System32\conhost.exe
    1792 C:\Windows\System32\spoolsv.exe
    1848 C:\Windows\System32\svchost.exe
    1956 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1996 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    2024 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1088 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    1292 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    1520 C:\Windows\System32\svchost.exe
    1916 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    1808 C:\Windows\SysWOW64\PnkBstrA.exe
    2088 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    2128 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2172 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    2216 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    2412 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
    2476 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    2512 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    2596 C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    2672 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2748 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    2784 unsecapp.exe
    2812 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2928 WmiPrvSE.exe
    2972 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    2564 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
    3128 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    3212 dllhost.exe
    3780 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    3884 C:\Windows\System32\svchost.exe
    4064 C:\Windows\System32\svchost.exe
    4744 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    4828 C:\Windows\System32\svchost.exe
    4900 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2644 C:\Windows\System32\taskhost.exe
    3232 C:\Windows\System32\taskeng.exe
     896 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
    4052 C:\Windows\System32\dwm.exe
    4628 C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    1160 C:\Windows\explorer.exe
    4716 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    5020 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    4176 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
     944 C:\Program Files\Windows Sidebar\sidebar.exe
    1040 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    2044 C:\Windows\System32\audiodg.exe
    3140 C:\Windows\SysWOW64\rundll32.exe
    2620 WmiPrvSE.exe
    2496 C:\Windows\System32\svchost.exe
    5248 dllhost.exe
    5504 C:\Program Files (x86)\Digsby\lib\digsby-app.exe
    5536 C:\Program Files (x86)\Skype\Phone\Skype.exe
    5824 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    1084 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    4588 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    1800 dllhost.exe
    5356 dllhost.exe
    5684 C:\Users\****\Desktop\MBRCheck.exe
    5548 C:\Windows\System32\conhost.exe
    2948 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c2800000  (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0002SDM2

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   MBR Code Faked!
            SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus · 21.12.2010, 12:57

Zitat:

und als free antivir prog? kann ich da weiterhin comodo benutzen oder lieber anti vir?

Du kannst auch das kostenlose Security Essentials von MS nehmen, das ist genauso gut wie jeder andere Virenscanner aber nervt nicht so penetrant mit Popups!

Zitat:

465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966

Noch andere betriebsssteme drauf oder nur Win7?

Etotherik · 21.12.2010, 15:22

nur win7 64 bit home premium

19.12.2010, 15:27	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox öffnet bei Suche mit Google Spamseiten Sieht unauffällig aus. Werden immer noch die Seiten umgelenkt? Wenn ja, hast du zufällig einen Router, bei dem das Standardpasswort nicht verändert wurde? __________________ Logfiles bitte immer in CODE-Tags posten

Firefox öffnet bei Suche mit Google Spamseiten

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet bei Suche mit Google Spamseiten