MSN hat selbstständig E-Mails an Kontakte versendet.

iLLuu · 12.03.2011, 18:10

Guten Tag liebes Forum,

Wie mein Registrierdatum schon verrät, bin ich neu hier...
Hoffe, dass mir trotzdem jemand helfen wird

.

Als ich heute MSN gestartet habe, hatte ich 35 neue E-Mails von postmaster@mail.hotmail.com

Habe alle gelöscht weil Spam, dann hab ich gesehen, dass mein E-Mail Konto mir und all mein Kontakten Spammails geschickt hat.

Hab sofort mein Passwort geändert, da dies in einem ähnlichen Thread genannt wurde & ja eh nicht schaden kann.

Malwarebytes-Anti-Malware habe ich mir schon runtergeladen und lass gerade den kompletten Scan durchlaufen. Den Log würd ich posten, wenn's fertig ist, falls danach verlangt wird. Allerdings glaub ich, dass das noch rund nen Tag dauern kann, bis er komplett durchgelaufen ist.

Hat jemand sonst noch Tipps, die ich befolgen könnte?
Freue mich über jede Hilfe

Grüße

cosinus · 14.03.2011, 10:53

Hi,

ist Malwarebytes schon durch? Bitte alle Logs davon posten.

iLLuu · 14.03.2011, 14:17

Ja, mit dem dritten Anlauf hat's geklappt.

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6034

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.03.2011 22:44:28
mbam-log-2011-03-12 (22-44-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 419575
Laufzeit: 6 Stunde(n), 1 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\****\downloads\cryptload_1.1.8\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.

cosinus · 14.03.2011, 14:22

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

iLLuu · 14.03.2011, 14:23

Nein, das war das einzige Logfile, was angezeigt wird.

cosinus · 14.03.2011, 14:43

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

iLLuu · 14.03.2011, 15:19

Code:

ATTFilter

OTL logfile created on: 14.03.2011 14:50:37 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\****\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 23,98 Gb Free Space | 5,15% Space Free | Partition Type: NTFS
Drive D: | 632,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: **** | User Name: ****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 3D CD C6 6E C7 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.04 20:47:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.25 20:34:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.12 04:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.12 04:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.03.19 15:27:05 | 000,000,000 | ---D | M]
 
[2010.03.19 15:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.05.01 12:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\e8ij470b.default\extensions
[2011.03.12 04:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions
[2010.05.02 13:59:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.02 12:45:35 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.01.26 23:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.01.26 23:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2010.01.26 23:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.05.02 12:45:32 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\DTToolbar@toolbarnet.com
[2011.02.24 02:22:52 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\ffxtlbr@Facemoods.com
[2010.05.02 12:45:34 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\illimitux@illimitux.net
[2010.01.26 23:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\nasanightlaunch@example.com
[2010.05.02 12:45:34 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\hp71311m.default\extensions\NPDyyno@dyyno.com
[2010.10.08 18:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.06.05 22:46:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.08 18:57:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.03.19 15:27:20 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.04.04 20:47:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.12 04:35:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.12 04:35:06 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.02.24 02:22:53 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2011.03.12 04:35:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.12 04:35:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.12 04:35:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\****\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{adfe0579-52bb-11df-aa26-002215fd2eaf}\Shell - "" = AutoRun
O33 - MountPoints2\{adfe0579-52bb-11df-aa26-002215fd2eaf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Autorun.exe
O33 - MountPoints2\{da7fa554-26fb-11e0-8a78-002215fd2eaf}\Shell - "" = AutoRun
O33 - MountPoints2\{da7fa554-26fb-11e0-8a78-002215fd2eaf}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fa9b03ed-e101-11df-b956-002215fd2eaf}\Shell - "" = AutoRun
O33 - MountPoints2\{fa9b03ed-e101-11df-b956-002215fd2eaf}\Shell\AutoRun\command - "" = F:\noautorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.14 14:45:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.03.12 16:41:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.03.12 16:40:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.03.12 16:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.12 16:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.12 16:40:54 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.03.12 16:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.03.09 20:40:46 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.09 20:40:46 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.09 20:40:46 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.09 20:40:46 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.09 20:40:41 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 20:40:41 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 20:40:41 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 20:40:41 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 20:40:41 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 20:40:41 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 20:40:41 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 20:40:41 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.09 20:40:39 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.09 20:40:39 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.09 20:40:39 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.09 20:40:39 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.09 04:54:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\.minecraft
[2011.03.09 04:26:38 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Minecraft Enhanced 256 v1.3_01 + mods
[2011.03.08 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Bukkit Minecraft Server
[2011.02.28 21:15:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.02.28 21:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011.02.28 21:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2011.02.28 20:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2011.02.25 04:11:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CrashRpt
[2011.02.25 04:11:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Procaster
[2011.02.25 04:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster
[2011.02.25 04:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2011.02.25 03:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.02.24 20:47:31 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Games for Windows - LIVE Demos
[2011.02.24 20:11:43 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Bulletstorm
[2011.02.24 17:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA
[2011.02.24 17:19:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.02.24 17:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.02.24 14:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.02.24 02:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.02.24 02:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2011.02.24 02:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.02.23 15:43:48 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 15:43:47 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 15:43:47 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 15:43:47 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.21 21:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.02.21 21:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011.02.20 20:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2011.02.20 20:01:39 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Crusader
[2011.02.20 16:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2011.02.20 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
[2011.02.16 17:52:20 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\est-09
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.14 14:45:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.03.14 14:14:45 | 000,018,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 14:14:45 | 000,018,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 14:06:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.14 14:05:38 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.12 22:04:17 | 000,007,626 | ---- | M] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2011.03.12 16:40:58 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.09 00:32:36 | 000,329,876 | ---- | M] () -- C:\Users\****\Desktop\Minecraft Mod Manager.jar
[2011.03.07 16:42:00 | 000,270,142 | ---- | M] () -- C:\Users\****\Desktop\Minecraft.exe
[2011.02.28 21:14:49 | 467,006,157 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.26 02:19:32 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.02.26 02:19:32 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2011.02.25 04:29:52 | 000,001,923 | ---- | M] () -- C:\Users\****\Desktop\ShippingPC-StormGame - Verknüpfung.lnk
[2011.02.25 04:11:09 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011.02.24 02:23:01 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.23 00:02:26 | 000,006,843 | ---- | M] () -- C:\Users\****\Desktop\blu3kitts.hardhook_d7afe08f.map
[2011.02.22 22:33:31 | 000,015,099 | ---- | M] () -- C:\Users\****\Documents\Lebenslauf alt.odt
[2011.02.22 20:48:33 | 006,561,271 | ---- | M] () -- C:\Users\****\Desktop\World3.7z
[2011.02.22 15:34:16 | 000,016,597 | ---- | M] () -- C:\Users\****\Documents\Bewerbung Gessner.odt
[2011.02.20 19:56:33 | 268,253,672 | ---- | M] () -- C:\Users\****\Desktop\Crusader.part2.rar
[2011.02.20 18:23:28 | 314,572,800 | ---- | M] () -- C:\Users\****\Desktop\Crusader.part1.rar
[2011.02.19 07:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.02.19 07:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.12 16:40:58 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.09 00:33:33 | 000,329,876 | ---- | C] () -- C:\Users\****\Desktop\Minecraft Mod Manager.jar
[2011.03.07 16:42:00 | 000,270,142 | ---- | C] () -- C:\Users\****\Desktop\Minecraft.exe
[2011.02.28 21:14:49 | 467,006,157 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.02.26 02:19:32 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2011.02.25 04:29:52 | 000,001,923 | ---- | C] () -- C:\Users\****\Desktop\ShippingPC-StormGame - Verknüpfung.lnk
[2011.02.25 04:11:09 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011.02.25 03:02:08 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.02.23 00:31:01 | 000,006,843 | ---- | C] () -- C:\Users\****\Desktop\blu3kitts.hardhook_d7afe08f.map
[2011.02.22 20:47:09 | 006,561,271 | ---- | C] () -- C:\Users\****\Desktop\World3.7z
[2011.02.20 18:56:03 | 268,253,672 | ---- | C] () -- C:\Users\****\Desktop\Crusader.part2.rar
[2011.02.20 17:22:54 | 314,572,800 | ---- | C] () -- C:\Users\****\Desktop\Crusader.part1.rar
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.05 21:18:24 | 000,007,626 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2010.09.19 18:52:44 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2010.08.27 01:49:12 | 000,214,592 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.27 01:48:52 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.27 01:48:52 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.25 20:20:35 | 000,184,068 | ---- | C] () -- C:\Windows\hphins32.dat
[2010.04.27 18:01:32 | 000,000,981 | ---- | C] () -- C:\Windows\eReg.dat
[2010.03.23 20:16:44 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\bsrmgcv.dll
[2010.03.23 20:16:44 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\bsrmgps.dll
[2010.03.23 20:16:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\bsrgvas.dll
[2010.03.23 20:16:37 | 000,585,728 | ---- | C] () -- C:\Windows\SysWow64\bsratswf.dll
[2010.03.23 20:16:37 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\bsratwmv.dll
[2010.03.19 21:09:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.11 03:21:48 | 000,000,632 | ---- | C] () -- C:\Windows\hphmdl32.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 14.03.2011 14:50:37 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\****\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 23,98 Gb Free Space | 5,15% Space Free | Partition Type: NTFS
Drive D: | 632,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: **** | User Name: ****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{80D3CFFD-4CB5-47A1-8779-11A720A9ADB2}" = HP Deskjet D2600 Printer Driver Software 13.0 Rel .5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{203E564A-51E6-44E5-9DF9-8D0AD66E401D}" = DJ_SF_05_D2600_Software_Min
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5B0CA1FA-2AE6-4A17-827C-7236030363D3}" = XSplit
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775290AD-C54E-418C-9564-A10836F42C1C}" = D2600
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}" = Bloodline Champions Beta
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Blue Eye Macro" = Blue Eye Macro 1.3
"Catan Online Welt" = Catan Online Welt
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Elsword_DE_is1" = Elsword_DE
"facemoods" = Facemoods Toolbar
"Garena" = Garena 2010
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"hon" = Heroes of Newerth
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"League of Legends_is1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder iPod Edition" = MediaCoder iPod Edition
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PPLive" = PPLive 1.9
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Schlag den Raab_is1" = Schlag den Raab
"StarCraft II" = StarCraft II
"Steam App 17410" = Mirror's Edge
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.03.2011 23:28:49 | Computer Name = **** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f44    Startzeit: 
01cbdecc8097c4f0    Endzeit: 95    Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Berichts-ID:
 82399930-4ac6-11e0-9f0d-002215fd2eaf  
 
Error - 11.03.2011 09:38:06 | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 11.03.2011 10:41:31 | Computer Name = **** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 10a4    Startzeit:
 01cbdff37c3f8692    Endzeit: 135    Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Berichts-ID:
 a1a43c7f-4bed-11e0-b0a0-002215fd2eaf  
 
Error - 11.03.2011 13:47:20 | Computer Name = **** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: af4    Startzeit: 
01cbdffa6c499385    Endzeit: 97    Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Berichts-ID:
 9b59d840-4c07-11e0-b0a0-002215fd2eaf  
 
Error - 11.03.2011 20:26:05 | Computer Name = **** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 318    Startzeit: 
01cbe03ab98e24fc    Endzeit: 121    Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Berichts-ID:
 4f574ed9-4c3f-11e0-b0a0-002215fd2eaf  
 
Error - 11.03.2011 22:33:45 | Computer Name = **** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 16e0    Startzeit:
 01cbe04c21185cd4    Endzeit: 155    Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Berichts-ID:
 24d7063f-4c51-11e0-b0a0-002215fd2eaf  
 
Error - 11.03.2011 23:14:01 | Computer Name = **** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2b4    Startzeit: 
01cbe061ab75f030    Endzeit: 92    Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Berichts-ID:
 c5402cec-4c56-11e0-b0a0-002215fd2eaf  
 
Error - 12.03.2011 20:09:42 | Computer Name = **** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e34    Startzeit: 
01cbe10ddfc49609    Endzeit: 1176    Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Berichts-ID:
 2e43a9ab-4d06-11e0-8e5f-002215fd2eaf  
 
Error - 13.03.2011 00:39:06 | Computer Name = **** | Source = VSS | ID = 13
Description = 
 
Error - 13.03.2011 00:39:07 | Computer Name = **** | Source = VSS | ID = 8193
Description = 
 
[ System Events ]
Error - 14.03.2011 09:39:45 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2011 09:41:16 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2011 09:42:46 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2011 09:44:17 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2011 09:45:47 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2011 09:47:18 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2011 09:48:48 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2011 09:50:19 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2011 09:51:49 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2011 09:53:20 | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

cosinus · 14.03.2011, 18:32

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{adfe0579-52bb-11df-aa26-002215fd2eaf}\Shell - "" = AutoRun
O33 - MountPoints2\{adfe0579-52bb-11df-aa26-002215fd2eaf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Autorun.exe
O33 - MountPoints2\{da7fa554-26fb-11e0-8a78-002215fd2eaf}\Shell - "" = AutoRun
O33 - MountPoints2\{da7fa554-26fb-11e0-8a78-002215fd2eaf}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fa9b03ed-e101-11df-b956-002215fd2eaf}\Shell - "" = AutoRun
O33 - MountPoints2\{fa9b03ed-e101-11df-b956-002215fd2eaf}\Shell\AutoRun\command - "" = F:\noautorun.exe
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

iLLuu · 15.03.2011, 15:27

Rechner wurde neugestartet.

Code:

ATTFilter

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 15.03.2011, 16:18

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

iLLuu · 18.03.2011, 00:54

Hoffe du wirst daraus schlau^^

Code:

ATTFilter

ComboFix 11-03-16.06 - 18.03.2011   0:39.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4095.2776 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\cofi.exe.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\uninstall.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-17 bis 2011-03-17  ))))))))))))))))))))))))))))))
.
.
2011-03-17 23:44 . 2011-03-17 23:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-17 23:30 . 2011-03-17 23:30	--------	d-----w-	c:\program files (x86)\CCleaner
2011-03-17 23:18 . 2011-03-17 23:18	--------	d-----w-	c:\users\****\AppData\Local\HP
2011-03-17 23:18 . 2010-10-05 19:26	109240	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-03-17 23:18 . 2010-10-05 19:27	150200	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-03-17 23:16 . 2011-03-17 23:16	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2011-03-17 23:14 . 2011-03-17 23:14	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2011-03-15 14:21 . 2011-02-11 07:30	7947600	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{86BD6005-56CB-4CCC-8A4D-1A474C4825CB}\mpengine.dll
2011-03-15 02:33 . 2011-03-15 02:33	--------	d-----w-	C:\_OTL
2011-03-12 15:41 . 2011-03-12 15:41	--------	d-----w-	c:\users\****\AppData\Roaming\Malwarebytes
2011-03-12 15:40 . 2010-12-20 17:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-12 15:40 . 2011-03-12 15:40	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-12 15:40 . 2011-03-12 15:40	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-12 15:40 . 2010-12-20 17:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-09 03:54 . 2011-03-14 15:20	--------	d-----w-	c:\users\****\AppData\Roaming\.minecraft
2011-02-28 20:03 . 2011-02-28 20:03	--------	d-----w-	c:\program files (x86)\SplitMediaLabs
2011-02-28 19:55 . 2011-02-28 19:55	--------	d-----w-	c:\programdata\SplitMediaLabs
2011-02-26 01:19 . 2011-02-26 01:19	41872	----a-w-	c:\windows\SysWow64\xfcodec.dll
2011-02-26 01:19 . 2011-02-26 01:19	27536	----a-w-	c:\windows\system32\xfcodec64.dll
2011-02-25 03:11 . 2011-02-25 03:11	--------	d-----w-	c:\users\****\AppData\Local\CrashRpt
2011-02-25 03:11 . 2011-02-25 16:34	--------	d-----w-	c:\users\****\AppData\Local\Procaster
2011-02-25 03:11 . 2011-02-25 03:11	--------	d-----w-	c:\program files (x86)\Livestream Procaster
2011-02-24 16:25 . 2011-02-24 16:25	--------	d-----w-	c:\program files (x86)\EA
2011-02-24 16:19 . 2011-02-25 02:03	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-02-24 16:19 . 2011-02-24 16:19	--------	d-----w-	c:\windows\SysWow64\xlive
2011-02-24 13:53 . 2011-02-24 13:53	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2011-02-24 02:03 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-02-24 02:03 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-02-24 01:22 . 2011-02-24 17:00	--------	d-----w-	c:\program files (x86)\JDownloader
2011-02-23 14:43 . 2011-01-07 07:31	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-02-23 14:43 . 2011-01-07 08:07	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-02-23 14:43 . 2011-01-07 08:07	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-23 14:43 . 2011-01-07 07:31	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-21 20:12 . 2011-02-21 20:12	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2011-02-20 19:54 . 2011-02-20 19:54	--------	d-----w-	c:\program files (x86)\Common Files\SWF Studio
2011-02-20 15:10 . 2011-02-20 15:10	--------	d-----w-	c:\program files (x86)\Firefly Studios
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2010-03-19 14:30	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 14:41	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 14:41	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 14:41	144384	----a-w-	c:\windows\system32\cdd.dll
2011-01-07 08:06 . 2011-02-09 14:41	46080	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 14:41	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 14:41	366080	----a-w-	c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 14:41	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 14:41	612352	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 14:41	428032	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 14:41	3127808	----a-w-	c:\windows\system32\win32k.sys
2010-12-21 06:16 . 2011-02-09 14:41	62976	----a-w-	c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-09 14:41	97280	----a-w-	c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-09 14:41	214016	----a-w-	c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-09 14:41	442880	----a-w-	c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-09 14:41	1197056	----a-w-	c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-09 14:41	258048	----a-w-	c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-09 14:41	264192	----a-w-	c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-09 14:41	15360	----a-w-	c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-09 14:41	2003968	----a-w-	c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-09 14:41	1880576	----a-w-	c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-09 14:41	100864	----a-w-	c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-09 14:41	51200	----a-w-	c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-09 14:41	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-09 14:41	350720	----a-w-	c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-09 14:41	204800	----a-w-	c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 14:41	204288	----a-w-	c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-09 14:41	14336	----a-w-	c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-09 14:41	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-09 14:41	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-09 14:41	80384	----a-w-	c:\windows\SysWow64\davclnt.dll
2010-12-18 06:11 . 2011-02-09 14:42	57856	----a-w-	c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-09 14:41	714752	----a-w-	c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-09 14:42	44544	----a-w-	c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 14:41	541184	----a-w-	c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-09 14:42	482816	----a-w-	c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-09 14:42	386048	----a-w-	c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-09 14:42	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-09 14:42	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448]
"Octoshape Streaming Services"="c:\users\****\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"ICQ"="c:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-2-26 3502992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KL2
*NewlyCreated* - KLIM6
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddr
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files (x86)\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hp71311m.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: Simple Dyyno Launcher: NPDyyno@dyyno.com - %profile%\extensions\NPDyyno@dyyno.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ChatZilla [de]: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-18  00:45:50
ComboFix-quarantined-files.txt  2011-03-17 23:45
.
Vor Suchlauf: 14 Verzeichnis(se), 24.528.736.256 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 24.351.727.616 Bytes frei
.
- - End Of File - - 14C4D2738D768DE60FE01A3E315B5C43

cosinus · 18.03.2011, 12:08

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

iLLuu · 18.03.2011, 15:23

Nen Log gibt's da nicht.
Kann dir nur das hier anbieten

cosinus · 18.03.2011, 15:25

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

iLLuu · 18.03.2011, 15:56

Code:

ATTFilter

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-18 15:53:12
Windows 6.1.7600  
Running: g1qtj193.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xEA 0x75 0x2F 0x0F ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x8C 0x8C 0x7E 0xE9 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x63 0x9A 0xB7 0x57 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xBB 0xE2 0xA1 0xA1 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x8F 0xC1 0xF9 0x0F ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x8C 0x8C 0x7E 0xE9 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x63 0x9A 0xB7 0x57 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xBB 0xE2 0xA1 0xA1 ...

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Professional
Windows Information:		 (build 7600), 64-bit
Base Board Manufacturer:	ASUSTeK Computer INC.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		System manufacturer
System Product Name:		System Product Name
Logical Drives Mask:		0x0000003d

Kernel Drivers (total 196):
  0x02C52000 \SystemRoot\system32\ntoskrnl.exe
  0x02C09000 \SystemRoot\system32\hal.dll
  0x00BBE000 \SystemRoot\system32\kdcom.dll
  0x00C10000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00C54000 \SystemRoot\system32\PSHED.dll
  0x00C68000 \SystemRoot\system32\CLFS.SYS
  0x00CC6000 \SystemRoot\system32\CI.dll
  0x00E41000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00EE5000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x010A5000 \SystemRoot\System32\Drivers\spzt.sys
  0x011CB000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00EF4000 \SystemRoot\system32\DRIVERS\pci.sys
  0x011D4000 \SystemRoot\System32\drivers\partmgr.sys
  0x011E9000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00F27000 \SystemRoot\System32\drivers\volmgrx.sys
  0x0109D000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00F83000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00F93000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00FAD000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x00FB6000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x00FE0000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x00D86000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00FEB000 \SystemRoot\system32\drivers\fileinfo.sys
  0x00E00000 \SystemRoot\System32\Drivers\PxHlpa64.sys
  0x01205000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0144A000 \SystemRoot\System32\Drivers\msrpc.sys
  0x014A8000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x014C2000 \SystemRoot\System32\Drivers\cng.sys
  0x01535000 \SystemRoot\System32\drivers\pcw.sys
  0x01546000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0163A000 \SystemRoot\system32\drivers\ndis.sys
  0x0172C000 \SystemRoot\system32\drivers\NETIO.SYS
  0x0178C000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01802000 \SystemRoot\System32\drivers\tcpip.sys
  0x01550000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x017B7000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x0159A000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x017C7000 \SystemRoot\System32\Drivers\spldr.sys
  0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
  0x017CF000 \SystemRoot\System32\Drivers\mup.sys
  0x01A94000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x021F3000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01400000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x034D3000 \SystemRoot\system32\DRIVERS\klif.sys
  0x03569000 \SystemRoot\System32\Drivers\Null.SYS
  0x03572000 \SystemRoot\System32\Drivers\Beep.SYS
  0x03579000 \SystemRoot\System32\drivers\vga.sys
  0x03587000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x035AC000 \SystemRoot\System32\drivers\watchdog.sys
  0x035BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x035C5000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x035CE000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x035D7000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x035E2000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03400000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x0341E000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0342B000 \SystemRoot\system32\DRIVERS\kl2.sys
  0x03432000 \SystemRoot\system32\drivers\afd.sys
  0x013A8000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x034BC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x00E0C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x034C5000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x0142A000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x00DD2000 \SystemRoot\system32\DRIVERS\serial.sys
  0x042D1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x042EC000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x04300000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04351000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0435D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x04368000 \SystemRoot\System32\drivers\discache.sys
  0x04377000 \SystemRoot\system32\drivers\csc.sys
  0x04200000 \SystemRoot\System32\Drivers\dfsc.sys
  0x0421E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x0422F000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x04255000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x106A4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x113CB000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x04499000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x0458D000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x045D3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x04400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x04456000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x04467000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x045E0000 \SystemRoot\system32\DRIVERS\L1E62x64.sys
  0x10600000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x045F2000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x0448B000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x1063E000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x1064A000 \SystemRoot\System32\Drivers\a4gp21fm.SYS
  0x1068F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x113CD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x0426B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x113E3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x0428F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x048EE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x04909000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x0492A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x04944000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x0494F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x0495A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x04969000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x04978000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x0497A000 \SystemRoot\system32\DRIVERS\ks.sys
  0x049BD000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04800000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x0485A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x04865000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05E7B000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x060AB000 \SystemRoot\system32\drivers\portcls.sys
  0x060E8000 \SystemRoot\system32\drivers\drmk.sys
  0x0610A000 \SystemRoot\system32\drivers\ksthunk.sys
  0x000E0000 \SystemRoot\System32\win32k.sys
  0x06110000 \SystemRoot\System32\drivers\Dxapi.sys
  0x0611C000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00410000 \SystemRoot\System32\TSDDD.dll
  0x00620000 \SystemRoot\System32\cdd.dll
  0x0612A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x06147000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x06149000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x06157000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x06170000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x06179000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x06187000 \SystemRoot\system32\DRIVERS\xusb21.sys
  0x06198000 \SystemRoot\system32\drivers\LVUSBS64.sys
  0x061A3000 \SystemRoot\system32\drivers\usbaudio.sys
  0x061BE000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x061CB000 \SystemRoot\system32\DRIVERS\klmouflt.sys
  0x061D5000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x061F2000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x05E00000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x05E0C000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x05E15000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x05E28000 \SystemRoot\system32\drivers\luafv.sys
  0x05E4B000 \SystemRoot\system32\drivers\WudfPf.sys
  0x04887000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x0489C000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x06261000 \SystemRoot\system32\drivers\HTTP.sys
  0x06329000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x06347000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x0635F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x0638C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x063DA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x06604000 \SystemRoot\system32\drivers\peauth.sys
  0x066AA000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x066B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x066E2000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x066F4000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0675B000 \SystemRoot\System32\DRIVERS\srv.sys
  0x07512000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x777C0000 \Windows\System32\ntdll.dll
  0x475F0000 \Windows\System32\smss.exe
  0xFFAE0000 \Windows\System32\apisetschema.dll
  0xFFF00000 \Windows\System32\autochk.exe
  0xFFA80000 \Windows\System32\ws2_32.dll
  0xFFA00000 \Windows\System32\shlwapi.dll
  0x77990000 \Windows\System32\normaliz.dll
  0xFF920000 \Windows\System32\advapi32.dll
  0xFF8F0000 \Windows\System32\imm32.dll
  0xFF850000 \Windows\System32\clbcatq.dll
  0xFF640000 \Windows\System32\ole32.dll
  0xFF5A0000 \Windows\System32\comdlg32.dll
  0xFF590000 \Windows\System32\nsi.dll
  0xFF580000 \Windows\System32\lpk.dll
  0xFF4B0000 \Windows\System32\usp10.dll
  0xFF2D0000 \Windows\System32\setupapi.dll
  0xFF1F0000 \Windows\System32\oleaut32.dll
  0xFF0C0000 \Windows\System32\wininet.dll
  0xFEE60000 \Windows\System32\iertutil.dll
  0x776C0000 \Windows\System32\user32.dll
  0xFEE10000 \Windows\System32\Wldap32.dll
  0xFED90000 \Windows\System32\difxapi.dll
  0xFEC60000 \Windows\System32\rpcrt4.dll
  0xFEAE0000 \Windows\System32\urlmon.dll
  0xFDD50000 \Windows\System32\shell32.dll
  0xFDC40000 \Windows\System32\msctf.dll
  0x77980000 \Windows\System32\psapi.dll
  0xFDC20000 \Windows\System32\sechost.dll
  0xFDB80000 \Windows\System32\msvcrt.dll
  0xFDB60000 \Windows\System32\imagehlp.dll
  0xFDAF0000 \Windows\System32\gdi32.dll
  0x775A0000 \Windows\System32\kernel32.dll
  0xFDA80000 \Windows\System32\KernelBase.dll
  0xFD9E0000 \Windows\System32\comctl32.dll
  0xFD9C0000 \Windows\System32\devobj.dll
  0xFD850000 \Windows\System32\crypt32.dll
  0xFD810000 \Windows\System32\wintrust.dll
  0xFD7D0000 \Windows\System32\cfgmgr32.dll
  0xFD7C0000 \Windows\System32\msasn1.dll
  0x75960000 \Windows\SysWOW64\normaliz.dll

Processes (total 60):
       0 System Idle Process
       4 System
     324 C:\Windows\System32\smss.exe
     448 csrss.exe
     508 C:\Windows\System32\wininit.exe
     524 csrss.exe
     568 C:\Windows\System32\services.exe
     584 C:\Windows\System32\lsass.exe
     592 C:\Windows\System32\lsm.exe
     672 C:\Windows\System32\winlogon.exe
     756 C:\Windows\System32\svchost.exe
     820 C:\Windows\System32\nvvsvc.exe
     860 C:\Windows\System32\svchost.exe
     912 C:\Windows\System32\svchost.exe
     996 C:\Windows\System32\svchost.exe
     108 C:\Windows\System32\svchost.exe
     504 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\nvvsvc.exe
    1236 C:\Windows\System32\svchost.exe
    1348 C:\Windows\System32\spoolsv.exe
    1380 C:\Windows\System32\svchost.exe
    1720 C:\Windows\System32\svchost.exe
    1756 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    1780 C:\Windows\SysWOW64\svchost.exe
    1804 C:\Windows\System32\svchost.exe
    1852 C:\Windows\System32\svchost.exe
    1900 C:\Windows\SysWOW64\PnkBstrA.exe
    1940 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2020 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2132 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2508 C:\Windows\System32\SearchIndexer.exe
    2732 C:\Windows\System32\svchost.exe
    3656 C:\Windows\System32\svchost.exe
    3708 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1820 C:\Windows\System32\taskhost.exe
    2440 C:\Windows\System32\dwm.exe
    3492 C:\Windows\explorer.exe
    3780 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
     576 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    2144 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
     984 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    3724 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    1508 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    2336 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    2452 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2696 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    1428 C:\Windows\System32\svchost.exe
    4176 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4348 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    4632 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    4840 dllhost.exe
    5492 C:\Windows\System32\audiodg.exe
     832 C:\Users\****\Desktop\MBRCheck.exe
    5032 C:\Windows\System32\conhost.exe
    5868 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3500320AS, Rev: SD15    

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

14.03.2011, 10:53	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MSN hat selbstständig E-Mails an Kontakte versendet. Hi, ist Malwarebytes schon durch? Bitte alle Logs davon posten. __________________ __________________

14.03.2011, 14:22	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MSN hat selbstständig E-Mails an Kontakte versendet. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

18.03.2011, 12:08	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MSN hat selbstständig E-Mails an Kontakte versendet. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ Logfiles bitte immer in CODE-Tags posten

MSN hat selbstständig E-Mails an Kontakte versendet.

Überwachung, Datenschutz und Spam: MSN hat selbstständig E-Mails an Kontakte versendet.