Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG (https://www.trojaner-board.de/86930-mal-tabs-werbung-trojaner-generic17-cnog.html)

HH_Jack 09.06.2010 21:02
Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG
 
Hallo,

es scheint ja momentan umzugehen das Problem:
Bei mir öffnen sich im Firefox in unregelmäßigen Abständen neue Tabs, die verschiedenen Seiten laden. Zudem war nach einen Neustart plötzlich ein Teil meiner Desktopicons weg und mein Soundtreiber ist auch abhanden gekommen.

Ein Virenscan mit AntiVir hat den Trojaner Generic17.CNOG bei C:\Windows\Temp\hjsr.tmp\svchost.exe gefunden. Dieser lies sich aber nicht in Quarantäne verschieben und tauchte noch ein Paar mal während dem Scan auf.

Ich habe HiJackThis laufen lassen, danach Malwarebytes und schlussendlich habe ich OTL laufen lassen. Hier die Protokolle:

HiJackThis
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:41, on 09.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Virus\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.quotenmeter.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - hxxp://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC7234AD-CCEB-4883-8770-5B5E681E0370}: NameServer = 192.168.2.1,145.253.2.11
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Hama\Common\RalinkRegistryWriter.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Malwarebytes Log:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4183

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

09.06.2010 19:39:47
mbam-log-2010-06-09 (19-39-47).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131306
Laufzeit: 5 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL.txt:
Code:
OTL logfile created on: 09.06.2010 21:08:42 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 5500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 30,82 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive E: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SVEN-PC
Current User Name: Sven
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GoogleDesktopManager-110309-193829) --  File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (RalinkRegistryWriter) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (ZD1211U(Wireless)) IEEE 802.11g USB Adapter Driver(Wireless) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (odysseyIM3) -- C:\Windows\System32\drivers\odysseyIM3.sys (Funk Software, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.quotenmeter.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.quotenmeter.de/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.06.03 18:05:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 15:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.21 17:56:16 | 000,000,000 | ---D | M]
 
[2009.11.04 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\mozilla\Extensions
[2010.06.08 23:30:44 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\7a7i6kad.default\extensions
[2009.11.05 20:31:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\7a7i6kad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.08 23:30:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.24 23:38:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.24 23:38:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.24 23:39:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.24 23:39:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.24 23:39:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.02 20:39:25 | 000,405,211 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        hityou.com
O1 - Hosts: 127.0.0.1        www.hityou.com
O1 - Hosts: 127.0.0.1        180searchassistant.com
O1 - Hosts: 127.0.0.1        www.180searchassistant.com
O1 - Hosts: 127.0.0.1        180solutions.com
O1 - Hosts: 127.0.0.1        www.180solutions.com
O1 - Hosts: 127.0.0.1        bis.180solutions.com
O1 - Hosts: 127.0.0.1        config.180solutions.com
O1 - Hosts: 127.0.0.1        cts.180solutions.com
O1 - Hosts: 127.0.0.1        downloads.180solutions.com
O1 - Hosts: 127.0.0.1        installs.180solutions.com
O1 - Hosts: 127.0.0.1        nowhere.180solutions.com
O1 - Hosts: 127.0.0.1        ping.180solutions.com
O1 - Hosts: 127.0.0.1        tv.180solutions.com
O1 - Hosts: 127.0.0.1        uploads.180solutions.com
O1 - Hosts: 127.0.0.1        public.zangocash.com
O1 - Hosts: 127.0.0.1        www.public.zangocash.com
O1 - Hosts: 127.0.0.1        static.zangocash.com
O1 - Hosts: 127.0.0.1        www.static.zangocash.com
O1 - Hosts: 127.0.0.1        www.zangocash.com
O1 - Hosts: 127.0.0.1        zangocash.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 14017 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CTxfiHlp]  File not found
O4 - HKLM..\Run: [CTXFIREG]  File not found
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/su/ocx/15030/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Sven\wasserfall_Wall.jpg
O24 - Desktop BackupWallPaper: C:\Sven\wasserfall_Wall.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.21 11:47:05 | 000,000,000 | ---D | M] - C:\Autogramme -- [ NTFS ]
O32 - AutoRun File - [2008.03.06 20:00:54 | 000,131,720 | R--- | M] (InstallShield Software Corporation) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:27 | 000,058,601 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:27 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:44 | 000,000,382 | R--- | M] () - E:\autorun.ini -- [ UDF ]
O33 - MountPoints2\{640bb30c-5a71-11dc-a5d5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{640bb30c-5a71-11dc-a5d5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- File not found
O33 - MountPoints2\{72a5207d-59af-11dd-8ee4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72a5207d-59af-11dd-8ee4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008.03.06 20:00:54 | 000,131,720 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.09 19:40:18 | 000,000,000 | ---D | C] -- C:\Virus
[2010.06.09 19:32:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.09 19:32:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.09 19:32:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.09 19:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.08 19:34:54 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Desktop
[2010.05.21 19:51:06 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Roaming\Ubisoft
[2010.05.21 19:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010.05.21 19:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft
[2010.05.13 19:19:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.05.13 19:18:43 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Favorites
[2009.06.03 20:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.09 21:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010.06.09 21:08:03 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
[2010.06.09 21:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010.06.09 20:28:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.09 20:28:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.09 20:25:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.09 20:08:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010.06.09 20:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010.06.09 19:52:56 | 000,001,930 | ---- | M] () -- C:\Users\Sven\Desktop\HiJackThis.lnk
[2010.06.09 19:32:27 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.09 19:25:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.09 19:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010.06.09 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010.06.09 18:32:33 | 060,860,587 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.06.09 18:29:13 | 000,079,216 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.09 18:29:13 | 000,079,216 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.09 18:28:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.09 18:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.09 18:28:52 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.09 18:28:05 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
[2010.06.09 18:28:05 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
[2010.06.09 18:28:05 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
[2010.06.08 23:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010.06.08 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010.06.08 22:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010.06.08 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010.06.07 23:58:14 | 002,148,864 | -H-- | M] () -- C:\Users\Sven\AppData\Local\IconCache.db
[2010.06.07 23:43:29 | 000,189,952 | ---- | M] () -- C:\Users\Sven\Desktop\SunderedFrontier_Questline.doc
[2010.06.07 00:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.06.06 18:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010.06.06 18:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010.06.06 17:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010.06.06 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010.06.06 16:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010.06.06 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010.06.06 15:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010.06.06 15:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010.06.06 14:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010.06.06 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010.06.06 13:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010.06.06 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010.06.06 00:37:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010.06.05 12:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010.06.03 01:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010.06.02 20:39:25 | 000,405,211 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.06.02 19:05:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.06.02 19:05:27 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.06.02 00:45:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2010.06.02 00:45:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2010.05.31 01:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010.05.30 22:42:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.30 21:54:18 | 256,334,546 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.30 06:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010.05.30 05:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010.05.30 05:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010.05.30 04:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010.05.30 04:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010.05.30 03:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010.05.30 03:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010.05.29 12:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010.05.21 21:45:28 | 000,000,943 | ---- | M] () -- C:\Users\Sven\Desktop\AssassinsCreed_Game.exe - Verknüpfung.lnk
[2010.05.21 13:31:49 | 000,396,837 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100602-203925.backup
[2010.05.16 23:49:47 | 000,000,112 | ---- | M] () -- C:\ProgramData\72iA37vT.dat
[2010.05.16 21:43:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010.05.16 21:43:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010.05.16 21:43:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010.05.16 21:43:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010.05.16 21:43:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010.05.16 21:43:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010.05.16 21:43:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010.05.16 21:43:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010.05.16 21:43:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010.05.13 18:16:16 | 000,000,000 | ---- | M] () -- C:\debug
[2010.05.13 14:31:40 | 000,396,739 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100521-133149.backup
[2010.05.13 03:03:53 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.05.13 01:27:32 | 000,118,784 | ---- | M] () -- C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.09 19:52:56 | 000,001,930 | ---- | C] () -- C:\Users\Sven\Desktop\HiJackThis.lnk
[2010.06.09 19:32:27 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.02 00:45:21 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2010.06.02 00:45:21 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2010.05.24 16:39:16 | 000,189,952 | ---- | C] () -- C:\Users\Sven\Desktop\SunderedFrontier_Questline.doc
[2010.05.21 21:45:28 | 000,000,943 | ---- | C] () -- C:\Users\Sven\Desktop\AssassinsCreed_Game.exe - Verknüpfung.lnk
[2010.05.13 19:20:48 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.13 19:20:46 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.13 18:16:16 | 000,000,000 | ---- | C] () -- C:\debug
[2010.05.13 18:13:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010.05.13 18:13:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010.05.13 18:13:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010.05.13 18:13:00 | 000,000,112 | ---- | C] () -- C:\ProgramData\72iA37vT.dat
[2010.05.13 18:09:33 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010.05.13 18:09:28 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010.05.13 03:03:53 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.01 00:28:13 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009.06.06 14:54:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.03 21:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009.06.03 21:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.06.03 20:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009.03.05 23:48:10 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007.09.29 18:09:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.09.16 13:46:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.09.10 11:48:17 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2007.09.04 01:16:29 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2007.09.04 01:16:23 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2007.09.04 01:16:23 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2007.03.19 06:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007.03.19 06:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007.03.19 06:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007.03.19 06:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Virtual Me:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Updater:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Turbo Lister:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Turbo Lister Backup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Red Kawa:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\My PSP8 Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\ICQ Lite:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\AdobeStockPhotos:Roxio EMC Stream
< End of report >

HH_Jack 09.06.2010 21:03
Extras.txt:

Code:
OTL Extras logfile created on: 09.06.2010 21:08:42 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 5500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 30,82 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive E: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SVEN-PC
Current User Name: Sven
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10BD6006-6A7B-4B69-A759-708779C97AF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F984C49-895A-47B5-9F15-998664FF742F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E39B240-51B7-4165-97C8-A642E8FA6D0E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04735D6E-C376-4EC5-BD36-982E1728AC58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09C7ADB7-CD0B-42F8-9B2D-643AA1093CBC}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{121D4A7C-3674-4A94-9E27-745E7CF68D2B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{24C39D53-5205-4CDF-91B5-25A1C80E36A6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{2E662CAC-29A9-4F66-A728-E780CE150B54}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{38694DFF-77F6-4443-8368-66733104E110}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3A9A872B-1EC8-4364-82B6-124A4A4830F4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{44161BCF-1E08-4072-BA91-CDE4AD6670D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5A91602F-AF4D-4F1D-A13E-8153AFFD6FAD}" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"{5AA490C2-2C03-418E-9FB1-F340B8C1D952}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{7B207452-9734-42D7-8E34-2ACB5E333F75}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{86CDA58A-DA54-452E-9FE7-D8AA365D9B19}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B7639C3E-68D9-40A8-90A6-733F204ADF67}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BFA47DA2-95E2-4404-A664-90210B05270A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C56AFDDE-19EB-43F1-8192-BB6E7437A6EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C79880C0-93A9-44C6-93C6-474B373E6621}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C7F4A073-331B-48BD-82CB-A0C3FB2D986F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CD21453D-59D5-4931-84F4-4AA524AFCCB3}" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"{CF290A93-F7A3-4FCA-BA5F-881576FA7B5A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CFCC3423-E140-4D01-8838-2155CC198DFD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{D9CC0750-6AB4-4A31-85FA-442553B12370}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E90A6116-A9C8-42AD-B756-F91E5CEAE224}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"TCP Query User{47BDEB94-05D1-4C26-8630-5E1B696A93AF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{512BA332-81BA-4328-9813-2D3F829E392B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{572A5923-3391-475D-A78F-4FB8F5E17E46}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{5B0569A4-573F-4A92-9F3A-43F31F7592E5}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{6FC6BC32-3F08-43AC-AC94-568DDDB5DE2A}C:\program files\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 10\filemaker pro.exe |
"TCP Query User{9A0077A6-212B-4C66-95FB-83BF11C49E83}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{ACC1A80A-352B-4F92-BE59-9F91F0E62B80}C:\program files\sony\everquest ii\everquest2.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"TCP Query User{BD0B9C82-44EC-4FC6-9119-39B8F4075E1A}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{BEFAD97F-4E56-4795-A2B3-74B18D2B18BF}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{C5C82749-FD03-4C42-B958-A93F13CAF6D5}F:\programme\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=f:\programme\ws_ftp\ws_ftp95.exe |
"TCP Query User{E3B3A809-3F1D-44A8-BF6E-3BA21DCDEA8D}F:\programme\emule\emule.exe" = protocol=6 | dir=in | app=f:\programme\emule\emule.exe |
"TCP Query User{E7840BE9-DB86-4462-AF3A-6A254932EFD2}C:\program files\sony\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"TCP Query User{E9969EAE-D08F-4DAA-9D52-99FB04AAA2D1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F5333932-D6BD-4FA7-A3B9-A1F7EEA88D95}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F79B8948-4537-4BD4-9BB9-38DB48D124CB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{057E689E-1804-45D3-A4F1-4EF825D4C26D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{4E139584-41C4-4BCA-AF82-8EC05956A236}F:\programme\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=f:\programme\ws_ftp\ws_ftp95.exe |
"UDP Query User{57D26493-25BD-44F2-AEC8-8CB65BA169A8}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{6537A9BD-7809-4E7E-AC52-2F03976D9F33}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7E4135AF-4503-47E3-9CDE-D251522DFEFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8E0E4D2E-8271-4B78-A9DE-01F0824B58A0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{96DE1DD6-BBF6-4D2C-9EBD-E0AE0860C7A4}C:\program files\sony\everquest ii\everquest2.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"UDP Query User{976AA348-FC09-4E65-9A72-4299F8B3F27D}C:\program files\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 10\filemaker pro.exe |
"UDP Query User{B9BAD15E-EF3B-4D55-B27F-B1F8A936F763}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{C2E16C10-8D11-479E-970A-BDC0855D8B66}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{C79DA957-096D-4FAB-8533-1539325482AA}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{D8B8D9E5-E556-404D-81B9-60CC64C177DF}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{DEA9FACE-8674-47D5-9A38-E1AA7C6EEE9E}F:\programme\emule\emule.exe" = protocol=17 | dir=in | app=f:\programme\emule\emule.exe |
"UDP Query User{F110C22C-3097-4C53-B4C8-83276CBA24B6}C:\program files\sony\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"UDP Query User{F9EA058B-F93A-4BF4-9EF1-BC68CFC9B9EE}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49668BEE-D721-449C-82D3-C7561945F706}" = Station Launcher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54212B70-2138-4DF0-91ED-34CADE1CD8E3}" = Station Launcher
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{72FA6F49-E234-47E8-9155-1B6562F6CC8A}" = Windows Live installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81D2FECF-FB01-4120-828B-DB3213440356}" = EverQuest II: Rise of Kunark
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7A89413-FB45-4ECE-A893-32DC87F45554}" = Legends of Norrath
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ALchemy X-Fi" = Creative ALchemy (X-Fi Edition)
"AudioCS" = Creative Audio-Systemsteuerung
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EQ2MAP Updater" = EQ2MAP Updater 1.2.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Download Manager_is1" = Free Download Manager 2.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Desktop" = Google Desktop
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"RealAlt_is1" = Real Alternative 1.60
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Star Trek Online" = Star Trek Online
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"Uninstall_is1" = Uninstall 1.0.0.1
"Uninstaller_B516B000_Creative ALchemy for X-Fi" = Creative ALchemy for X-Fi (Shared Components)
"Videora iPod Converter" = Videora iPod Converter 4.07
"VLC media player" = VLC media player 1.0.1
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2010 16:20:03 | Computer Name = Sven-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0004a20d,  Prozess-ID 0x1058, Anwendungsstartzeit
 01cb067ecf4e9230.
 
Error - 07.06.2010 16:20:06 | Computer Name = Sven-PC | Source = SDWinSec.exe | ID = 0
Description =
 
Error - 09.06.2010 12:56:19 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
 
Error - 09.06.2010 12:56:19 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
 
Error - 09.06.2010 12:56:23 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
 
Error - 09.06.2010 12:56:23 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
 
Error - 09.06.2010 13:52:54 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
 
Error - 09.06.2010 13:52:54 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
 
Error - 09.06.2010 13:52:56 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
 
Error - 09.06.2010 13:52:56 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
 
[ System Events ]
Error - 09.06.2010 12:25:22 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2010 13:40:14 | Computer Name = Sven-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 09.06.2010 13:45:45 | Computer Name = Sven-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
Vielen Dank schon mal!

markusg 10.06.2010 11:23
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

HH_Jack 10.06.2010 19:34
Habe das Programm durchlaufen lassen. Jetzt geht wieder alles normal. Icons sind wieder da und Sound auch.

Hier zur Kontrolle das Log. Hoffe das schaut sauber aus:

Code:
ComboFix 10-06-09.04 - Sven 10.06.2010  19:54:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3326.2203 [GMT 2:00]
ausgeführt von:: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\mounKEYs.dll


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\%appdata%
c:\windows\system32\cooper.mine
c:\windows\system32\h7t.wt
c:\windows\system32\hgtd.ruy
c:\windows\system32\nmklo.dll

----- BITS: Eventuell infizierte Webseiten -----

hxxp://amsrrpatch.everquest2.com:7011
Infizierte Kopie von c:\windows\system32\drivers\kbdclass.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2010-05-10 bis 2010-06-10  ))))))))))))))))))))))))))))))
.

2010-06-10 18:07 . 2010-06-10 18:10        --------        d-----w-        c:\users\Sven\AppData\Local\temp
2010-06-10 18:07 . 2010-06-10 18:07        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-10 18:07 . 2010-06-10 18:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-12 18:43 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 18:10 . 2009-06-30 23:07        79216        ----a-w-        c:\programdata\nvModes.dat
2010-06-10 18:10 . 2008-05-18 20:32        --------        d-----w-        c:\programdata\NVIDIA
2010-06-10 17:52 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-10 17:48 . 2009-11-15 21:21        --------        d-----w-        c:\programdata\avg9
2010-06-10 16:52 . 2010-06-10 16:52        46592        ----a-w-        c:\windows\system32\mounKEYs.dll
2010-06-09 19:30 . 2007-09-07 13:21        88456        ----a-w-        c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52        388096        ----a-r-        c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01        --------        d-----w-        c:\program files\ICQ6.5
2010-06-08 22:02 . 2008-11-16 10:24        --------        d-----w-        c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-08 21:16 . 2009-06-16 17:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23        --------        d-----w-        c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05        29512        ----a-w-        c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05        242896        ----a-w-        c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30        --------        d-----w-        c:\program files\iTunes
2010-05-21 17:51 . 2010-05-21 17:51        --------        d-----w-        c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43        --------        d-----w-        c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25        --------        d-----w-        c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-19 17:37 . 2010-03-20 10:28        --------        d-----w-        c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09        --------        d-----w-        c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13        112        ----a-w-        c:\programdata\72iA37vT.dat
2010-05-16 19:43 . 2007-10-05 09:00        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-05-13 17:20 . 2007-09-03 23:27        --------        d-----w-        c:\program files\Google
2010-05-13 01:01 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-04-28 23:55 . 2009-09-06 09:03        --------        d-----w-        c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33        621704        ----a-w-        c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33        123460        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25        72488        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42        144053        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31        5640640        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

       
Code:

       
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [N/A]
"CTXFIREG"="CTxfiReg.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-11-2 1597440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntkrcaui        REG_SZ                c:\windows\system32\mounKEYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5c,7d,df,a9,e6,c9,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 CBTNDIS4;CBTNDIS4 NDIS Protocol Driver;c:\windows\system32\CBTNDIS4.SYS [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-09-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);c:\windows\system32\DRIVERS\zd1211u.sys [2004-08-12 238080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-31 641024]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.quotenmeter.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {FC7234AD-CCEB-4883-8770-5B5E681E0370} = 192.168.2.1,145.253.2.11
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\7a7i6kad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quotenmeter.de/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-10 20:10
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hama\Common\RalinkRegistryWriter.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-10  20:21:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-10 18:21

Vor Suchlauf: 34 Verzeichnis(se), 47.374.753.792 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 48.557.408.256 Bytes frei

- - End Of File - - B73CD7C6FABB524FBB037FC8FE60E33E

markusg 10.06.2010 19:50
bis wir fertig sind, deinstaliere erst mal spybot, starte neu.


start, programme, zubehör, editor, kopiere ein:
Killall::
rootkit::

c:\windows\system32\mounKEYs.dll
AtJob::

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe


Datei speichern unter, typ alle, name cfscript.txt
speicherort, dort wo combofix gespeichert wurde, ziehe cfscript auf combofix, programm startet, log posten

HH_Jack 10.06.2010 21:17
erledigt:

Code:
ComboFix 10-06-09.04 - Sven 10.06.2010  21:56:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3326.2272 [GMT 2:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven\Desktop\cfscript.txt
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\mounKEYs.dll


(((((((((((((((((((((((  Dateien erstellt von 2010-05-10 bis 2010-06-10  ))))))))))))))))))))))))))))))
.

2010-06-10 20:01 . 2010-06-10 20:02        --------        d-----w-        c:\users\Sven\AppData\Local\temp
2010-06-10 20:01 . 2010-06-10 20:01        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-10 20:01 . 2010-06-10 20:01        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-06-10 20:01 . 2010-06-10 20:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-06-10 17:36 . 2010-06-10 17:36        --------        d-----w-        C:\%APPDATA%
2010-06-10 16:52 . 2010-06-10 16:52        46592        ----a-w-        c:\windows\system32\mounKEYs.dll
2010-06-09 19:58 . 2010-06-09 19:58        --------        d-----w-        c:\windows\system32\config\systemprofile\Office Genuine Advantage
2010-06-09 19:39 . 2010-06-09 19:39        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-06-09 17:40 . 2010-06-10 17:36        --------        d-----w-        C:\Virus
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-12 18:43 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 20:05 . 2008-11-16 10:24        --------        d-----w-        c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-10 20:02 . 2009-06-30 23:07        79216        ----a-w-        c:\programdata\nvModes.dat
2010-06-10 20:02 . 2008-05-18 20:32        --------        d-----w-        c:\programdata\NVIDIA
2010-06-10 19:38 . 2007-10-05 09:00        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-06-10 19:37 . 2007-10-05 09:00        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-06-10 17:52 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-10 17:48 . 2009-11-15 21:21        --------        d-----w-        c:\programdata\avg9
2010-06-09 19:30 . 2007-09-07 13:21        88456        ----a-w-        c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52        388096        ----a-r-        c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01        --------        d-----w-        c:\program files\ICQ6.5
2010-06-08 21:16 . 2009-06-16 17:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23        --------        d-----w-        c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05        29512        ----a-w-        c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05        242896        ----a-w-        c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30        --------        d-----w-        c:\program files\iTunes
2010-05-21 17:51 . 2010-05-21 17:51        --------        d-----w-        c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43        --------        d-----w-        c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25        --------        d-----w-        c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-19 17:37 . 2010-03-20 10:28        --------        d-----w-        c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09        --------        d-----w-        c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13        112        ----a-w-        c:\programdata\72iA37vT.dat
2010-05-13 17:20 . 2007-09-03 23:27        --------        d-----w-        c:\program files\Google
2010-05-13 01:01 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-04-28 23:55 . 2009-09-06 09:03        --------        d-----w-        c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33        621704        ----a-w-        c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33        123460        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25        72488        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42        144053        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31        5640640        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

       
Code:

       
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [N/A]
"CTXFIREG"="CTxfiReg.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-11-2 1597440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntkrcaui        REG_SZ                c:\windows\system32\mounKEYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5c,7d,df,a9,e6,c9,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 CBTNDIS4;CBTNDIS4 NDIS Protocol Driver;c:\windows\system32\CBTNDIS4.SYS [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-09-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);c:\windows\system32\DRIVERS\zd1211u.sys [2004-08-12 238080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-31 641024]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.quotenmeter.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {FC7234AD-CCEB-4883-8770-5B5E681E0370} = 192.168.2.1,145.253.2.11
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\7a7i6kad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quotenmeter.de/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-10 22:02
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hama\Common\RalinkRegistryWriter.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-10  22:12:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-10 20:12
ComboFix2.txt  2010-06-10 18:21

Vor Suchlauf: 39 Verzeichnis(se), 48.687.935.488 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 48.698.359.808 Bytes frei

- - End Of File - - A0FA34AC3AEF566091700AAE0968EF3F

markusg 11.06.2010 10:22
neues combofix script.


Killall::
rootkit::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
c:\windows\system32\mounKEYs.dll
ergebniss posten

HH_Jack 11.06.2010 18:25
hier das Protokoll:

Code:
ComboFix 10-06-10.06 - Sven 11.06.2010  19:01:45.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3326.2247 [GMT 2:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven\Desktop\cfscript.txt
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\%appdata%

.
(((((((((((((((((((((((  Dateien erstellt von 2010-05-11 bis 2010-06-11  ))))))))))))))))))))))))))))))
.

2010-06-11 17:06 . 2010-06-11 17:06        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-11 17:06 . 2010-06-11 17:06        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-06-11 17:06 . 2010-06-11 17:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-06-11 14:45 . 2010-06-11 14:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Avira
2010-06-10 21:47 . 2010-04-05 17:01        67072        ----a-w-        c:\windows\system32\asycfilt.dll
2010-06-10 21:47 . 2010-04-23 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-06-10 21:24 . 2010-03-01 08:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-06-10 21:24 . 2010-02-16 12:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-06-10 21:24 . 2009-05-11 10:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2010-06-10 21:24 . 2009-05-11 10:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2010-06-10 21:24 . 2010-06-10 21:24        --------        d-----w-        c:\programdata\Avira
2010-06-10 21:24 . 2010-06-10 21:24        --------        d-----w-        c:\program files\Avira
2010-06-10 20:01 . 2010-06-11 17:09        --------        d-----w-        c:\users\Sven\AppData\Local\temp
2010-06-10 17:36 . 2010-06-10 17:36        --------        d-----w-        C:\%APPDATA%
2010-06-10 16:52 . 2010-06-10 16:52        46592        ----a-w-        c:\windows\system32\mounKEYs.dll
2010-06-09 19:58 . 2010-06-09 19:58        --------        d-----w-        c:\windows\system32\config\systemprofile\Office Genuine Advantage
2010-06-09 19:39 . 2010-06-09 19:39        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-06-09 17:40 . 2010-06-10 17:36        --------        d-----w-        C:\Virus
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-12 18:43 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 17:08 . 2009-06-30 23:07        79216        ----a-w-        c:\programdata\nvModes.dat
2010-06-11 17:08 . 2008-05-18 20:32        --------        d-----w-        c:\programdata\NVIDIA
2010-06-11 17:00 . 2008-11-16 10:24        --------        d-----w-        c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-11 14:37 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-06-11 14:37 . 2010-03-06 10:40        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-06-10 19:38 . 2007-10-05 09:00        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-06-10 19:37 . 2007-10-05 09:00        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-06-10 17:52 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-10 17:48 . 2009-11-15 21:21        --------        d-----w-        c:\programdata\avg9
2010-06-09 19:30 . 2007-09-07 13:21        88456        ----a-w-        c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52        388096        ----a-r-        c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01        --------        d-----w-        c:\program files\ICQ6.5
2010-06-08 21:16 . 2009-06-16 17:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23        --------        d-----w-        c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05        29512        ----a-w-        c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05        242896        ----a-w-        c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30        --------        d-----w-        c:\program files\iTunes
2010-05-26 17:06 . 2010-06-10 21:46        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 21:46        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 17:51 . 2010-05-21 17:51        --------        d-----w-        c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43        --------        d-----w-        c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25        --------        d-----w-        c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-02 18:13        221568        ----a-w-        c:\windows\system32\MpSigStub.exe
2010-05-19 17:37 . 2010-03-20 10:28        --------        d-----w-        c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09        --------        d-----w-        c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13        112        ----a-w-        c:\programdata\72iA37vT.dat
2010-05-13 17:20 . 2007-09-03 23:27        --------        d-----w-        c:\program files\Google
2010-05-04 05:59 . 2010-06-10 21:46        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 21:46        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 21:46        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 21:46        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 21:46        2037248        ----a-w-        c:\windows\system32\win32k.sys
2010-04-28 23:55 . 2009-09-06 09:03        --------        d-----w-        c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33        621704        ----a-w-        c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33        123460        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25        72488        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42        144053        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31        5640640        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

       
Code:

       
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [N/A]
"CTXFIREG"="CTxfiReg.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-11-2 1597440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntkrcaui        REG_SZ                c:\windows\system32\mounKEYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5c,7d,df,a9,e6,c9,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 CBTNDIS4;CBTNDIS4 NDIS Protocol Driver;c:\windows\system32\CBTNDIS4.SYS [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-09-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);c:\windows\system32\DRIVERS\zd1211u.sys [2004-08-12 238080]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-31 641024]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.quotenmeter.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {FC7234AD-CCEB-4883-8770-5B5E681E0370} = 192.168.2.1,145.253.2.11
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\7a7i6kad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quotenmeter.de/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-11 19:08
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hama\Common\RalinkRegistryWriter.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-11  19:19:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-11 17:19
ComboFix2.txt  2010-06-10 20:12
ComboFix3.txt  2010-06-10 18:21

Vor Suchlauf: 39 Verzeichnis(se), 49.009.508.352 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 48.882.728.960 Bytes frei

- - End Of File - - 9360DEA9FD97E439DFB5F760F1EDBB85

markusg 11.06.2010 18:29
ok letztes cfscript:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-


poste das log.

HH_Jack 11.06.2010 18:58
Ich mach das auch noch öfters, wenns hilft :)

Code:
ComboFix 10-06-10.06 - Sven 11.06.2010  19:43:58.4.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3326.2314 [GMT 2:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven\Desktop\cfscript.txt
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\mounKEYs.dll


(((((((((((((((((((((((  Dateien erstellt von 2010-05-11 bis 2010-06-11  ))))))))))))))))))))))))))))))
.

2010-06-11 17:49 . 2010-06-11 17:49        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-11 17:49 . 2010-06-11 17:49        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-06-11 17:49 . 2010-06-11 17:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-06-11 17:19 . 2010-06-11 17:49        --------        d-----w-        c:\users\Sven\AppData\Local\temp
2010-06-11 14:45 . 2010-06-11 14:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Avira
2010-06-10 21:47 . 2010-04-05 17:01        67072        ----a-w-        c:\windows\system32\asycfilt.dll
2010-06-10 21:47 . 2010-04-23 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-06-10 21:24 . 2010-03-01 08:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-06-10 21:24 . 2010-02-16 12:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-06-10 21:24 . 2009-05-11 10:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2010-06-10 21:24 . 2009-05-11 10:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2010-06-10 21:24 . 2010-06-10 21:24        --------        d-----w-        c:\programdata\Avira
2010-06-10 21:24 . 2010-06-10 21:24        --------        d-----w-        c:\program files\Avira
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-06-08 17:35 . 2010-06-10 17:52        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-08 17:35 . 2010-06-09 16:23        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-05-12 18:43 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 17:46 . 2008-11-16 10:24        --------        d-----w-        c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-11 17:22 . 2009-06-30 23:07        79216        ----a-w-        c:\programdata\nvModes.dat
2010-06-11 17:22 . 2008-05-18 20:32        --------        d-----w-        c:\programdata\NVIDIA
2010-06-11 14:37 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-06-11 14:37 . 2010-03-06 10:40        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-06-10 19:38 . 2007-10-05 09:00        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-06-10 19:37 . 2007-10-05 09:00        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-06-10 17:48 . 2009-11-15 21:21        --------        d-----w-        c:\programdata\avg9
2010-06-10 16:52 . 2010-06-10 16:52        46592        ----a-w-        c:\windows\system32\mounKEYs.dll.vir
2010-06-09 19:30 . 2007-09-07 13:21        88456        ----a-w-        c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52        388096        ----a-r-        c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01        --------        d-----w-        c:\program files\ICQ6.5
2010-06-08 21:16 . 2009-06-16 17:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23        --------        d-----w-        c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05        29512        ----a-w-        c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05        242896        ----a-w-        c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30        --------        d-----w-        c:\program files\iTunes
2010-05-26 17:06 . 2010-06-10 21:46        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 21:46        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 17:51 . 2010-05-21 17:51        --------        d-----w-        c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43        --------        d-----w-        c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25        --------        d-----w-        c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-02 18:13        221568        ----a-w-        c:\windows\system32\MpSigStub.exe
2010-05-19 17:37 . 2010-03-20 10:28        --------        d-----w-        c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09        --------        d-----w-        c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13        112        ----a-w-        c:\programdata\72iA37vT.dat
2010-05-13 17:20 . 2007-09-03 23:27        --------        d-----w-        c:\program files\Google
2010-05-04 05:59 . 2010-06-10 21:46        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 21:46        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 21:46        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 21:46        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 21:46        2037248        ----a-w-        c:\windows\system32\win32k.sys
2010-04-28 23:55 . 2009-09-06 09:03        --------        d-----w-        c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33        621704        ----a-w-        c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33        123460        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25        72488        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42        144053        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31        5640640        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

       
Code:

       
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [N/A]
"CTXFIREG"="CTxfiReg.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-11-2 1597440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntkrcaui        REG_SZ                c:\windows\system32\mounKEYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5c,7d,df,a9,e6,c9,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 CBTNDIS4;CBTNDIS4 NDIS Protocol Driver;c:\windows\system32\CBTNDIS4.SYS [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-09-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);c:\windows\system32\DRIVERS\zd1211u.sys [2004-08-12 238080]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-31 641024]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.quotenmeter.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {FC7234AD-CCEB-4883-8770-5B5E681E0370} = 192.168.2.1,145.253.2.11
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\7a7i6kad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quotenmeter.de/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-11 19:49
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-06-11  19:51:27
ComboFix-quarantined-files.txt  2010-06-11 17:51
ComboFix2.txt  2010-06-11 17:19
ComboFix3.txt  2010-06-10 20:12
ComboFix4.txt  2010-06-10 18:21

Vor Suchlauf: 39 Verzeichnis(se), 48.811.065.344 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 48.758.022.144 Bytes frei

- - End Of File - - F46257D6E93783C8B415AB689E605977

markusg 11.06.2010 19:00
VirusTotal - Free Online Virus and Malware Scan
dort prüfe bitte:
c:\windows\system32\mounKEYs.dll
falls datei bereits analysiert, klicke erneut prüfen, poste das ergebniss.

HH_Jack 11.06.2010 19:49
Bei keinem der Virenscanner hat die Datei angeschlagen. Lediglich "Panda" hat sie als "Suspicious" gekennzeichnet. Hier der Rest des Logs:

Code:
File size: 46592 bytes
MD5...: 50c0acb976649109af2cb444d02fda6c
SHA1..: d0fc6c0a208cfd814c4f1c19e3099ed44b1d0154
SHA256: 240df23c51618309415527b27a5557cabbb1aa466973e80182f78c7b83b430df
ssdeep: 768:VZtggmIgAI1X4cnwetH320Our/bz9g6KyHNA4kRsyhG22LSBe:VZtRvpIFd9
1/7v9rC9x4LSBe
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x13e7
timedatestamp.....: 0x3e6c1688 (Mon Mar 10 04:37:28 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6000 0x5e00 7.16 3ef45aaa1b6c277bd782f3a6d4271d0e
.data 0x7000 0x1000 0x200 2.75 6c9de7dbdfc2348b90e9dc77e5128ea5
.bdata 0x8000 0x5000 0x5000 7.14 a9419f14a773a38b924a332c83c8d605
.reloc 0xd000 0x1000 0x200 0.50 513b0a5a1382d210d41dac9be2cc5699

( 1 imports )
> KERNEL32.dll: CreateSemaphoreA, OpenThread, GetCurrentThreadId, ExitProcess, GetThreadPriority, LoadLibraryExA

( 2 exports )
CreateProcessNotify, DllEntryPoint
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

markusg 11.06.2010 20:02
http://www.trojaner-board.de/54791-a...ner-board.html
kannst du die mal zu uns hochladen, wie unter punkt2 beschrieben?

HH_Jack 11.06.2010 20:28
Habe ich gemacht.
Danke schonmal für die Mühe!

markusg 12.06.2010 10:35
bitte benutze kaspersky avp:
Kaspersky 's AVP Tool - Virus Hilfe
poste das ergebniss


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:59 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131