[Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme

Drummer_Shoo · 28.04.2011, 18:32

Vor 2-3 Wochen hatte ich mir das Schadprogramm Windows Restore eingefangen und die Hilfestellungen hier im Forum angewand.
Soweit funktionierte der Rechner dann auch wieder relativ normal.

2 Dinge blieben jedoch:
1. Wurden Links über die google-Suche zum Teil weitergeleitet und auf zweifelhafte Seite verlinkt wo man als nächstes irgendwelche Programme installieren sollte. Ausserdem ist verlangsamt sich die Zugriffszeit auf Seiten nach einigen Stunden stark.
2. Es taucht während der Nutzung des Rechners auch immer wieder ein Scriptfehler auf, der auf eine Internetadresse (www2a.glam.com/mobile/detect.act?affiliateId=38198522) zurückzuführen ist.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6336
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
11.04.2011 22:56:21
mbam-log-2011-04-11 (22-56-21).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|N:\|)
Durchsuchte Objekte: 467047
Laufzeit: 1 Stunde(n), 23 Minute(n), 12 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oMaNKFWcCnXLENt (Trojan.FakeAlert) -> Value: oMaNKFWcCnXLENt -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Infizierte Verzeichnisse:
c:\Users\Melms\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Infizierte Dateien:
c:\programdata\omankfwccnxlent.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melms\AppData\LocalLow\Sun\Java\deployment\cache\6.0\19\6a44c13-186c571b (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\34791176.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melms\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melms\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6336
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
14.04.2011 21:49:38
mbam-log-2011-04-14 (21-49-38).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159030
Laufzeit: 5 Minute(n), 52 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6459
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
27.04.2011 23:31:49
mbam-log-2011-04-27 (23-31-49).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154773
Laufzeit: 4 Minute(n), 17 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\Windows\System32\spool\prtprocs\w32x86\7352869.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6459
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
28.04.2011 08:29:08
mbam-log-2011-04-28 (08-29-08).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154831
Laufzeit: 5 Minute(n), 4 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6459
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
28.04.2011 19:50:11
mbam-log-2011-04-28 (19-50-11).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155344
Laufzeit: 5 Minute(n), 18 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

OTL logfile created on: 28.04.2011 08:17:53 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Melms\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 443,13 Gb Total Space | 313,72 Gb Free Space | 70,80% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Unable to calculate disk information.
Drive N: | 232,83 Gb Total Space | 108,88 Gb Free Space | 46,77% Space Free | Partition Type: FAT32
 
Computer Name: MELMS-PC | User Name: Melms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.20 23:43:35 | 013,007,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\windows-kb890830-v3.18.exe
PRC - [2011.04.18 15:46:44 | 000,079,304 | ---- | M] (Microsoft Corporation) -- c:\ecebd7d2dd50074cfa1593d09b\mrtstub.exe
PRC - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.03.21 07:49:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.11.12 19:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\java.exe
PRC - [2010.11.03 09:32:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.06.18 19:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010.06.13 13:54:52 | 004,574,208 | ---- | M] (Shareaza Development Team) -- C:\Programme\Shareaza\Shareaza.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.03.22 12:50:18 | 000,219,976 | ---- | M] () -- C:\Programme\BumpTop\TexHelper.exe
PRC - [2010.03.22 12:49:58 | 007,162,184 | ---- | M] () -- C:\Programme\BumpTop\BumpTop.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.11.04 11:06:36 | 001,105,920 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.09.11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007.07.11 18:18:54 | 000,237,568 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2007.03.22 11:09:18 | 000,132,704 | ---- | M] (ashampoo Technology GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\defragMonitorService.exe
PRC - [2007.03.22 11:09:16 | 004,540,120 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
PRC - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
PRC - [2007.03.22 11:09:16 | 000,079,456 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
PRC - [2006.07.09 21:58:00 | 001,777,664 | ---- | M] (Idea2) -- C:\Programme\Desktop Sidebar\dsidebar.exe
PRC - [2005.03.08 12:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2004.12.09 13:14:34 | 001,068,032 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe
PRC - [2004.12.01 14:20:28 | 000,456,192 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2004.11.25 13:59:06 | 000,143,360 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe
PRC - [2004.11.24 13:29:38 | 000,880,640 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2004.11.16 12:55:16 | 000,089,088 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.04 11:44:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -- (AshampooDefragService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
SRV - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.20 11:42:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 23:55:16 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.13 22:49:42 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2010.08.14 17:59:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.08.14 17:59:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.11.20 13:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009.11.20 13:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.05 03:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.05.02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.05.11 16:17:25 | 000,221,184 | ---- | M] (TerraTec Electronic GmbH.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Cinergy_HT_PCI_MKII.sys -- (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII)
DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 13 EE 64 48 11 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 21:07:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 21:07:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.21 07:49:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.19 11:55:34 | 000,000,000 | ---D | M]
 
[2010.06.26 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Extensions
[2011.04.15 23:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions
[2011.02.04 09:34:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.01.14 09:29:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011.03.12 09:14:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.02.19 16:23:41 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\FirefoxAddon@similarWeb.com
[2011.03.27 11:05:20 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\toolbar@ask.com
[2011.04.25 23:21:55 | 000,001,056 | ---- | M] () -- C:\Users\Melms\AppData\Roaming\Mozilla\Firefox\Profiles\xsdvpeay.default\searchplugins\icqplugin.xml
[2011.03.19 11:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.03.21 07:49:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.21 17:10:13 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programme\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe (Nokia)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
O4 - HKCU..\Run: [SIDEBAR] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2)
O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TV-Browser.url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell\AutoRun\command - "" = F:\EasySuite.exe
O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell\AutoRun\command - "" = K:\autorun.exe de
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 08:17:32 | 000,000,000 | ---D | C] -- C:\ecebd7d2dd50074cfa1593d09b
[2011.04.22 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Need for Speed World
[2011.04.22 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Local\Electronic_Arts_Inc
[2011.04.18 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\TV-Browser
[2011.04.11 21:18:53 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Malwarebytes
[2011.04.11 21:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.11 21:18:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.11 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.11 21:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.11 21:17:26 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Melms\Desktop\herbert.exe
[2011.04.11 20:21:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
[2011.04.10 15:32:20 | 000,000,000 | ---D | C] -- C:\Programme\Yuna Software
[2011.04.01 15:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.04.01 15:03:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4
[2011.04.01 13:20:30 | 000,026,176 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi
[2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.03.29 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2011.03.29 09:55:12 | 000,053,760 | R--- | C] (AVM GmbH) -- C:\Windows\System32\avmadd32.dll
[2010.10.11 21:12:07 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 08:20:48 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 08:20:48 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 08:19:41 | 000,668,302 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.28 08:19:41 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.28 08:19:41 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.28 08:19:41 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.28 08:19:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.28 08:13:34 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 08:13:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 08:13:19 | 1610,309,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 21:58:56 | 000,010,610 | ---- | M] () -- C:\Users\Melms\Desktop\schafe.png
[2011.04.27 21:34:00 | 000,014,591 | ---- | M] () -- C:\Users\Melms\Desktop\7lx41k8ykeq.png
[2011.04.25 20:56:50 | 005,722,575 | ---- | M] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf
[2011.04.22 17:16:39 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2011.04.21 18:58:11 | 000,293,488 | ---- | M] () -- C:\Users\Melms\Desktop\driving-at-night-1280x960.jpg
[2011.04.16 22:50:30 | 000,000,381 | ---- | M] () -- C:\Windows\BeatBox.INI
[2011.04.16 22:50:30 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI
[2011.04.15 20:14:58 | 000,334,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.12 18:00:16 | 000,025,336 | ---- | M] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf
[2011.04.11 22:59:52 | 000,504,657 | ---- | M] () -- C:\Users\Melms\Desktop\unhide.exe
[2011.04.11 21:18:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.11 21:17:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Melms\Desktop\herbert.exe
[2011.04.11 21:10:03 | 320,021,172 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.11 21:07:59 | 001,006,778 | ---- | M] () -- C:\Users\Melms\Desktop\iExplorer.exe.com
[2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
[2011.04.11 20:08:44 | 000,000,392 | ---- | M] () -- C:\ProgramData\34791176
[2011.04.11 20:06:52 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34791176r
[2011.04.11 20:06:52 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34791176
[2011.04.02 18:44:40 | 000,420,467 | ---- | M] () -- C:\Users\Melms\Desktop\image.png
[2011.03.30 21:39:07 | 000,001,236 | ---- | M] () -- C:\Users\Melms\Desktop\Eigene Dateien.lnk
[2011.03.30 21:38:54 | 000,000,798 | ---- | M] () -- C:\Users\Melms\Desktop\mircG5.0.exe - Verknüpfung.lnk
[2011.03.29 09:56:06 | 000,000,994 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 21:58:56 | 000,010,610 | ---- | C] () -- C:\Users\Melms\Desktop\schafe.png
[2011.04.27 21:33:54 | 000,014,591 | ---- | C] () -- C:\Users\Melms\Desktop\7lx41k8ykeq.png
[2011.04.25 20:56:38 | 005,722,575 | ---- | C] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf
[2011.04.22 17:16:39 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2011.04.21 18:58:00 | 000,293,488 | ---- | C] () -- C:\Users\Melms\Desktop\driving-at-night-1280x960.jpg
[2011.04.12 18:00:15 | 000,025,336 | ---- | C] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf
[2011.04.11 22:59:53 | 000,504,657 | ---- | C] () -- C:\Users\Melms\Desktop\unhide.exe
[2011.04.11 21:18:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.11 21:10:03 | 320,021,172 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.11 21:07:56 | 001,006,778 | ---- | C] () -- C:\Users\Melms\Desktop\iExplorer.exe.com
[2011.04.11 20:02:31 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34791176r
[2011.04.11 20:02:30 | 000,000,104 | ---- | C] () -- C:\ProgramData\~34791176
[2011.04.11 20:02:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\34791176
[2011.04.02 18:44:38 | 000,420,467 | ---- | C] () -- C:\Users\Melms\Desktop\image.png
[2011.03.20 20:48:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.02.27 01:45:09 | 000,000,381 | ---- | C] () -- C:\Windows\BeatBox.INI
[2011.02.27 01:45:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011.02.27 00:58:31 | 000,124,596 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.02.05 20:09:24 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.02.05 20:09:18 | 000,139,152 | ---- | C] () -- C:\Users\Melms\AppData\Roaming\PnkBstrK.sys
[2011.02.05 20:08:43 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.02.05 20:08:40 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.02.05 20:08:40 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.02.03 21:56:57 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI
[2010.12.29 21:00:43 | 000,000,180 | ---- | C] () -- C:\Windows\System32\msftpd.exe
[2010.12.19 20:34:53 | 000,000,221 | ---- | C] () -- C:\Windows\SOFTEK.INI
[2010.10.19 17:18:19 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini
[2010.10.15 21:00:00 | 000,006,656 | ---- | C] () -- C:\Users\Melms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.11 21:12:07 | 000,237,568 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2010.08.28 19:41:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.08.28 19:34:40 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.08.28 19:34:13 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.08.14 17:26:47 | 000,007,597 | ---- | C] () -- C:\Users\Melms\AppData\Local\Resmon.ResmonCfg
[2010.08.14 17:14:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.08.14 17:14:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.07.27 13:00:39 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat
[2010.07.04 11:29:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.14 10:47:43 | 000,668,302 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,134,150 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,334,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,619,894 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,110,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.07.20 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\#Company short name
[2011.01.23 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Aston
[2011.01.23 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Bump Technologies, Inc
[2011.04.27 23:35:21 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Desktop Sidebar
[2010.12.29 14:42:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FileZilla
[2010.06.21 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit
[2010.10.09 10:25:23 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit Software
[2011.03.13 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FRITZ!
[2011.04.27 23:19:21 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\ICQ
[2010.11.14 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Jasc
[2010.08.29 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Lern-o-Mat
[2010.08.28 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\MAGIX
[2011.04.22 17:45:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Need for Speed World
[2011.02.21 23:21:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Nokia Multimedia Player
[2010.07.04 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\OpenOffice.org
[2011.02.21 23:18:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\PC Suite
[2011.02.16 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Shareaza
[2010.06.26 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra
[2010.06.26 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra Entertainment
[2010.06.27 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Subversion
[2010.06.26 18:59:17 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TerraTec
[2010.10.31 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Tokback
[2011.04.28 08:13:44 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TV-Browser
[2011.02.16 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\wargaming.net
[2011.03.25 15:10:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Melms\Downloads:Shareaza.GUID
 
< End of report >

Code:

ATTFilter

OTL logfile created on: 28.04.2011 21:27:50 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Melms\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 1,00 Gb Available in Paging File | 36,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 443,13 Gb Total Space | 312,99 Gb Free Space | 70,63% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Unable to calculate disk information.
Drive N: | 232,83 Gb Total Space | 108,88 Gb Free Space | 46,77% Space Free | Partition Type: FAT32
 
Computer Name: MELMS-PC | User Name: Melms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
PRC - [2011.04.01 15:04:02 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.4\ICQ.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.03.21 07:49:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.09 12:47:04 | 001,595,744 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winamp.exe
PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.11.12 19:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\java.exe
PRC - [2010.11.03 09:32:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe
PRC - [2010.06.18 19:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010.06.13 13:54:52 | 004,574,208 | ---- | M] (Shareaza Development Team) -- C:\Programme\Shareaza\Shareaza.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.03.22 12:50:18 | 000,219,976 | ---- | M] () -- C:\Programme\BumpTop\TexHelper.exe
PRC - [2010.03.22 12:49:58 | 007,162,184 | ---- | M] () -- C:\Programme\BumpTop\BumpTop.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.11.04 11:26:04 | 006,209,536 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
PRC - [2008.11.04 11:06:36 | 001,105,920 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe
PRC - [2007.11.01 20:57:24 | 002,756,096 | ---- | M] (mIRC Co. Ltd.) -- N:\[G]Script50\mircG5.0.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.09.11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007.07.11 18:18:54 | 000,237,568 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2007.03.22 11:09:16 | 004,540,120 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
PRC - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
PRC - [2006.07.09 21:58:00 | 001,777,664 | ---- | M] (Idea2) -- C:\Programme\Desktop Sidebar\dsidebar.exe
PRC - [2005.03.08 12:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2004.12.09 13:14:34 | 001,068,032 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe
PRC - [2004.12.01 14:20:28 | 000,456,192 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2004.11.25 13:59:06 | 000,143,360 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe
PRC - [2004.11.24 13:29:38 | 000,880,640 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2004.11.16 12:55:16 | 000,089,088 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.04 11:44:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -- (AshampooDefragService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
SRV - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.20 11:42:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 23:55:16 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.13 22:49:42 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2010.08.14 17:59:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.08.14 17:59:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.11.20 13:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009.11.20 13:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.05 03:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.05.02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.05.11 16:17:25 | 000,221,184 | ---- | M] (TerraTec Electronic GmbH.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Cinergy_HT_PCI_MKII.sys -- (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII)
DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 13 EE 64 48 11 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 21:07:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 21:07:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.21 07:49:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.19 11:55:34 | 000,000,000 | ---D | M]
 
[2010.06.26 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Extensions
[2011.04.15 23:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions
[2011.02.04 09:34:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.01.14 09:29:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011.03.12 09:14:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.02.19 16:23:41 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\FirefoxAddon@similarWeb.com
[2011.03.27 11:05:20 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\toolbar@ask.com
[2011.04.25 23:21:55 | 000,001,056 | ---- | M] () -- C:\Users\Melms\AppData\Roaming\Mozilla\Firefox\Profiles\xsdvpeay.default\searchplugins\icqplugin.xml
[2011.03.19 11:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.03.21 07:49:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.21 17:10:13 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programme\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe (Nokia)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
O4 - HKCU..\Run: [SIDEBAR] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2)
O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TV-Browser.url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell\AutoRun\command - "" = F:\EasySuite.exe
O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell\AutoRun\command - "" = K:\autorun.exe de
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Need for Speed World
[2011.04.22 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Local\Electronic_Arts_Inc
[2011.04.18 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\TV-Browser
[2011.04.11 21:18:53 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Malwarebytes
[2011.04.11 21:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.11 21:18:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.11 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.11 21:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.11 21:17:26 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Melms\Desktop\herbert.exe
[2011.04.11 20:21:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
[2011.04.10 15:32:20 | 000,000,000 | ---D | C] -- C:\Programme\Yuna Software
[2011.04.01 15:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.04.01 15:03:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4
[2011.04.01 13:20:30 | 000,026,176 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi
[2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2010.10.11 21:12:07 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 21:24:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.28 18:24:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 18:00:46 | 000,668,302 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.28 18:00:46 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.28 18:00:46 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.28 18:00:46 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.28 17:59:57 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 17:59:57 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 17:54:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 17:54:22 | 1610,309,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.25 20:56:50 | 005,722,575 | ---- | M] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf
[2011.04.22 17:16:39 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2011.04.16 22:50:30 | 000,000,381 | ---- | M] () -- C:\Windows\BeatBox.INI
[2011.04.16 22:50:30 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI
[2011.04.15 20:14:58 | 000,334,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.12 18:00:16 | 000,025,336 | ---- | M] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf
[2011.04.11 22:59:52 | 000,504,657 | ---- | M] () -- C:\Users\Melms\Desktop\unhide.exe
[2011.04.11 21:18:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.11 21:17:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Melms\Desktop\herbert.exe
[2011.04.11 21:10:03 | 320,021,172 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.11 21:07:59 | 001,006,778 | ---- | M] () -- C:\Users\Melms\Desktop\iExplorer.exe.com
[2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
[2011.04.11 20:08:44 | 000,000,392 | ---- | M] () -- C:\ProgramData\34791176
[2011.04.11 20:06:52 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34791176r
[2011.04.11 20:06:52 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34791176
[2011.04.02 18:44:40 | 000,420,467 | ---- | M] () -- C:\Users\Melms\Desktop\image.png
[2011.03.30 21:39:07 | 000,001,236 | ---- | M] () -- C:\Users\Melms\Desktop\Eigene Dateien.lnk
[2011.03.30 21:38:54 | 000,000,798 | ---- | M] () -- C:\Users\Melms\Desktop\mircG5.0.exe - Verknüpfung.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.25 20:56:38 | 005,722,575 | ---- | C] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf
[2011.04.22 17:16:39 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2011.04.12 18:00:15 | 000,025,336 | ---- | C] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf
[2011.04.11 22:59:53 | 000,504,657 | ---- | C] () -- C:\Users\Melms\Desktop\unhide.exe
[2011.04.11 21:18:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.11 21:10:03 | 320,021,172 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.11 21:07:56 | 001,006,778 | ---- | C] () -- C:\Users\Melms\Desktop\iExplorer.exe.com
[2011.04.11 20:02:31 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34791176r
[2011.04.11 20:02:30 | 000,000,104 | ---- | C] () -- C:\ProgramData\~34791176
[2011.04.11 20:02:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\34791176
[2011.04.02 18:44:38 | 000,420,467 | ---- | C] () -- C:\Users\Melms\Desktop\image.png
[2011.03.20 20:48:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.02.27 01:45:09 | 000,000,381 | ---- | C] () -- C:\Windows\BeatBox.INI
[2011.02.27 01:45:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011.02.27 00:58:31 | 000,124,596 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.02.05 20:09:24 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.02.05 20:09:18 | 000,139,152 | ---- | C] () -- C:\Users\Melms\AppData\Roaming\PnkBstrK.sys
[2011.02.05 20:08:43 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.02.05 20:08:40 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.02.05 20:08:40 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.02.03 21:56:57 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI
[2010.12.29 21:00:43 | 000,000,180 | ---- | C] () -- C:\Windows\System32\msftpd.exe
[2010.12.19 20:34:53 | 000,000,221 | ---- | C] () -- C:\Windows\SOFTEK.INI
[2010.10.19 17:18:19 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini
[2010.10.15 21:00:00 | 000,006,656 | ---- | C] () -- C:\Users\Melms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.11 21:12:07 | 000,237,568 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2010.08.28 19:41:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.08.28 19:34:40 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.08.28 19:34:13 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.08.14 17:26:47 | 000,007,597 | ---- | C] () -- C:\Users\Melms\AppData\Local\Resmon.ResmonCfg
[2010.08.14 17:14:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.08.14 17:14:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.07.27 13:00:39 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat
[2010.07.04 11:29:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.14 10:47:43 | 000,668,302 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,134,150 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,334,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,619,894 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,110,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.07.20 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\#Company short name
[2011.01.23 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Aston
[2011.01.23 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Bump Technologies, Inc
[2011.04.28 08:46:03 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Desktop Sidebar
[2010.12.29 14:42:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FileZilla
[2010.06.21 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit
[2010.10.09 10:25:23 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit Software
[2011.03.13 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FRITZ!
[2011.04.28 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\ICQ
[2010.11.14 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Jasc
[2010.08.29 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Lern-o-Mat
[2010.08.28 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\MAGIX
[2011.04.22 17:45:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Need for Speed World
[2011.02.21 23:21:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Nokia Multimedia Player
[2010.07.04 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\OpenOffice.org
[2011.02.21 23:18:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\PC Suite
[2011.02.16 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Shareaza
[2010.06.26 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra
[2010.06.26 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra Entertainment
[2010.06.27 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Subversion
[2010.06.26 18:59:17 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TerraTec
[2010.10.31 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Tokback
[2011.04.28 21:14:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TV-Browser
[2011.02.16 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\wargaming.net
[2011.03.25 15:10:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Melms\Downloads:Shareaza.GUID
 
< End of report >

cosinus · 06.05.2011, 12:01

Die Scans sind schon etwas her. Bitte Malwarebytes updaten und einen neuen Vollscan machen.

Drummer_Shoo · 06.05.2011, 14:57

Hier die frische Log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6519

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.05.2011 15:01:26
mbam-log-2011-05-06 (15-01-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|N:\|)
Durchsuchte Objekte: 458406
Laufzeit: 1 Stunde(n), 25 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 06.05.2011, 18:00

Zitat:

OTL logfile created on: 28.04.2011 08:17:53 - Run 2

Bedeutet, dass das Log vom 2. Scan mit OTL ist - wo ist das Log vom ersten Durchgang?

Drummer_Shoo · 06.05.2011, 20:00

Wenn ich mich recht erinnere, gelöscht - evtl. überschrieben durch die 2. Log ...

cosinus · 06.05.2011, 20:42

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell\AutoRun\command - "" = F:\EasySuite.exe
O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell\AutoRun\command - "" = K:\autorun.exe de
[2011.04.11 20:08:44 | 000,000,392 | ---- | M] () -- C:\ProgramData\34791176
[2011.04.11 20:06:52 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34791176r
[2011.04.11 20:06:52 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34791176
@Alternate Data Stream - 16 bytes -> C:\Users\Melms\Downloads:Shareaza.GUID
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Drummer_Shoo · 06.05.2011, 21:24

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\ not found.
File F:\EasySuite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2133406-85c9-11df-916f-6cf049e2f3ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2133406-85c9-11df-916f-6cf049e2f3ee}\ not found.
File K:\autorun.exe de not found.
C:\ProgramData\34791176 moved successfully.
C:\ProgramData\~34791176r moved successfully.
C:\ProgramData\~34791176 moved successfully.
Unable to delete ADS C:\Users\Melms\Downloads:Shareaza.GUID .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Melms
->Temp folder emptied: 3251542807 bytes
->Temporary Internet Files folder emptied: 40645649 bytes
->Java cache emptied: 476687 bytes
->FireFox cache emptied: 103188202 bytes
->Flash cache emptied: 137944 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9537682 bytes
RecycleBin emptied: 11407047629 bytes
 
Total Files Cleaned = 14.126,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05062011_221746

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 07.05.2011, 14:08

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Drummer_Shoo · 08.05.2011, 12:42

Ein Starten der .exe ist nicht möglich.
Nach dem Doppelklick auf die TDSSKiller.exe erscheint wie immer eine Bestätigungsabfrage durch Windows. Nach dem Klick auf "Ausführen" passiert dann allerdings nichts mehr. Auch mit "Als Administrator" ausführen passiert nichts.

cosinus · 08.05.2011, 14:33

Dann bitte jetzt CF ausführen, probier den tdsskiller danach nochmal.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Drummer_Shoo · 08.05.2011, 15:04

Code:

ATTFilter

ComboFix 11-05-07.02 - Melms 08.05.2011  15:52:28.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2048.1190 [GMT 2:00]
ausgeführt von:: c:\users\Melms\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bassmod.dll
c:\program files\INSTALL.LOG
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-08 bis 2011-05-08  ))))))))))))))))))))))))))))))
.
.
2011-05-08 13:58 . 2011-05-08 13:59	--------	d-----w-	c:\users\Melms\AppData\Local\temp
2011-05-08 13:58 . 2011-05-08 13:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-07 05:53 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B438D3AE-3519-44F5-80FE-5157D9320E45}\mpengine.dll
2011-05-06 20:20 . 2011-05-06 20:31	--------	d-----w-	c:\users\Melms\AppData\Roaming\Nokia
2011-05-06 20:20 . 2011-05-06 20:20	--------	d-----w-	c:\users\Melms\AppData\Roaming\PC Suite
2011-05-06 20:20 . 2011-05-06 20:20	--------	d-----w-	c:\programdata\PC Suite
2011-05-06 20:17 . 2011-05-06 20:17	--------	d-----w-	C:\_OTL
2011-05-06 20:04 . 2011-05-06 20:04	--------	d-----w-	c:\program files\Common Files\PCSuite
2011-05-06 20:04 . 2011-05-06 20:04	--------	d-----w-	c:\program files\Common Files\Nokia
2011-05-06 20:03 . 2008-08-26 07:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2011-05-06 20:03 . 2011-05-06 20:03	--------	d-----w-	c:\program files\PC Connectivity Solution
2011-05-06 20:00 . 2011-05-06 20:00	--------	d-----w-	c:\programdata\Installations
2011-05-05 16:55 . 2011-05-05 16:55	--------	d-----w-	c:\users\Melms\AppData\Local\FT Software Updates
2011-05-03 18:06 . 2011-05-03 18:06	--------	d-----w-	c:\program files\iPod
2011-05-03 18:06 . 2011-05-03 18:07	--------	d-----w-	c:\program files\iTunes
2011-05-03 18:04 . 2011-05-03 18:04	--------	d-----w-	c:\program files\Bonjour
2011-05-03 18:02 . 2011-05-03 18:02	--------	d-----w-	c:\program files\Common Files\Java
2011-04-27 15:55 . 2011-02-18 05:33	31232	----a-w-	c:\windows\system32\prevhost.exe
2011-04-27 15:55 . 2011-03-11 05:44	146304	----a-w-	c:\windows\system32\drivers\storport.sys
2011-04-27 15:55 . 2011-03-11 05:44	143744	----a-w-	c:\windows\system32\drivers\nvstor.sys
2011-04-27 15:55 . 2011-03-11 05:44	1210240	----a-w-	c:\windows\system32\drivers\ntfs.sys
2011-04-27 15:55 . 2011-03-11 05:44	117120	----a-w-	c:\windows\system32\drivers\nvraid.sys
2011-04-27 15:55 . 2011-03-11 05:43	80256	----a-w-	c:\windows\system32\drivers\amdsata.sys
2011-04-27 15:55 . 2011-03-11 05:39	1686016	----a-w-	c:\windows\system32\esent.dll
2011-04-27 15:55 . 2011-03-11 05:43	332160	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2011-04-27 15:55 . 2011-03-11 05:43	22400	----a-w-	c:\windows\system32\drivers\amdxata.sys
2011-04-27 15:55 . 2011-03-11 05:37	74240	----a-w-	c:\windows\system32\fsutil.exe
2011-04-27 15:55 . 2011-03-12 11:31	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-27 15:55 . 2011-02-26 05:33	2614784	----a-w-	c:\windows\explorer.exe
2011-04-22 15:45 . 2011-04-22 15:45	--------	d-----w-	c:\users\Melms\AppData\Roaming\Need for Speed World
2011-04-22 15:16 . 2011-04-22 15:16	--------	d-----w-	c:\users\Melms\AppData\Local\Electronic_Arts_Inc
2011-04-18 17:48 . 2011-05-08 13:36	--------	d-----w-	c:\users\Melms\AppData\Roaming\TV-Browser
2011-04-14 15:53 . 2011-03-11 05:40	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-14 15:53 . 2011-03-11 05:40	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-04-14 15:53 . 2011-02-23 05:05	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 15:53 . 2011-02-23 05:05	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 15:53 . 2011-02-23 05:05	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 15:53 . 2011-02-23 05:05	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-11 19:18 . 2011-04-11 19:18	--------	d-----w-	c:\users\Melms\AppData\Roaming\Malwarebytes
2011-04-11 19:18 . 2011-04-11 19:18	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-11 19:18 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 19:18 . 2011-04-11 19:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-10 13:32 . 2011-04-10 13:32	--------	d-----w-	c:\program files\Yuna Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 18:15 . 2010-08-25 21:20	1152832	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-14 15:57 . 2011-01-13 19:12	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-14 15:57 . 2011-01-13 19:12	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-14 03:07 . 2010-07-17 07:13	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-29 18:51 . 2010-06-26 13:27	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-29 18:51 . 2010-06-26 13:27	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-22 15:07 . 2011-03-20 18:48	43520	----a-w-	c:\windows\system32\CmdLineExt03.dll
2011-03-20 09:42 . 2010-07-21 19:13	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 07:29	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 07:29	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 07:29	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-17 12:45 . 2011-02-17 12:45	586	----a-w-	C:\cc_20110217_134503.reg
2011-02-17 12:44 . 2011-02-17 12:44	41290	----a-w-	C:\cc_20110217_134408.reg
2011-04-14 16:40 . 2011-05-04 15:40	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2008-11-04 1105920]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-06-13 4574208]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-07-11 237568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
c:\users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
TV-Browser.url [2011-1-29 164]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ashampoo Magical Defrag.lnk - c:\program files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe [2010-7-21 4540120]
FRITZ!DSL Startcenter.lnk - c:\program files\FRITZ!DSL\StCenter.exe [2011-2-17 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 23:22	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NowWatching]
2010-10-31 12:46	280064	----a-w-	c:\users\Melms\AppData\Roaming\Tokback\NowWatching\2.2.0.0\NowWatching.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S3 Cinergy_HT_PCI_MKII;Cinergy HT PCI (MKII) service;c:\windows\system32\DRIVERS\Cinergy_HT_PCI_MKII.sys [2007-05-11 221184]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 137728]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 22:13]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 22:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Melms\AppData\Roaming\Mozilla\Firefox\Profiles\xsdvpeay.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-Project Reality_is1 - c:\program files\EA GAMES\Battlefield 2\unins000.exe
AddRemove-FileZilla Client - c:\program files\FileZilla FTP Client\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-08  16:01:01
ComboFix-quarantined-files.txt  2011-05-08 14:01
.
Vor Suchlauf: 11 Verzeichnis(se), 358.527.016.960 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 358.582.726.656 Bytes frei
.
- - End Of File - - 875F60F54CE20DB067A642DE08F66B20

Drummer_Shoo · 08.05.2011, 19:59

Der tdsskiller lässt aber immer noch nicht starten.

cosinus · 09.05.2011, 12:22

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Drummer_Shoo · 09.05.2011, 18:33

Code:

ATTFilter

GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-09 19:32:14
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD103SJ rev.1AJ10001
Running: co0xc7nu.exe; Driver: C:\Users\Melms\AppData\Local\Temp\kgloypoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                             82C738A9 1 Byte  [06]
.text                                                                                                                                 ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                      82C93312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.reloc                                                                                                                                C:\Windows\system32\drivers\acehlp10.sys                                                                                    section is executable [0x83FA4B80, 0x37FC7, 0xE0000060]
.reloc                                                                                                                                C:\Windows\system32\drivers\acedrv10.sys                                                                                    section is executable [0xA34B7000, 0x459C1, 0xE0000060]
.text                                                                                                                                 C:\Windows\system32\DRIVERS\atksgt.sys                                                                                      section is writeable [0xA34FD300, 0x3B6D8, 0xE8000020]
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                                                    section is writeable [0xA3540400, 0x82482, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA35E0420]  C:\Windows\system32\drivers\hardlock.sys                                                                                    entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA35E0420]
.protectÿÿÿÿhardlockunknown last code section [0xA35E0200, 0x5105, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                                                    unknown last code section [0xA35E0200, 0x5105, 0xE0000020]
.text                                                                                                                                 C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                      section is writeable [0xA35E6300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\Windows\Explorer.EXE[1992] WININET.dll!HttpAddRequestHeadersA                                                            775E9ABA 5 Bytes  JMP 0051164F 
.text                                                                                                                                 C:\Windows\Explorer.EXE[1992] WININET.dll!HttpAddRequestHeadersW                                                            775F0848 5 Bytes  JMP 00511817 

---- User IAT/EAT - GMER 1.0.15 ----

IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                             [746D2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                        [746B5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                       [746B56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                              [746D250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                    [746C8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                      [746C4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                     [746C50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                    [746C51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                           [746C66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                     [746C82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                [746C8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                              [746C907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                    [746CE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                        [746C4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                   [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]                  [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW]                [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6E1F45F8] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                [6E1F5455] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)
IAT                                                                                                                                   C:\Program Files\Shareaza\Shareaza.exe[2520] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  [6E1F549E] C:\Program Files\Shareaza\BugTrap.dll (BugTrap dynamic link library/IntelleSoft)

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume2                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort0                                                                                          85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort1                                                                                          85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort2                                                                                          85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort3                                                                                          85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort4                                                                                          85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort5                                                                                          85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort6                                                                                          85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort7                                                                                          85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                                 85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-4                                                                                 85F641ED
Device                                                                                                                                \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5                                                                                 85F641ED

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume3                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume4                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume5                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume6                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume7                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device                                                                                                                                \Driver\ACPI_HAL \Device\0000004b                                                                                           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread                                                                                                                                System [4:248]                                                                                                              85F68E84
Thread                                                                                                                                System [4:252]                                                                                                              85F6B084

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:40:28 on 09.05.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Melms\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"kgloypoc" (kgloypoc) - ? - C:\Users\Melms\AppData\Local\Temp\kgloypoc.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Motorola USB Modem Driver for MPT" (usbsermpt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbsermpt.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{E31004D1-A431-41B8-826F-E902F9D95C81} "Windows DreamScene" - "Microsoft Corporation" - C:\Windows\System32\DreamScene.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{F2185E5D-720E-4956-90D9-75F6AC141575} "SidebarIconHandler Class" - "Idea2" - C:\Program Files\Desktop Sidebar\sbhelp.dll
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10p.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{45AD732C-2CE2-4666-B366-B2214AD57A49} "Subscribe in Desktop Sidebar" - "Idea2" - C:\Program Files\Desktop Sidebar\sbhelp.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - ? - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll  (File not found)
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - ? - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll  (File not found)
{45AD732C-2CE2-4666-B366-B2214AD57A49} "Idea2 SidebarBrowserMonitor Class" - "Idea2" - C:\Program Files\Desktop Sidebar\sbhelp.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{0EEDB912-C5FA-486F-8334-57288578C627} "Shareaza Web Download Hook" - "Shareaza Development Team" - C:\Program Files\Shareaza\RazaWebHook32.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
"TV-Browser.url" - ? - C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TV-Browser.url
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Ashampoo Magical Defrag.lnk" - " " - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\StCenter.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"PC Suite Tray" - "Nokia" - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Remote Control Editor" - "TerraTec Electronic GmbH" - "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
"Shareaza" - "Shareaza Development Team" - "C:\Program Files\Shareaza\Shareaza.exe" -tray
"SIDEBAR" - "Idea2" - "C:\Program Files\Desktop Sidebar\dsidebar.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"NUSB3MON" - "NEC Electronics Corporation" - "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"tsnp2uvc" - ? - C:\Windows\tsnp2uvc.exe
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Ashampoo Defrag Service" (AshampooDefragService) - " " - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Program Files\Common Files\AVM\de_serv.exe
"AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	Gigabyte Technology Co., Ltd.
BIOS Manufacturer:		Award Software International, Inc.
System Manufacturer:		Gigabyte Technology Co., Ltd.
System Product Name:		GA-890XA-UD3
Logical Drives Mask:		0x00003fdc

Kernel Drivers (total 201):
  0x82C3E000 \SystemRoot\system32\ntoskrnl.exe
  0x82C07000 \SystemRoot\system32\halmacpi.dll
  0x80BA2000 \SystemRoot\system32\kdcom.dll
  0x83C06000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x83C11000 \SystemRoot\system32\PSHED.dll
  0x83C22000 \SystemRoot\system32\BOOTVID.dll
  0x83C2A000 \SystemRoot\system32\CLFS.SYS
  0x83C6C000 \SystemRoot\system32\CI.dll
  0x83D17000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x83D88000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x83D96000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x83DDE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x83DE7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x83DEF000 \SystemRoot\system32\DRIVERS\pci.sys
  0x83E19000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x83E24000 \SystemRoot\System32\drivers\partmgr.sys
  0x83E35000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x83E45000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83E90000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x83E97000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x83EA5000 \SystemRoot\System32\drivers\mountmgr.sys
  0x83EBB000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x83EC4000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x83EE7000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x83EF1000 \SystemRoot\system32\drivers\amdxata.sys
  0x83EFA000 \SystemRoot\system32\drivers\fltmgr.sys
  0x83F2E000 \SystemRoot\system32\drivers\fileinfo.sys
  0x83F3F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8983B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8996A000 \SystemRoot\System32\Drivers\msrpc.sys
  0x89995000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x899A8000 \SystemRoot\System32\Drivers\cng.sys
  0x89A05000 \SystemRoot\System32\drivers\pcw.sys
  0x89A13000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x89A1C000 \SystemRoot\system32\drivers\ndis.sys
  0x89AD3000 \SystemRoot\system32\drivers\NETIO.SYS
  0x89B11000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x89C1C000 \SystemRoot\System32\drivers\tcpip.sys
  0x89D65000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x89D96000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x89DD5000 \SystemRoot\System32\Drivers\spldr.sys
  0x89DDD000 \SystemRoot\System32\drivers\rdyboost.sys
  0x89E0A000 \SystemRoot\System32\Drivers\mup.sys
  0x89E1A000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x89E22000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x89E54000 \SystemRoot\system32\DRIVERS\disk.sys
  0x89E65000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x89E8A000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x89EC4000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x89EE3000 \SystemRoot\System32\Drivers\Null.SYS
  0x89EEA000 \SystemRoot\System32\Drivers\Beep.SYS
  0x89EF1000 \SystemRoot\System32\drivers\vga.sys
  0x89EFD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x89F1E000 \SystemRoot\System32\drivers\watchdog.sys
  0x89F2B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x89F33000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x89F3B000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x89F43000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x89F4E000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x89F5C000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x89F73000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x89F7E000 \SystemRoot\system32\drivers\afd.sys
  0x89B36000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x89FD8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x89FDF000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x89C00000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x89B68000 \SystemRoot\system32\DRIVERS\serial.sys
  0x89B82000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x89B95000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x89C0E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x89BA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x89BE6000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x89BF0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x89C14000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x89800000 \SystemRoot\System32\drivers\discache.sys
  0x8980C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x89824000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x83F49000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x83F6F000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x83F90000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x89832000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x90407000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x90E85000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x90E87000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x90F3E000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x90F77000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
  0x90F99000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x90F9B000 \SystemRoot\system32\DRIVERS\usbfilter.sys
  0x83FA1000 \??\C:\Windows\system32\drivers\acehlp10.sys
  0x90FC6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x90FCC000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x99416000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x99461000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x99470000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9948F000 \SystemRoot\system32\DRIVERS\Cinergy_HT_PCI_MKII.sys
  0x994C5000 \SystemRoot\system32\DRIVERS\ks.sys
  0x994F9000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
  0x994FC000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x99528000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x99532000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x9953F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x99551000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x99569000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x99574000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x99596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x995AE000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x995C5000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x995E1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x995EE000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x995FB000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x99606000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x9962C000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x9962E000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x9963C000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
  0x9964B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x9968F000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8200F000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x82318000 \SystemRoot\system32\drivers\portcls.sys
  0x82347000 \SystemRoot\system32\drivers\drmk.sys
  0x82360000 \SystemRoot\system32\drivers\USBSTOR.SYS
  0x82377000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8238E000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x82399000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x823AC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x823B3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x823BF000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
  0x823C8000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x98490000 \SystemRoot\System32\win32k.sys
  0x823D3000 \SystemRoot\System32\drivers\Dxapi.sys
  0x823DD000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x996A0000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x823F3000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x986F0000 \SystemRoot\System32\TSDDD.dll
  0x98720000 \SystemRoot\System32\cdd.dll
  0x82000000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x996CA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x996D5000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x996DE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x996EF000 \SystemRoot\system32\drivers\luafv.sys
  0x9970A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9971F000 \SystemRoot\system32\drivers\WudfPf.sys
  0x99739000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x99749000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9975C000 \SystemRoot\system32\drivers\HTTP.sys
  0x997E1000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x99400000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x90FD6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA3439000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA3474000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA34A7000 \??\C:\Windows\system32\drivers\acedrv10.sys
  0xA34FD000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA3540000 \??\C:\Windows\system32\drivers\hardlock.sys
  0xA35E6000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA35EB000 \SystemRoot\system32\drivers\peauth.sys
  0xA3682000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA368C000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA36AD000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA36BA000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3709000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA37E6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xA3400000 \??\C:\Users\Melms\AppData\Local\Temp\kgloypoc.sys
  0xA375B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
  0x778D0000 \Windows\System32\ntdll.dll
  0x47B90000 \Windows\System32\smss.exe
  0x77B10000 \Windows\System32\apisetschema.dll
  0x00EB0000 \Windows\System32\autochk.exe
  0x77AE0000 \Windows\System32\sechost.dll
  0x77A80000 \Windows\System32\difxapi.dll
  0x776D0000 \Windows\System32\iertutil.dll
  0x77A70000 \Windows\System32\normaliz.dll
  0x775D0000 \Windows\System32\wininet.dll
  0x77A50000 \Windows\System32\imm32.dll
  0x774F0000 \Windows\System32\kernel32.dll
  0x77490000 \Windows\System32\shlwapi.dll
  0x77400000 \Windows\System32\oleaut32.dll
  0x77360000 \Windows\System32\advapi32.dll
  0x77310000 \Windows\System32\gdi32.dll
  0x77A40000 \Windows\System32\lpk.dll
  0x77260000 \Windows\System32\rpcrt4.dll
  0x77220000 \Windows\System32\ws2_32.dll
  0x765D0000 \Windows\System32\shell32.dll
  0x77A30000 \Windows\System32\nsi.dll
  0x76520000 \Windows\System32\msvcrt.dll
  0x764D0000 \Windows\System32\Wldap32.dll
  0x76330000 \Windows\System32\setupapi.dll
  0x76260000 \Windows\System32\msctf.dll
  0x761E0000 \Windows\System32\comdlg32.dll
  0x76150000 \Windows\System32\clbcatq.dll
  0x76080000 \Windows\System32\user32.dll
  0x75F20000 \Windows\System32\ole32.dll
  0x75E80000 \Windows\System32\usp10.dll
  0x75D40000 \Windows\System32\urlmon.dll
  0x75D10000 \Windows\System32\imagehlp.dll
  0x77A20000 \Windows\System32\psapi.dll
  0x75BF0000 \Windows\System32\crypt32.dll
  0x75B60000 \Windows\System32\comctl32.dll
  0x75B40000 \Windows\System32\devobj.dll
  0x75B10000 \Windows\System32\wintrust.dll
  0x75AC0000 \Windows\System32\KernelBase.dll
  0x75A90000 \Windows\System32\cfgmgr32.dll
  0x77A10000 \Windows\System32\msasn1.dll

Processes (total 76):
       0 System Idle Process
       4 System
     288 C:\Windows\System32\smss.exe
     512 csrss.exe
     572 C:\Windows\System32\wininit.exe
     592 csrss.exe
     628 C:\Windows\System32\services.exe
     652 C:\Windows\System32\lsass.exe
     660 C:\Windows\System32\lsm.exe
     800 C:\Windows\System32\winlogon.exe
     836 C:\Windows\System32\svchost.exe
     916 C:\Windows\System32\nvvsvc.exe
     956 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1088 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\svchost.exe
    1444 C:\Windows\System32\nvvsvc.exe
    1500 C:\Windows\System32\spoolsv.exe
    1552 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1624 C:\Windows\System32\svchost.exe
    1724 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    1816 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1912 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1944 C:\Windows\System32\dwm.exe
    1992 C:\Windows\explorer.exe
    2024 C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
    2036 C:\Windows\System32\taskhost.exe
     620 C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
     564 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
     656 C:\Windows\System32\conhost.exe
     508 C:\Program Files\Bonjour\mDNSResponder.exe
    2072 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    2196 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    2308 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    2316 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    2324 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    2332 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2340 C:\Windows\tsnp2uvc.exe
    2360 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2448 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2476 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2484 C:\Program Files\iTunes\iTunesHelper.exe
    2508 C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
    2520 C:\Program Files\Shareaza\Shareaza.exe
    2568 C:\PROGRA~1\Ashampoo\ASHAMP~1\bin\DEFRAG~2.EXE
    2588 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    2620 C:\Windows\System32\PnkBstrA.exe
    2632 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    2660 C:\Windows\System32\svchost.exe
    2684 C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
    3076 C:\Program Files\FRITZ!DSL\StCenter.exe
    3088 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    3188 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    3200 C:\PROGRA~1\Ashampoo\ASHAMP~1\bin\defragActivityMonitor.exe
    3208 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    3528 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    3692 C:\Windows\System32\svchost.exe
    3720 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    3748 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    2108 C:\Program Files\iPod\bin\iPodService.exe
    2208 C:\Windows\System32\SearchIndexer.exe
    4540 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5016 C:\Windows\System32\svchost.exe
    5168 C:\Windows\System32\svchost.exe
    6132 C:\Program Files\Winamp\winamp.exe
    4748 C:\Windows\System32\audiodg.exe
     764 C:\Program Files\Mozilla Firefox\firefox.exe
    4764 C:\Program Files\Mozilla Firefox\plugin-container.exe
    5468 MpCmdRun.exe
    2224 C:\Windows\System32\SearchProtocolHost.exe
    4136 C:\Windows\System32\SearchFilterHost.exe
    5244 C:\Users\Melms\Desktop\MBRCheck.exe
    1456 C:\Windows\System32\conhost.exe
    1028 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\N: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (FAT32)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001
PhysicalDrive1 Model Number: WD2500BB External, Rev: 0602

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB  \\.\PhysicalDrive1   RE: Unknown MBR code
            SHA1: CE7DBBBEE43059700485C7835F4E1ED6D2FADB1C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

cosinus · 09.05.2011, 19:17

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

06.05.2011, 12:01	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	[Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Die Scans sind schon etwas her. Bitte Malwarebytes updaten und einen neuen Vollscan machen. __________________ __________________

09.05.2011, 19:17	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	[Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

[Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme

Plagegeister aller Art und deren Bekämpfung: [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme