Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG (https://www.trojaner-board.de/86930-mal-tabs-werbung-trojaner-generic17-cnog.html)

HH_Jack 09.06.2010 21:02
Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG
 
Hallo,

es scheint ja momentan umzugehen das Problem:
Bei mir öffnen sich im Firefox in unregelmäßigen Abständen neue Tabs, die verschiedenen Seiten laden. Zudem war nach einen Neustart plötzlich ein Teil meiner Desktopicons weg und mein Soundtreiber ist auch abhanden gekommen.

Ein Virenscan mit AntiVir hat den Trojaner Generic17.CNOG bei C:\Windows\Temp\hjsr.tmp\svchost.exe gefunden. Dieser lies sich aber nicht in Quarantäne verschieben und tauchte noch ein Paar mal während dem Scan auf.

Ich habe HiJackThis laufen lassen, danach Malwarebytes und schlussendlich habe ich OTL laufen lassen. Hier die Protokolle:

HiJackThis
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:41, on 09.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Virus\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.quotenmeter.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - hxxp://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC7234AD-CCEB-4883-8770-5B5E681E0370}: NameServer = 192.168.2.1,145.253.2.11
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Hama\Common\RalinkRegistryWriter.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Malwarebytes Log:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4183

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

09.06.2010 19:39:47
mbam-log-2010-06-09 (19-39-47).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131306
Laufzeit: 5 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL.txt:
Code:
OTL logfile created on: 09.06.2010 21:08:42 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 5500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 30,82 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive E: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SVEN-PC
Current User Name: Sven
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GoogleDesktopManager-110309-193829) --  File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (RalinkRegistryWriter) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (ZD1211U(Wireless)) IEEE 802.11g USB Adapter Driver(Wireless) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (odysseyIM3) -- C:\Windows\System32\drivers\odysseyIM3.sys (Funk Software, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.quotenmeter.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.quotenmeter.de/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.06.03 18:05:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 15:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.21 17:56:16 | 000,000,000 | ---D | M]
 
[2009.11.04 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\mozilla\Extensions
[2010.06.08 23:30:44 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\7a7i6kad.default\extensions
[2009.11.05 20:31:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\7a7i6kad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.08 23:30:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.24 23:38:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.24 23:38:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.24 23:39:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.24 23:39:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.24 23:39:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.02 20:39:25 | 000,405,211 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        hityou.com
O1 - Hosts: 127.0.0.1        www.hityou.com
O1 - Hosts: 127.0.0.1        180searchassistant.com
O1 - Hosts: 127.0.0.1        www.180searchassistant.com
O1 - Hosts: 127.0.0.1        180solutions.com
O1 - Hosts: 127.0.0.1        www.180solutions.com
O1 - Hosts: 127.0.0.1        bis.180solutions.com
O1 - Hosts: 127.0.0.1        config.180solutions.com
O1 - Hosts: 127.0.0.1        cts.180solutions.com
O1 - Hosts: 127.0.0.1        downloads.180solutions.com
O1 - Hosts: 127.0.0.1        installs.180solutions.com
O1 - Hosts: 127.0.0.1        nowhere.180solutions.com
O1 - Hosts: 127.0.0.1        ping.180solutions.com
O1 - Hosts: 127.0.0.1        tv.180solutions.com
O1 - Hosts: 127.0.0.1        uploads.180solutions.com
O1 - Hosts: 127.0.0.1        public.zangocash.com
O1 - Hosts: 127.0.0.1        www.public.zangocash.com
O1 - Hosts: 127.0.0.1        static.zangocash.com
O1 - Hosts: 127.0.0.1        www.static.zangocash.com
O1 - Hosts: 127.0.0.1        www.zangocash.com
O1 - Hosts: 127.0.0.1        zangocash.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 14017 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CTxfiHlp]  File not found
O4 - HKLM..\Run: [CTXFIREG]  File not found
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/su/ocx/15030/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Sven\wasserfall_Wall.jpg
O24 - Desktop BackupWallPaper: C:\Sven\wasserfall_Wall.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.21 11:47:05 | 000,000,000 | ---D | M] - C:\Autogramme -- [ NTFS ]
O32 - AutoRun File - [2008.03.06 20:00:54 | 000,131,720 | R--- | M] (InstallShield Software Corporation) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:27 | 000,058,601 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:27 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:44 | 000,000,382 | R--- | M] () - E:\autorun.ini -- [ UDF ]
O33 - MountPoints2\{640bb30c-5a71-11dc-a5d5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{640bb30c-5a71-11dc-a5d5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- File not found
O33 - MountPoints2\{72a5207d-59af-11dd-8ee4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72a5207d-59af-11dd-8ee4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008.03.06 20:00:54 | 000,131,720 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.09 19:40:18 | 000,000,000 | ---D | C] -- C:\Virus
[2010.06.09 19:32:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.09 19:32:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.09 19:32:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.09 19:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.08 19:34:54 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Desktop
[2010.05.21 19:51:06 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Roaming\Ubisoft
[2010.05.21 19:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010.05.21 19:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft
[2010.05.13 19:19:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.05.13 19:18:43 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Favorites
[2009.06.03 20:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.09 21:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010.06.09 21:08:03 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
[2010.06.09 21:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010.06.09 20:28:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.09 20:28:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.09 20:25:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.09 20:08:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010.06.09 20:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010.06.09 19:52:56 | 000,001,930 | ---- | M] () -- C:\Users\Sven\Desktop\HiJackThis.lnk
[2010.06.09 19:32:27 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.09 19:25:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.09 19:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010.06.09 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010.06.09 18:32:33 | 060,860,587 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.06.09 18:29:13 | 000,079,216 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.09 18:29:13 | 000,079,216 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.09 18:28:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.09 18:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.09 18:28:52 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.09 18:28:05 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
[2010.06.09 18:28:05 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
[2010.06.09 18:28:05 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
[2010.06.08 23:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010.06.08 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010.06.08 22:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010.06.08 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010.06.07 23:58:14 | 002,148,864 | -H-- | M] () -- C:\Users\Sven\AppData\Local\IconCache.db
[2010.06.07 23:43:29 | 000,189,952 | ---- | M] () -- C:\Users\Sven\Desktop\SunderedFrontier_Questline.doc
[2010.06.07 00:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.06.06 18:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010.06.06 18:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010.06.06 17:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010.06.06 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010.06.06 16:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010.06.06 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010.06.06 15:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010.06.06 15:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010.06.06 14:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010.06.06 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010.06.06 13:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010.06.06 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010.06.06 00:37:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010.06.05 12:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010.06.03 01:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010.06.02 20:39:25 | 000,405,211 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.06.02 19:05:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.06.02 19:05:27 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.06.02 00:45:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2010.06.02 00:45:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2010.05.31 01:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010.05.30 22:42:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.30 21:54:18 | 256,334,546 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.30 06:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010.05.30 05:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010.05.30 05:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010.05.30 04:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010.05.30 04:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010.05.30 03:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010.05.30 03:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010.05.29 12:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010.05.21 21:45:28 | 000,000,943 | ---- | M] () -- C:\Users\Sven\Desktop\AssassinsCreed_Game.exe - Verknüpfung.lnk
[2010.05.21 13:31:49 | 000,396,837 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100602-203925.backup
[2010.05.16 23:49:47 | 000,000,112 | ---- | M] () -- C:\ProgramData\72iA37vT.dat
[2010.05.16 21:43:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010.05.16 21:43:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010.05.16 21:43:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010.05.16 21:43:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010.05.16 21:43:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010.05.16 21:43:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010.05.16 21:43:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010.05.16 21:43:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010.05.16 21:43:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010.05.13 18:16:16 | 000,000,000 | ---- | M] () -- C:\debug
[2010.05.13 14:31:40 | 000,396,739 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100521-133149.backup
[2010.05.13 03:03:53 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.05.13 01:27:32 | 000,118,784 | ---- | M] () -- C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.09 19:52:56 | 000,001,930 | ---- | C] () -- C:\Users\Sven\Desktop\HiJackThis.lnk
[2010.06.09 19:32:27 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.02 00:45:21 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2010.06.02 00:45:21 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2010.05.24 16:39:16 | 000,189,952 | ---- | C] () -- C:\Users\Sven\Desktop\SunderedFrontier_Questline.doc
[2010.05.21 21:45:28 | 000,000,943 | ---- | C] () -- C:\Users\Sven\Desktop\AssassinsCreed_Game.exe - Verknüpfung.lnk
[2010.05.13 19:20:48 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.13 19:20:46 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.13 18:16:16 | 000,000,000 | ---- | C] () -- C:\debug
[2010.05.13 18:13:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010.05.13 18:13:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010.05.13 18:13:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010.05.13 18:13:00 | 000,000,112 | ---- | C] () -- C:\ProgramData\72iA37vT.dat
[2010.05.13 18:09:33 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010.05.13 18:09:28 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010.05.13 03:03:53 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.01 00:28:13 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009.06.06 14:54:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.03 21:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009.06.03 21:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.06.03 20:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009.03.05 23:48:10 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007.09.29 18:09:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.09.16 13:46:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.09.10 11:48:17 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2007.09.04 01:16:29 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2007.09.04 01:16:23 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2007.09.04 01:16:23 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2007.03.19 06:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007.03.19 06:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007.03.19 06:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007.03.19 06:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Virtual Me:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Updater:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Turbo Lister:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Turbo Lister Backup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Red Kawa:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\My PSP8 Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\ICQ Lite:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\AdobeStockPhotos:Roxio EMC Stream
< End of report >

HH_Jack 09.06.2010 21:03
Extras.txt:

Code:
OTL Extras logfile created on: 09.06.2010 21:08:42 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 5500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 30,82 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive E: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SVEN-PC
Current User Name: Sven
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10BD6006-6A7B-4B69-A759-708779C97AF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F984C49-895A-47B5-9F15-998664FF742F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E39B240-51B7-4165-97C8-A642E8FA6D0E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04735D6E-C376-4EC5-BD36-982E1728AC58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09C7ADB7-CD0B-42F8-9B2D-643AA1093CBC}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{121D4A7C-3674-4A94-9E27-745E7CF68D2B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{24C39D53-5205-4CDF-91B5-25A1C80E36A6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{2E662CAC-29A9-4F66-A728-E780CE150B54}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{38694DFF-77F6-4443-8368-66733104E110}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3A9A872B-1EC8-4364-82B6-124A4A4830F4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{44161BCF-1E08-4072-BA91-CDE4AD6670D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5A91602F-AF4D-4F1D-A13E-8153AFFD6FAD}" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"{5AA490C2-2C03-418E-9FB1-F340B8C1D952}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{7B207452-9734-42D7-8E34-2ACB5E333F75}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{86CDA58A-DA54-452E-9FE7-D8AA365D9B19}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B7639C3E-68D9-40A8-90A6-733F204ADF67}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BFA47DA2-95E2-4404-A664-90210B05270A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C56AFDDE-19EB-43F1-8192-BB6E7437A6EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C79880C0-93A9-44C6-93C6-474B373E6621}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C7F4A073-331B-48BD-82CB-A0C3FB2D986F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CD21453D-59D5-4931-84F4-4AA524AFCCB3}" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"{CF290A93-F7A3-4FCA-BA5F-881576FA7B5A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CFCC3423-E140-4D01-8838-2155CC198DFD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{D9CC0750-6AB4-4A31-85FA-442553B12370}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E90A6116-A9C8-42AD-B756-F91E5CEAE224}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"TCP Query User{47BDEB94-05D1-4C26-8630-5E1B696A93AF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{512BA332-81BA-4328-9813-2D3F829E392B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{572A5923-3391-475D-A78F-4FB8F5E17E46}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{5B0569A4-573F-4A92-9F3A-43F31F7592E5}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{6FC6BC32-3F08-43AC-AC94-568DDDB5DE2A}C:\program files\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 10\filemaker pro.exe |
"TCP Query User{9A0077A6-212B-4C66-95FB-83BF11C49E83}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{ACC1A80A-352B-4F92-BE59-9F91F0E62B80}C:\program files\sony\everquest ii\everquest2.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"TCP Query User{BD0B9C82-44EC-4FC6-9119-39B8F4075E1A}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{BEFAD97F-4E56-4795-A2B3-74B18D2B18BF}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{C5C82749-FD03-4C42-B958-A93F13CAF6D5}F:\programme\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=f:\programme\ws_ftp\ws_ftp95.exe |
"TCP Query User{E3B3A809-3F1D-44A8-BF6E-3BA21DCDEA8D}F:\programme\emule\emule.exe" = protocol=6 | dir=in | app=f:\programme\emule\emule.exe |
"TCP Query User{E7840BE9-DB86-4462-AF3A-6A254932EFD2}C:\program files\sony\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"TCP Query User{E9969EAE-D08F-4DAA-9D52-99FB04AAA2D1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F5333932-D6BD-4FA7-A3B9-A1F7EEA88D95}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F79B8948-4537-4BD4-9BB9-38DB48D124CB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{057E689E-1804-45D3-A4F1-4EF825D4C26D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{4E139584-41C4-4BCA-AF82-8EC05956A236}F:\programme\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=f:\programme\ws_ftp\ws_ftp95.exe |
"UDP Query User{57D26493-25BD-44F2-AEC8-8CB65BA169A8}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{6537A9BD-7809-4E7E-AC52-2F03976D9F33}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7E4135AF-4503-47E3-9CDE-D251522DFEFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8E0E4D2E-8271-4B78-A9DE-01F0824B58A0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{96DE1DD6-BBF6-4D2C-9EBD-E0AE0860C7A4}C:\program files\sony\everquest ii\everquest2.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"UDP Query User{976AA348-FC09-4E65-9A72-4299F8B3F27D}C:\program files\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 10\filemaker pro.exe |
"UDP Query User{B9BAD15E-EF3B-4D55-B27F-B1F8A936F763}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{C2E16C10-8D11-479E-970A-BDC0855D8B66}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{C79DA957-096D-4FAB-8533-1539325482AA}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{D8B8D9E5-E556-404D-81B9-60CC64C177DF}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{DEA9FACE-8674-47D5-9A38-E1AA7C6EEE9E}F:\programme\emule\emule.exe" = protocol=17 | dir=in | app=f:\programme\emule\emule.exe |
"UDP Query User{F110C22C-3097-4C53-B4C8-83276CBA24B6}C:\program files\sony\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"UDP Query User{F9EA058B-F93A-4BF4-9EF1-BC68CFC9B9EE}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49668BEE-D721-449C-82D3-C7561945F706}" = Station Launcher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54212B70-2138-4DF0-91ED-34CADE1CD8E3}" = Station Launcher
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{72FA6F49-E234-47E8-9155-1B6562F6CC8A}" = Windows Live installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81D2FECF-FB01-4120-828B-DB3213440356}" = EverQuest II: Rise of Kunark
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7A89413-FB45-4ECE-A893-32DC87F45554}" = Legends of Norrath
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ALchemy X-Fi" = Creative ALchemy (X-Fi Edition)
"AudioCS" = Creative Audio-Systemsteuerung
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EQ2MAP Updater" = EQ2MAP Updater 1.2.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Download Manager_is1" = Free Download Manager 2.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Desktop" = Google Desktop
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"RealAlt_is1" = Real Alternative 1.60
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Star Trek Online" = Star Trek Online
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"Uninstall_is1" = Uninstall 1.0.0.1
"Uninstaller_B516B000_Creative ALchemy for X-Fi" = Creative ALchemy for X-Fi (Shared Components)
"Videora iPod Converter" = Videora iPod Converter 4.07
"VLC media player" = VLC media player 1.0.1
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2010 16:20:03 | Computer Name = Sven-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0004a20d,  Prozess-ID 0x1058, Anwendungsstartzeit
 01cb067ecf4e9230.
 
Error - 07.06.2010 16:20:06 | Computer Name = Sven-PC | Source = SDWinSec.exe | ID = 0
Description =
 
Error - 09.06.2010 12:56:19 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
 
Error - 09.06.2010 12:56:19 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
 
Error - 09.06.2010 12:56:23 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
 
Error - 09.06.2010 12:56:23 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
 
Error - 09.06.2010 13:52:54 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
 
Error - 09.06.2010 13:52:54 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
 
Error - 09.06.2010 13:52:56 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
 
Error - 09.06.2010 13:52:56 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
 
[ System Events ]
Error - 09.06.2010 12:25:22 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2010 13:40:14 | Computer Name = Sven-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 09.06.2010 13:45:45 | Computer Name = Sven-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
Vielen Dank schon mal!

markusg 10.06.2010 11:23
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

HH_Jack 10.06.2010 19:34
Habe das Programm durchlaufen lassen. Jetzt geht wieder alles normal. Icons sind wieder da und Sound auch.

Hier zur Kontrolle das Log. Hoffe das schaut sauber aus:

Code:
ComboFix 10-06-09.04 - Sven 10.06.2010  19:54:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3326.2203 [GMT 2:00]
ausgeführt von:: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\mounKEYs.dll


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\%appdata%
c:\windows\system32\cooper.mine
c:\windows\system32\h7t.wt
c:\windows\system32\hgtd.ruy
c:\windows\system32\nmklo.dll

----- BITS: Eventuell infizierte Webseiten -----

hxxp://amsrrpatch.everquest2.com:7011
Infizierte Kopie von c:\windows\system32\drivers\kbdclass.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2010-05-10 bis 2010-06-10  ))))))))))))))))))))))))))))))
.

2010-06-10 18:07 . 2010-06-10 18:10        --------        d-----w-        c:\users\Sven\AppData\Local\temp
2010-06-10 18:07 . 2010-06-10 18:07        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-10 18:07 . 2010-06-10 18:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-12 18:43 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 18:10 . 2009-06-30 23:07        79216        ----a-w-        c:\programdata\nvModes.dat
2010-06-10 18:10 . 2008-05-18 20:32        --------        d-----w-        c:\programdata\NVIDIA
2010-06-10 17:52 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-10 17:48 . 2009-11-15 21:21        --------        d-----w-        c:\programdata\avg9
2010-06-10 16:52 . 2010-06-10 16:52        46592        ----a-w-        c:\windows\system32\mounKEYs.dll
2010-06-09 19:30 . 2007-09-07 13:21        88456        ----a-w-        c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52        388096        ----a-r-        c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01        --------        d-----w-        c:\program files\ICQ6.5
2010-06-08 22:02 . 2008-11-16 10:24        --------        d-----w-        c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-08 21:16 . 2009-06-16 17:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23        --------        d-----w-        c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05        29512        ----a-w-        c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05        242896        ----a-w-        c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30        --------        d-----w-        c:\program files\iTunes
2010-05-21 17:51 . 2010-05-21 17:51        --------        d-----w-        c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43        --------        d-----w-        c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25        --------        d-----w-        c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-19 17:37 . 2010-03-20 10:28        --------        d-----w-        c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09        --------        d-----w-        c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13        112        ----a-w-        c:\programdata\72iA37vT.dat
2010-05-16 19:43 . 2007-10-05 09:00        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-05-13 17:20 . 2007-09-03 23:27        --------        d-----w-        c:\program files\Google
2010-05-13 01:01 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-04-28 23:55 . 2009-09-06 09:03        --------        d-----w-        c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33        621704        ----a-w-        c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33        123460        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25        72488        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42        144053        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31        5640640        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

       
Code:

       
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [N/A]
"CTXFIREG"="CTxfiReg.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-11-2 1597440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntkrcaui        REG_SZ                c:\windows\system32\mounKEYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5c,7d,df,a9,e6,c9,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 CBTNDIS4;CBTNDIS4 NDIS Protocol Driver;c:\windows\system32\CBTNDIS4.SYS [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-09-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);c:\windows\system32\DRIVERS\zd1211u.sys [2004-08-12 238080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-31 641024]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.quotenmeter.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {FC7234AD-CCEB-4883-8770-5B5E681E0370} = 192.168.2.1,145.253.2.11
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\7a7i6kad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quotenmeter.de/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-10 20:10
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hama\Common\RalinkRegistryWriter.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-10  20:21:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-10 18:21

Vor Suchlauf: 34 Verzeichnis(se), 47.374.753.792 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 48.557.408.256 Bytes frei

- - End Of File - - B73CD7C6FABB524FBB037FC8FE60E33E

markusg 10.06.2010 19:50
bis wir fertig sind, deinstaliere erst mal spybot, starte neu.


start, programme, zubehör, editor, kopiere ein:
Killall::
rootkit::

c:\windows\system32\mounKEYs.dll
AtJob::

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe


Datei speichern unter, typ alle, name cfscript.txt
speicherort, dort wo combofix gespeichert wurde, ziehe cfscript auf combofix, programm startet, log posten

HH_Jack 10.06.2010 21:17
erledigt:

Code:
ComboFix 10-06-09.04 - Sven 10.06.2010  21:56:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3326.2272 [GMT 2:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven\Desktop\cfscript.txt
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\mounKEYs.dll


(((((((((((((((((((((((  Dateien erstellt von 2010-05-10 bis 2010-06-10  ))))))))))))))))))))))))))))))
.

2010-06-10 20:01 . 2010-06-10 20:02        --------        d-----w-        c:\users\Sven\AppData\Local\temp
2010-06-10 20:01 . 2010-06-10 20:01        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-10 20:01 . 2010-06-10 20:01        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-06-10 20:01 . 2010-06-10 20:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-06-10 17:36 . 2010-06-10 17:36        --------        d-----w-        C:\%APPDATA%
2010-06-10 16:52 . 2010-06-10 16:52        46592        ----a-w-        c:\windows\system32\mounKEYs.dll
2010-06-09 19:58 . 2010-06-09 19:58        --------        d-----w-        c:\windows\system32\config\systemprofile\Office Genuine Advantage
2010-06-09 19:39 . 2010-06-09 19:39        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-06-09 17:40 . 2010-06-10 17:36        --------        d-----w-        C:\Virus
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-12 18:43 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 20:05 . 2008-11-16 10:24        --------        d-----w-        c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-10 20:02 . 2009-06-30 23:07        79216        ----a-w-        c:\programdata\nvModes.dat
2010-06-10 20:02 . 2008-05-18 20:32        --------        d-----w-        c:\programdata\NVIDIA
2010-06-10 19:38 . 2007-10-05 09:00        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-06-10 19:37 . 2007-10-05 09:00        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-06-10 17:52 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-10 17:48 . 2009-11-15 21:21        --------        d-----w-        c:\programdata\avg9
2010-06-09 19:30 . 2007-09-07 13:21        88456        ----a-w-        c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52        388096        ----a-r-        c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01        --------        d-----w-        c:\program files\ICQ6.5
2010-06-08 21:16 . 2009-06-16 17:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23        --------        d-----w-        c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05        29512        ----a-w-        c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05        242896        ----a-w-        c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30        --------        d-----w-        c:\program files\iTunes
2010-05-21 17:51 . 2010-05-21 17:51        --------        d-----w-        c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43        --------        d-----w-        c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25        --------        d-----w-        c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-19 17:37 . 2010-03-20 10:28        --------        d-----w-        c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09        --------        d-----w-        c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13        112        ----a-w-        c:\programdata\72iA37vT.dat
2010-05-13 17:20 . 2007-09-03 23:27        --------        d-----w-        c:\program files\Google
2010-05-13 01:01 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-04-28 23:55 . 2009-09-06 09:03        --------        d-----w-        c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33        621704        ----a-w-        c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33        123460        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25        72488        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42        144053        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31        5640640        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

       
Code:

       
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [N/A]
"CTXFIREG"="CTxfiReg.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-11-2 1597440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntkrcaui        REG_SZ                c:\windows\system32\mounKEYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5c,7d,df,a9,e6,c9,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 CBTNDIS4;CBTNDIS4 NDIS Protocol Driver;c:\windows\system32\CBTNDIS4.SYS [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-09-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);c:\windows\system32\DRIVERS\zd1211u.sys [2004-08-12 238080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-31 641024]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.quotenmeter.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {FC7234AD-CCEB-4883-8770-5B5E681E0370} = 192.168.2.1,145.253.2.11
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\7a7i6kad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quotenmeter.de/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-10 22:02
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hama\Common\RalinkRegistryWriter.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-10  22:12:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-10 20:12
ComboFix2.txt  2010-06-10 18:21

Vor Suchlauf: 39 Verzeichnis(se), 48.687.935.488 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 48.698.359.808 Bytes frei

- - End Of File - - A0FA34AC3AEF566091700AAE0968EF3F

markusg 11.06.2010 10:22
neues combofix script.


Killall::
rootkit::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
c:\windows\system32\mounKEYs.dll
ergebniss posten

HH_Jack 11.06.2010 18:25
hier das Protokoll:

Code:
ComboFix 10-06-10.06 - Sven 11.06.2010  19:01:45.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3326.2247 [GMT 2:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven\Desktop\cfscript.txt
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\%appdata%

.
(((((((((((((((((((((((  Dateien erstellt von 2010-05-11 bis 2010-06-11  ))))))))))))))))))))))))))))))
.

2010-06-11 17:06 . 2010-06-11 17:06        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-11 17:06 . 2010-06-11 17:06        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-06-11 17:06 . 2010-06-11 17:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-06-11 14:45 . 2010-06-11 14:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Avira
2010-06-10 21:47 . 2010-04-05 17:01        67072        ----a-w-        c:\windows\system32\asycfilt.dll
2010-06-10 21:47 . 2010-04-23 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-06-10 21:24 . 2010-03-01 08:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-06-10 21:24 . 2010-02-16 12:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-06-10 21:24 . 2009-05-11 10:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2010-06-10 21:24 . 2009-05-11 10:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2010-06-10 21:24 . 2010-06-10 21:24        --------        d-----w-        c:\programdata\Avira
2010-06-10 21:24 . 2010-06-10 21:24        --------        d-----w-        c:\program files\Avira
2010-06-10 20:01 . 2010-06-11 17:09        --------        d-----w-        c:\users\Sven\AppData\Local\temp
2010-06-10 17:36 . 2010-06-10 17:36        --------        d-----w-        C:\%APPDATA%
2010-06-10 16:52 . 2010-06-10 16:52        46592        ----a-w-        c:\windows\system32\mounKEYs.dll
2010-06-09 19:58 . 2010-06-09 19:58        --------        d-----w-        c:\windows\system32\config\systemprofile\Office Genuine Advantage
2010-06-09 19:39 . 2010-06-09 19:39        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-06-09 17:40 . 2010-06-10 17:36        --------        d-----w-        C:\Virus
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-12 18:43 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 17:08 . 2009-06-30 23:07        79216        ----a-w-        c:\programdata\nvModes.dat
2010-06-11 17:08 . 2008-05-18 20:32        --------        d-----w-        c:\programdata\NVIDIA
2010-06-11 17:00 . 2008-11-16 10:24        --------        d-----w-        c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-11 14:37 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-06-11 14:37 . 2010-03-06 10:40        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-06-10 19:38 . 2007-10-05 09:00        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-06-10 19:37 . 2007-10-05 09:00        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-06-10 17:52 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-10 17:48 . 2009-11-15 21:21        --------        d-----w-        c:\programdata\avg9
2010-06-09 19:30 . 2007-09-07 13:21        88456        ----a-w-        c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52        388096        ----a-r-        c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01        --------        d-----w-        c:\program files\ICQ6.5
2010-06-08 21:16 . 2009-06-16 17:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23        --------        d-----w-        c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05        29512        ----a-w-        c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05        242896        ----a-w-        c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30        --------        d-----w-        c:\program files\iTunes
2010-05-26 17:06 . 2010-06-10 21:46        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 21:46        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 17:51 . 2010-05-21 17:51        --------        d-----w-        c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43        --------        d-----w-        c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25        --------        d-----w-        c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-02 18:13        221568        ----a-w-        c:\windows\system32\MpSigStub.exe
2010-05-19 17:37 . 2010-03-20 10:28        --------        d-----w-        c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09        --------        d-----w-        c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13        112        ----a-w-        c:\programdata\72iA37vT.dat
2010-05-13 17:20 . 2007-09-03 23:27        --------        d-----w-        c:\program files\Google
2010-05-04 05:59 . 2010-06-10 21:46        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 21:46        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 21:46        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 21:46        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 21:46        2037248        ----a-w-        c:\windows\system32\win32k.sys
2010-04-28 23:55 . 2009-09-06 09:03        --------        d-----w-        c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33        621704        ----a-w-        c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33        123460        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25        72488        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42        144053        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31        5640640        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

       
Code:

       
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [N/A]
"CTXFIREG"="CTxfiReg.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-11-2 1597440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntkrcaui        REG_SZ                c:\windows\system32\mounKEYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5c,7d,df,a9,e6,c9,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 CBTNDIS4;CBTNDIS4 NDIS Protocol Driver;c:\windows\system32\CBTNDIS4.SYS [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-09-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);c:\windows\system32\DRIVERS\zd1211u.sys [2004-08-12 238080]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-31 641024]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.quotenmeter.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {FC7234AD-CCEB-4883-8770-5B5E681E0370} = 192.168.2.1,145.253.2.11
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\7a7i6kad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quotenmeter.de/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-11 19:08
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hama\Common\RalinkRegistryWriter.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-11  19:19:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-11 17:19
ComboFix2.txt  2010-06-10 20:12
ComboFix3.txt  2010-06-10 18:21

Vor Suchlauf: 39 Verzeichnis(se), 49.009.508.352 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 48.882.728.960 Bytes frei

- - End Of File - - 9360DEA9FD97E439DFB5F760F1EDBB85

markusg 11.06.2010 18:29
ok letztes cfscript:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-


poste das log.

HH_Jack 11.06.2010 18:58
Ich mach das auch noch öfters, wenns hilft :)

Code:
ComboFix 10-06-10.06 - Sven 11.06.2010  19:43:58.4.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3326.2314 [GMT 2:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven\Desktop\cfscript.txt
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\mounKEYs.dll


(((((((((((((((((((((((  Dateien erstellt von 2010-05-11 bis 2010-06-11  ))))))))))))))))))))))))))))))
.

2010-06-11 17:49 . 2010-06-11 17:49        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-11 17:49 . 2010-06-11 17:49        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-06-11 17:49 . 2010-06-11 17:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-06-11 17:19 . 2010-06-11 17:49        --------        d-----w-        c:\users\Sven\AppData\Local\temp
2010-06-11 14:45 . 2010-06-11 14:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Avira
2010-06-10 21:47 . 2010-04-05 17:01        67072        ----a-w-        c:\windows\system32\asycfilt.dll
2010-06-10 21:47 . 2010-04-23 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-06-10 21:24 . 2010-03-01 08:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-06-10 21:24 . 2010-02-16 12:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-06-10 21:24 . 2009-05-11 10:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2010-06-10 21:24 . 2009-05-11 10:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2010-06-10 21:24 . 2010-06-10 21:24        --------        d-----w-        c:\programdata\Avira
2010-06-10 21:24 . 2010-06-10 21:24        --------        d-----w-        c:\program files\Avira
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-06-08 17:35 . 2010-06-10 17:52        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-08 17:35 . 2010-06-09 16:23        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-05-12 18:43 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 17:46 . 2008-11-16 10:24        --------        d-----w-        c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-11 17:22 . 2009-06-30 23:07        79216        ----a-w-        c:\programdata\nvModes.dat
2010-06-11 17:22 . 2008-05-18 20:32        --------        d-----w-        c:\programdata\NVIDIA
2010-06-11 14:37 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-06-11 14:37 . 2010-03-06 10:40        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-06-10 19:38 . 2007-10-05 09:00        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-06-10 19:37 . 2007-10-05 09:00        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-06-10 17:48 . 2009-11-15 21:21        --------        d-----w-        c:\programdata\avg9
2010-06-10 16:52 . 2010-06-10 16:52        46592        ----a-w-        c:\windows\system32\mounKEYs.dll.vir
2010-06-09 19:30 . 2007-09-07 13:21        88456        ----a-w-        c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52        388096        ----a-r-        c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01        --------        d-----w-        c:\program files\ICQ6.5
2010-06-08 21:16 . 2009-06-16 17:45        --------        d-----w-        c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23        --------        d-----w-        c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05        29512        ----a-w-        c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05        242896        ----a-w-        c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30        --------        d-----w-        c:\program files\iTunes
2010-05-26 17:06 . 2010-06-10 21:46        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 21:46        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 17:51 . 2010-05-21 17:51        --------        d-----w-        c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43        --------        d-----w-        c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25        --------        d-----w-        c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-02 18:13        221568        ----a-w-        c:\windows\system32\MpSigStub.exe
2010-05-19 17:37 . 2010-03-20 10:28        --------        d-----w-        c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09        --------        d-----w-        c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13        112        ----a-w-        c:\programdata\72iA37vT.dat
2010-05-13 17:20 . 2007-09-03 23:27        --------        d-----w-        c:\program files\Google
2010-05-04 05:59 . 2010-06-10 21:46        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 21:46        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 21:46        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 21:46        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 21:46        2037248        ----a-w-        c:\windows\system32\win32k.sys
2010-04-28 23:55 . 2009-09-06 09:03        --------        d-----w-        c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33        621704        ----a-w-        c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33        123460        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25        72488        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42        144053        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31        5640640        ----a-w-        c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

       
Code:

       
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [N/A]
"CTXFIREG"="CTxfiReg.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-11-2 1597440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntkrcaui        REG_SZ                c:\windows\system32\mounKEYs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5c,7d,df,a9,e6,c9,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 CBTNDIS4;CBTNDIS4 NDIS Protocol Driver;c:\windows\system32\CBTNDIS4.SYS [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-09-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);c:\windows\system32\DRIVERS\zd1211u.sys [2004-08-12 238080]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-31 641024]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:20]

2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.quotenmeter.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {FC7234AD-CCEB-4883-8770-5B5E681E0370} = 192.168.2.1,145.253.2.11
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\7a7i6kad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quotenmeter.de/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-11 19:49
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,33,9b,aa,6d,5d,1c,4f,8d,73,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-06-11  19:51:27
ComboFix-quarantined-files.txt  2010-06-11 17:51
ComboFix2.txt  2010-06-11 17:19
ComboFix3.txt  2010-06-10 20:12
ComboFix4.txt  2010-06-10 18:21

Vor Suchlauf: 39 Verzeichnis(se), 48.811.065.344 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 48.758.022.144 Bytes frei

- - End Of File - - F46257D6E93783C8B415AB689E605977

markusg 11.06.2010 19:00
VirusTotal - Free Online Virus and Malware Scan
dort prüfe bitte:
c:\windows\system32\mounKEYs.dll
falls datei bereits analysiert, klicke erneut prüfen, poste das ergebniss.

HH_Jack 11.06.2010 19:49
Bei keinem der Virenscanner hat die Datei angeschlagen. Lediglich "Panda" hat sie als "Suspicious" gekennzeichnet. Hier der Rest des Logs:

Code:
File size: 46592 bytes
MD5...: 50c0acb976649109af2cb444d02fda6c
SHA1..: d0fc6c0a208cfd814c4f1c19e3099ed44b1d0154
SHA256: 240df23c51618309415527b27a5557cabbb1aa466973e80182f78c7b83b430df
ssdeep: 768:VZtggmIgAI1X4cnwetH320Our/bz9g6KyHNA4kRsyhG22LSBe:VZtRvpIFd9
1/7v9rC9x4LSBe
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x13e7
timedatestamp.....: 0x3e6c1688 (Mon Mar 10 04:37:28 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6000 0x5e00 7.16 3ef45aaa1b6c277bd782f3a6d4271d0e
.data 0x7000 0x1000 0x200 2.75 6c9de7dbdfc2348b90e9dc77e5128ea5
.bdata 0x8000 0x5000 0x5000 7.14 a9419f14a773a38b924a332c83c8d605
.reloc 0xd000 0x1000 0x200 0.50 513b0a5a1382d210d41dac9be2cc5699

( 1 imports )
> KERNEL32.dll: CreateSemaphoreA, OpenThread, GetCurrentThreadId, ExitProcess, GetThreadPriority, LoadLibraryExA

( 2 exports )
CreateProcessNotify, DllEntryPoint
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

markusg 11.06.2010 20:02
http://www.trojaner-board.de/54791-a...ner-board.html
kannst du die mal zu uns hochladen, wie unter punkt2 beschrieben?

HH_Jack 11.06.2010 20:28
Habe ich gemacht.
Danke schonmal für die Mühe!

markusg 12.06.2010 10:35
bitte benutze kaspersky avp:
Kaspersky 's AVP Tool - Virus Hilfe
poste das ergebniss

HH_Jack 12.06.2010 14:42
Liste der Anhänge anzeigen (Anzahl: 1)
Es wurde einiges gefunden. Das Log konnte man nicht kopieren, daher als Bilddatei anbei.

Anhang 7175

markusg 12.06.2010 14:53
download den avenger:
Avenger
Füge das script wie beschrieben ein:

files to delete:
c:\windows\system32\mounKEYs.dll
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
c:\program files\FreePDF_XP\fpassist .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
c:\windows\UpdReg .exe
c:\windows\System32\CTXFIHLP .exe
c:\windows\System32\CTxfiReg .exe
Führe das script aus, poste das log.

HH_Jack 12.06.2010 16:21
Code:
//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Jun 12 17:15:37 2010

17:15:37: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\mounKEYs.dll" deleted successfully.
File "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe" deleted successfully.
File "c:\program files\AVG\AVG9\avgtray .exe" deleted successfully.
File "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe" deleted successfully.
File "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe" deleted successfully.
File "c:\program files\Common Files\InstallShield\UpdateService\issch .exe" deleted successfully.
File "c:\program files\Common Files\Java\Java Update\jusched .exe" deleted successfully.
File "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe" deleted successfully.
File "c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe" deleted successfully.
File "c:\program files\FreePDF_XP\fpassist .exe" deleted successfully.
File "c:\program files\Google\Google Desktop Search\GoogleDesktop .exe" deleted successfully.
File "c:\program files\iTunes\iTunesHelper .exe" deleted successfully.
File "c:\program files\QuickTime\QTTask .exe" deleted successfully.
File "c:\windows\UpdReg .exe" deleted successfully.
File "c:\windows\System32\CTXFIHLP .exe" deleted successfully.
File "c:\windows\System32\CTxfiReg .exe" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

markusg 12.06.2010 16:26
kannst du mal auf c:

dort avenger und da müsste es nen backup archiv geben, das mal bei uns hochladen. neustarten, berichten, wie der pc läuft.

HH_Jack 12.06.2010 16:41
Habe das Zip-File hochgeladen.
PC funktioniert soweit ganz normal bisher.

markusg 12.06.2010 17:01
kannst du mal n neues otl log wie im ersten post erstellen und posten?
otl.txt reicht, die extra.ext brauch ich nicht.

HH_Jack 13.06.2010 00:50
Gibts denn noch akute Probleme oder ist das jetzt eher präventiv?
Hier das Log:

Code:
OTL logfile created on: 13.06.2010 01:42:36 - Run 2
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Users\Sven\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 5500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 45,69 Gb Free Space | 15,86% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive E: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SVEN-PC
Current User Name: Sven
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Programme\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Sven\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GoogleDesktopManager-110309-193829) --  File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (RalinkRegistryWriter) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (ZD1211U(Wireless)) IEEE 802.11g USB Adapter Driver(Wireless) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (odysseyIM3) -- C:\Windows\System32\drivers\odysseyIM3.sys (Funk Software, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://w*w.quotenmeter.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://w*w.quotenmeter.de/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.12 18:28:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.12 18:28:17 | 000,000,000 | ---D | M]
 
[2009.11.04 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\mozilla\Extensions
[2010.06.12 17:29:02 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\7a7i6kad.default\extensions
[2009.11.05 20:31:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\7a7i6kad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.08 23:30:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.24 23:38:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.24 23:38:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.24 23:39:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.24 23:39:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.24 23:39:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.11 19:08:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp]  File not found
O4 - HKLM..\Run: [CTXFIREG]  File not found
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/su/ocx/15030/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Sven\wasserfall_Wall.jpg
O24 - Desktop BackupWallPaper: C:\Sven\wasserfall_Wall.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.21 11:47:05 | 000,000,000 | ---D | M] - C:\Autogramme -- [ NTFS ]
O32 - AutoRun File - [2008.03.06 20:00:54 | 000,131,720 | R--- | M] (InstallShield Software Corporation) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:27 | 000,058,601 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:27 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:44 | 000,000,382 | R--- | M] () - E:\autorun.ini -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ntkrcaui - (C:\Windows\system32\mounKEYs.dll) - C:\Windows\System32\mounKEYs.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.13 01:41:55 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Sven\Desktop\OTL.exe
[2010.06.12 18:30:02 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.06.12 18:30:00 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.06.12 18:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.12 18:27:53 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.06.12 18:24:57 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.06.12 17:17:06 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.06.12 13:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.06.12 13:19:48 | 000,000,000 | ---D | C] -- C:\Virus Removal Tool
[2010.06.12 13:16:09 | 073,998,096 | ---- | C] (                                                            ) -- C:\Users\Sven\Desktop\setup_9.0.0.722_12.06.2010_13-40.exe
[2010.06.11 19:50:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.06.11 19:42:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.06.11 19:41:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.06.11 19:19:43 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\temp
[2010.06.11 19:06:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.06.11 16:45:52 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Roaming\Avira
[2010.06.10 23:47:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.10 23:47:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.06.10 23:46:42 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.10 23:46:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.10 23:46:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.10 23:46:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.10 23:46:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.10 23:46:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.10 23:46:35 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.10 23:46:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.10 23:46:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.10 23:46:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.10 23:46:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.10 23:46:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.10 23:46:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.10 23:46:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.10 23:46:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.10 23:46:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.10 23:46:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.10 23:46:32 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.10 23:24:51 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.06.10 23:24:51 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.06.10 23:24:51 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.10 23:24:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.06.10 23:24:51 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.10 23:24:50 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.06.10 23:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.06.10 19:49:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.06.10 19:49:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.06.10 19:49:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.06.10 19:48:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.06.10 19:37:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.10 19:36:46 | 000,000,000 | ---D | C] -- C:\%APPDATA%
[2010.06.09 19:40:18 | 000,000,000 | ---D | C] -- C:\Virus
[2010.06.09 19:32:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.09 19:32:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.09 19:32:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.09 19:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.21 19:51:06 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Roaming\Ubisoft
[2010.05.21 19:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010.05.21 19:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft
[2009.06.03 20:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.13 01:42:36 | 008,126,464 | -HS- | M] () -- C:\Users\Sven\NTUSER.DAT
[2010.06.13 01:42:04 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job
[2010.06.13 01:41:59 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Sven\Desktop\OTL.exe
[2010.06.13 01:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.13 00:04:40 | 000,079,216 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.13 00:04:39 | 000,079,216 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.13 00:03:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.13 00:03:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.13 00:03:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.13 00:03:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.13 00:03:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.13 00:03:47 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.12 19:06:37 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
[2010.06.12 19:06:37 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
[2010.06.12 19:06:37 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx
[2010.06.12 19:06:32 | 000,524,288 | -HS- | M] () -- C:\Users\Sven\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.12 19:06:32 | 000,065,536 | -HS- | M] () -- C:\Users\Sven\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.12 19:06:28 | 002,526,599 | -H-- | M] () -- C:\Users\Sven\AppData\Local\IconCache.db
[2010.06.12 18:30:37 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.12 13:18:08 | 073,998,096 | ---- | M] (                                                            ) -- C:\Users\Sven\Desktop\setup_9.0.0.722_12.06.2010_13-40.exe
[2010.06.11 19:49:08 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.06.11 19:08:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.06.11 18:59:38 | 003,706,469 | R--- | M] () -- C:\Users\Sven\Desktop\ComboFix.exe
[2010.06.11 16:38:53 | 002,264,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.11 00:00:20 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010.06.10 23:24:56 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.10 23:16:16 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.06.10 18:53:48 | 280,558,290 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.09 19:52:56 | 000,001,930 | ---- | M] () -- C:\Users\Sven\Desktop\HiJackThis.lnk
[2010.06.09 19:32:27 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.07 23:43:29 | 000,189,952 | ---- | M] () -- C:\Users\Sven\Desktop\SunderedFrontier_Questline.doc
[2010.06.02 00:45:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2010.06.02 00:45:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2010.05.26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.21 21:45:28 | 000,000,943 | ---- | M] () -- C:\Users\Sven\Desktop\AssassinsCreed_Game.exe - Verknüpfung.lnk
[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.21 13:31:49 | 000,396,837 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100602-203925.backup
[2010.05.16 23:49:47 | 000,000,112 | ---- | M] () -- C:\ProgramData\72iA37vT.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.12 18:30:37 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.12 17:13:36 | 000,731,136 | ---- | C] () -- C:\Users\Sven\Desktop\avenger.exe
[2010.06.10 23:24:56 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.10 23:16:16 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.06.10 21:51:06 | 003,706,469 | R--- | C] () -- C:\Users\Sven\Desktop\ComboFix.exe
[2010.06.10 19:49:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.06.10 19:49:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.06.10 19:49:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.06.10 19:49:48 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.06.10 19:49:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.06.09 19:52:56 | 000,001,930 | ---- | C] () -- C:\Users\Sven\Desktop\HiJackThis.lnk
[2010.06.09 19:32:27 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.02 00:45:21 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2010.06.02 00:45:21 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2010.05.24 16:39:16 | 000,189,952 | ---- | C] () -- C:\Users\Sven\Desktop\SunderedFrontier_Questline.doc
[2010.05.21 21:45:28 | 000,000,943 | ---- | C] () -- C:\Users\Sven\Desktop\AssassinsCreed_Game.exe - Verknüpfung.lnk
[2010.05.13 03:03:53 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.01 00:28:13 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009.06.06 14:54:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.03 21:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009.06.03 21:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.06.03 20:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009.03.05 23:48:10 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007.09.29 18:09:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.09.16 13:46:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.09.10 11:48:17 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2007.09.04 01:16:29 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2007.09.04 01:16:23 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2007.09.04 01:16:23 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2007.03.19 06:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007.03.19 06:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007.03.19 06:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007.03.19 06:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Virtual Me:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Updater:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Turbo Lister:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Turbo Lister Backup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Red Kawa:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\My PSP8 Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\ICQ Lite:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\AdobeStockPhotos:Roxio EMC Stream
< End of report >

markusg 13.06.2010 09:54
wir müssen auf jeden fall ein paar updates machen, da die software auf deinem pc veraltet ist.
downloade den ccleaner slmim installer:
CCleaner - Builds
instalieren, bereinige mit dem ccleaner, auch die registry.
dann klicke extras, liste der instalierten programme, als text abspeichern.
öffne den, hinter jedes benötigte programm schreibe benötigt, hinter nicht benötigte unnötig und hinter unbekannte, unbekannt, poste die liste.

HH_Jack 13.06.2010 13:33
Ich habe den CCleaner durchlaufen lassen und alles bereinigt. Die Programme habe ich erst vor kurzem durchgeschaut und identifiziert, weil ich Platz auf der festplatte brauchte. Ich habe nochmal geschaut, aber da brauche ich alles.

markusg 13.06.2010 13:38
ich sehe zb du hast adobe reader 7, du müsstest aber version neun haben, bitte poste also die liste, damit ich dir erst mal sagen kann, was geupdatet werden muss, solche alten programme hinterlassen sicherheitslücken, welche dringenst geschlossen werden müssen.

HH_Jack 13.06.2010 13:50
Ich habe gar nicht den Reader in version 7!?
Hier die Liste

Code:
AC3Filter (remove only)                15.12.2007        2,97MB       
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        15.08.2009                10.0.32.18
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        23.02.2010                10.0.45.2
Adobe InDesign CS4        Adobe Systems Incorporated        18.02.2009                6.0
Adobe Photoshop CS2        Adobe Systems, Inc.        11.09.2007        386,2MB        9.0
Adobe Reader 9.3.2 - Deutsch        Adobe Systems Incorporated        20.04.2010        168,0MB        9.3.2
Advanced Combat Tracker (remove only)                04.04.2009        2,22MB       
AFPL Ghostscript 8.54                28.09.2007        28,4MB       
AFPL Ghostscript Fonts                28.09.2007        4,81MB       
Apple Application Support        Apple Inc.        11.06.2010        39,7MB        1.2.1
Apple Mobile Device Support        Apple Inc.        11.06.2010        19,7MB        3.0.1.3
Apple Software Update        Apple Inc.        30.09.2008        2,16MB        2.1.1.116
Assistant zum Anpassen des Dell-Systems        Dell Inc.        03.09.2007                1.00.0000
Auslogics Disk Defrag        Auslogics Software Pty Ltd        27.03.2010        7,91MB        version 3.1
Avira AntiVir Personal - Free Antivirus        Avira GmbH        09.06.2010        96,3MB        10.0.0.567
Benutzerhandbuch                03.09.2007        0,82MB       
CCleaner        Piriform        12.06.2010        2,82MB        2.32
Compatibility Pack für 2007 Office System        Microsoft Corporation        09.06.2010                12.0.6425.1000
Creative ALchemy (X-Fi Edition)                08.09.2007        5,68MB       
Creative ALchemy for X-Fi (Shared Components)        Creative Labs        08.09.2007        0,30MB        2.80.12
Creative Audio-Systemsteuerung        Creative Technology Limited        30.06.2009        7,97MB        2.00
Creative MediaSource 5                30.06.2009        29,8MB        5.00
Creative Software AutoUpdate        Creative Technology Limited        30.06.2009        1,84MB        1.40
Dell Support Center        Dell        03.09.2007                1.0.07192
DellSupport        Dell        03.09.2007                6.0.3075
DHTML Editing Component        Microsoft Corporation        12.11.2007        0,45MB        6.02.0001
DivX Codec        DivX, Inc.        18.10.2009        1,31MB        6.9.1
DivX Converter        DivX, Inc.        18.10.2009        45,3MB        7.1.0
DivX Player        DivX, Inc.        18.10.2009        8,43MB        7.2.0
DivX Plus DirectShow Filters        DivX, Inc.        18.10.2009        1,58MB       
DivX Web Player        DivX,Inc.        18.10.2009        2,83MB        1.5.0
DVD Flick 1.3.0.7        Dennis Meuwissen        02.02.2010        43,2MB        1.3.0.7
Eigenschaften von Creative Sound Blaster        Creative Technology Limited        30.06.2009        0,23MB        1.02
EQ2MAP Updater 1.2.4        Johan Nilsson        04.06.2009        1,30MB        1.2.4
EverQuest II: Rise of Kunark        Sony Online Entertainment LLC        12.11.2007        8.589,3MB        1.00.000
Free Audio CD Burner version 1.2        DVDVideoSoft Limited.        11.12.2009        2,60MB       
Free Download Manager 2.5        FreeDownloadManager.ORG        15.11.2008        17,9MB       
Free Video to MP3 Converter version 3.2        DVDVideoSoft Limited.        19.11.2009        2,66MB       
Free YouTube to MP3 Converter version 3.2        DVDVideoSoft Limited.        11.12.2009        2,66MB       
FreePDF XP (Remove only)                28.09.2007        2,94MB       
Google Desktop        Google        16.11.2009        8,86MB        5.9.0911.03589
Google Toolbar for Internet Explorer        Google Inc.        12.05.2010        11,4MB       
Hama Wireless LAN Adapter        Hama        01.11.2009        6,43MB        1.00.0000
HiJackThis        Trend Micro        08.06.2010        0,36MB        1.0.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6        HP        17.01.2010        18,6MB        13.0
ICQ6.5        ICQ        01.08.2009        46,1MB        6.5
iTunes        Apple Inc.        11.06.2010        160,0MB        9.1.1.12
Java(TM) 6 Update 19        Sun Microsystems, Inc.        05.02.2009        94,4MB        6.0.190
Java(TM) SE Runtime Environment 6        Sun Microsystems, Inc.        03.09.2007                1.6.0.0
Legends of Norrath        Sony Online Entertainment LLC        07.04.2009        483,0MB        1.00.000
Malwarebytes' Anti-Malware        Malwarebytes Corporation        08.06.2010        3,92MB       
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        06.08.2009        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        04.06.2009        37,0MB       
Microsoft Office Professional Edition 2003        Microsoft Corporation        10.06.2010                11.0.8173.0
Microsoft Silverlight        Microsoft Corporation        09.06.2010        14,9MB        4.0.50524.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        29.07.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        14.11.2009        0,33MB        8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        22.02.2010        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        21.02.2010        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        09.06.2010        0,58MB        9.0.30729.4148
Microsoft Works        Microsoft Corporation        10.12.2009                08.05.0822
Move Media Player        Move Networks        12.03.2010        4,10MB       
Mozilla Firefox (3.6.3)        Mozilla        02.04.2010        28,7MB        3.6.3 (de)
MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        03.09.2007        1,25MB        4.20.9841.0
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        08.09.2007        1,27MB        4.20.9848.0
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        11.10.2007                4.20.9849.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.11.2008        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        23.11.2009        1,34MB        4.20.9876.0
NVIDIA Display Control Panel        NVIDIA Corporation        01.02.2010        139,3MB        6.14.11.9621
NVIDIA Drivers        NVIDIA Corporation        01.02.2010                1.10
NVIDIA PhysX        NVIDIA Corporation        01.02.2010        83,8MB        9.09.1112
NVIDIA Stereoscopic 3D Driver        NVIDIA Corporation        01.02.2010        3.749,2MB        7.17.11.9621
NVIDIANetworkDiagnostic        NVIDIA Corporation        03.09.2007        1,68MB        1.00.0000
Odyssey Client        Funk Software        22.09.2008        4,66MB        2.00.00.00
OpenAL                03.09.2007        0,75MB       
QuickTime        Apple Inc.        11.06.2010        73,8MB        7.66.71.0
Real Alternative 1.60                18.09.2007        18,5MB        1.60
RedMon - Redirection Port Monitor                28.09.2007               
Sound Blaster X-Fi                30.06.2009        346,9MB        1.0
Star Trek Online        Cryptic Studios        15.01.2010        7.926,3MB       
Station Launcher        Sony Online Entertainment        09.12.2009        3,66MB        1.01.4001
TeamSpeak 3 Client        TeamSpeak Systems GmbH        21.02.2010        25,9MB       
Total Video Converter 3.11 070908        EffectMatrix Inc.        08.01.2008        192,1MB       
Uninstall 1.0.0.1                11.12.2009        16,2MB       
URL Assistant                03.09.2007               
Videora iPod Converter 4.07        Red Kawa        22.04.2009        13,7MB        4.07
VLC media player 1.0.1        VideoLAN Team        05.09.2009        32,4MB        1.0.1
Windows Live installer        Microsoft Corporation        04.10.2007        1,48MB        12.0.1320.823
Windows Live Messenger        Microsoft Corporation        04.10.2007        30,6MB        8.5.1288.0816
WinRAR                09.09.2007        3,68MB

markusg 13.06.2010 13:55
laut logfile eintrag lief bei dir ein adobe updater von version 7. aber du hast recht, du hast version 9

Google Toolbar darauf sollte man wenn möglich verzichten.
deinstaliere deine java versionen,sie sind veraltet.

Download der kostenlosen Java-Software - Sun Microsystems
instaliere dir secunia, damit deine software immer aktuell bleibt.
http://www.trojaner-board.de/83959-s...ector-psi.html
avira

avira so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.

HH_Jack 13.06.2010 16:03
Habe alles gemacht.
Avira hat 2x angeschlagen:

Code:
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 13. Juni 2010  16:03

Es wird nach 2203496 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - FREE Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : Sven
Computername  : SVEN-PC

Versionsinformationen:
BUILD.DAT      : 10.0.0.567          Bytes  19.04.2010 15:50:00
AVSCAN.EXE    : 10.0.3.0      433832 Bytes  01.04.2010 11:37:35
AVSCAN.DLL    : 10.0.3.0      56168 Bytes  30.03.2010 10:42:16
LUKE.DLL      : 10.0.2.3      104296 Bytes  07.03.2010 17:32:59
LUKERES.DLL    : 10.0.0.0      13672 Bytes  14.01.2010 10:59:47
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36
VBASE001.VDF  : 7.10.1.0    1372672 Bytes  19.11.2009 18:27:49
VBASE002.VDF  : 7.10.3.1    3143680 Bytes  20.01.2010 16:37:42
VBASE003.VDF  : 7.10.3.75    996864 Bytes  26.01.2010 15:37:42
VBASE004.VDF  : 7.10.4.203  1579008 Bytes  05.03.2010 10:29:03
VBASE005.VDF  : 7.10.6.82    2494464 Bytes  15.04.2010 21:26:31
VBASE006.VDF  : 7.10.7.218  2294784 Bytes  02.06.2010 21:26:35
VBASE007.VDF  : 7.10.7.219      2048 Bytes  02.06.2010 21:26:35
VBASE008.VDF  : 7.10.7.220      2048 Bytes  02.06.2010 21:26:35
VBASE009.VDF  : 7.10.7.221      2048 Bytes  02.06.2010 21:26:35
VBASE010.VDF  : 7.10.7.222      2048 Bytes  02.06.2010 21:26:35
VBASE011.VDF  : 7.10.7.223      2048 Bytes  02.06.2010 21:26:35
VBASE012.VDF  : 7.10.7.224      2048 Bytes  02.06.2010 21:26:35
VBASE013.VDF  : 7.10.8.37    270336 Bytes  10.06.2010 21:26:35
VBASE014.VDF  : 7.10.8.38      2048 Bytes  10.06.2010 21:26:35
VBASE015.VDF  : 7.10.8.39      2048 Bytes  10.06.2010 21:26:35
VBASE016.VDF  : 7.10.8.40      2048 Bytes  10.06.2010 21:26:35
VBASE017.VDF  : 7.10.8.41      2048 Bytes  10.06.2010 21:26:36
VBASE018.VDF  : 7.10.8.42      2048 Bytes  10.06.2010 21:26:36
VBASE019.VDF  : 7.10.8.43      2048 Bytes  10.06.2010 21:26:36
VBASE020.VDF  : 7.10.8.44      2048 Bytes  10.06.2010 21:26:36
VBASE021.VDF  : 7.10.8.45      2048 Bytes  10.06.2010 21:26:36
VBASE022.VDF  : 7.10.8.46      2048 Bytes  10.06.2010 21:26:36
VBASE023.VDF  : 7.10.8.47      2048 Bytes  10.06.2010 21:26:36
VBASE024.VDF  : 7.10.8.48      2048 Bytes  10.06.2010 21:26:36
VBASE025.VDF  : 7.10.8.49      2048 Bytes  10.06.2010 21:26:36
VBASE026.VDF  : 7.10.8.50      2048 Bytes  10.06.2010 21:26:36
VBASE027.VDF  : 7.10.8.51      2048 Bytes  10.06.2010 21:26:36
VBASE028.VDF  : 7.10.8.52      2048 Bytes  10.06.2010 21:26:36
VBASE029.VDF  : 7.10.8.53      2048 Bytes  10.06.2010 21:26:36
VBASE030.VDF  : 7.10.8.54      2048 Bytes  10.06.2010 21:26:36
VBASE031.VDF  : 7.10.8.57      12288 Bytes  10.06.2010 21:26:36
Engineversion  : 8.2.2.6 
AEVDF.DLL      : 8.1.2.0      106868 Bytes  10.06.2010 21:26:41
AESCRIPT.DLL  : 8.1.3.31    1352058 Bytes  10.06.2010 21:26:41
AESCN.DLL      : 8.1.6.1      127347 Bytes  10.06.2010 21:26:40
AESBX.DLL      : 8.1.3.1      254324 Bytes  10.06.2010 21:26:41
AERDL.DLL      : 8.1.4.6      541043 Bytes  10.06.2010 21:26:40
AEPACK.DLL    : 8.2.1.1      426358 Bytes  19.03.2010 11:34:51
AEOFFICE.DLL  : 8.1.1.0      201081 Bytes  10.06.2010 21:26:40
AEHEUR.DLL    : 8.1.1.33    2724214 Bytes  10.06.2010 21:26:40
AEHELP.DLL    : 8.1.11.5      242038 Bytes  10.06.2010 21:26:38
AEGEN.DLL      : 8.1.3.10      377205 Bytes  10.06.2010 21:26:37
AEEMU.DLL      : 8.1.2.0      393588 Bytes  10.06.2010 21:26:37
AECORE.DLL    : 8.1.15.3      192886 Bytes  10.06.2010 21:26:37
AEBB.DLL      : 8.1.1.0        53618 Bytes  10.06.2010 21:26:37
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  14.01.2010 10:59:10
AVPREF.DLL    : 10.0.0.0      44904 Bytes  14.01.2010 10:59:07
AVREP.DLL      : 10.0.0.8      62209 Bytes  18.02.2010 15:47:40
AVREG.DLL      : 10.0.3.0      53096 Bytes  01.04.2010 11:35:44
AVSCPLR.DLL    : 10.0.3.0      83816 Bytes  01.04.2010 11:39:49
AVARKT.DLL    : 10.0.0.14    227176 Bytes  01.04.2010 11:22:11
AVEVTLOG.DLL  : 10.0.0.8      203112 Bytes  26.01.2010 08:53:25
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:57:53
AVSMTP.DLL    : 10.0.0.17      63848 Bytes  16.03.2010 14:38:54
NETNT.DLL      : 10.0.0.0      11624 Bytes  19.02.2010 13:40:55
RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28.01.2010 12:10:08
RCTEXT.DLL    : 10.0.53.0      98152 Bytes  09.04.2010 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\alldrives.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, G:, H:, I:, J:, E:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: ein
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: aus
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 13. Juni 2010  16:03

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXVersionChecker.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fdm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD4
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'G:\'
    [INFO]      Im  Laufwerk 'G:\' ist kein Datenträger eingelegt!
Bootsektor 'H:\'
    [INFO]      Im  Laufwerk 'H:\' ist kein Datenträger eingelegt!
Bootsektor 'I:\'
    [INFO]      Im  Laufwerk 'I:\' ist kein Datenträger eingelegt!
Bootsektor 'J:\'
    [INFO]      Im  Laufwerk 'J:\' ist kein Datenträger eingelegt!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '375' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\ProgramData\Adobe\sp.DLL_
    [FUND]      Ist das Trojanische Pferd TR/Crypt.XDR.Gen
C:\Users\Sven\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\6CA90438-00001595.eml
    [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Spoofing.Gen
Beginne mit der Suche in 'D:\' <RECOVERY>
Beginne mit der Suche in 'G:\'
Der zu durchsuchende Pfad G:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'H:\'
Der zu durchsuchende Pfad H:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'I:\'
Der zu durchsuchende Pfad I:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'J:\'
Der zu durchsuchende Pfad J:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'E:\' <ASSASSINS_CREED>

Beginne mit der Desinfektion:
C:\Users\Sven\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\6CA90438-00001595.eml
    [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Spoofing.Gen
    [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49dd57b2.qua' verschoben!
C:\ProgramData\Adobe\sp.DLL_
    [FUND]      Ist das Trojanische Pferd TR/Crypt.XDR.Gen
    [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '030228cf.qua' verschoben!


Ende des Suchlaufs: Sonntag, 13. Juni 2010  17:01
Benötigte Zeit: 55:45 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  31047 Verzeichnisse wurden überprüft
 204106 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 204104 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise

markusg 13.06.2010 17:13
abschließend den eset online scanner nutzen bitte.
falls funde, löschen, log posten.
Free ESET Online Antivirus Scanner

HH_Jack 14.06.2010 20:24
Es wurde nichts gefunden. Gab auch kein Log daher.

markusg 15.06.2010 10:18
gibts noch irgendwelche probleme?

HH_Jack 15.06.2010 17:26
Nein, es läuft alles ohne Probleme. Vielen Dank!! :daumenhoc

markusg 15.06.2010 17:46
passwörter endern nicht vergessen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27