Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   C:\directory\CyberGate\install\server.exe (https://www.trojaner-board.de/94586-c-directory-cybergate-install-server-exe.html)

sven77 08.01.2011 13:18
C:\directory\CyberGate\install\server.exe
 
hallo ,

habe gestern abend ein tolles erlebniss, rechner an und nebenbei telefoniert auf einmal öffnet sich ein fenster ,

client sent : du kannst aber schön telefonieren, das was es fahre jetzt dein pc runter, darauf würde der pc ferngesteuert herunter gefahren

daraufhin hab ich erstmal internet getrennt und norten drüber laufen lassen ,leider nix ,dann stellte ich durch zufall fest das ein ordner namens :

C:\directory\CyberGate\install\server.exe

auf der festplatte war, hab den ordner gelöscht (weis nicht ok das jetzt ok war), dann hier auf dem board schon mal eine kleine anleitung gefunden wie man handeln sollte ,hab Malwarebytes und otl mal drüber laufen lassen ,vieleicht kann mal jemand schauen ob ich den warscheinlichen virus oder trojaner los bin oder der mir rat geben was ich noch machen kann.

danke schonmal im vorraus,schön das es so ein board gibt :daumenhoc


also das MBAM logfile:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5481

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.01.2011 12:22:40
mbam-log-2011-01-08 (12-22-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 267272
Laufzeit: 8 Stunde(n), 37 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:

c:\Users\Caroline\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.


OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 08.01.2011 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Caroline\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 210,83 Gb Total Space | 139,36 Gb Free Space | 66,10% Space Free | Partition Type: NTFS
Drive D: | 122,79 Gb Total Space | 37,99 Gb Free Space | 30,94% Space Free | Partition Type: NTFS
Drive E: | 117,19 Gb Total Space | 75,48 Gb Free Space | 64,41% Space Free | Partition Type: NTFS
 
Computer Name: CAROLINE-PC | User Name: Caroline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Caroline\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Wi-Fi Sync\wifisync.exe ()
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
PRC - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Caroline\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (ReadyComm.DirectRouter) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (PS_MDP) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WinRing0_1_2_0) -- D:\test\ECECECEC\WinRing0.sys File not found
DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- C:\windows\System32\Drivers\RtsUStor.sys File not found
DRV - (hwdatacard) -- C:\windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110107.037\navex15.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110107.037\naveng.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110107.002\IDSvix86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\windows\system32\drivers\NIS\1201000.025\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\windows\system32\drivers\NIS\1201000.025\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\windows\system32\drivers\NIS\1201000.025\SYMDS.SYS (Symantec Corporation)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.king.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.01.08 01:40:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.01.08 01:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 17:12:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.15 23:22:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.01.01 18:48:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
[2010.08.02 06:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Extensions
[2010.08.01 19:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.02 06:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.01.08 02:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions
[2010.07.31 13:09:31 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.12.13 23:45:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.14 23:09:02 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\finder@meingutscheincode.de
[2010.07.31 13:09:42 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\noia2_option@kk.noia
[2010.08.01 07:23:29 | 000,001,819 | ---- | M] () -- C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\6t4kdac6.default\searchplugins\bing.xml
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\6t4kdac6.default\searchplugins\conduit.xml
[2010.08.08 11:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.08 11:06:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.08 11:02:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.08 11:02:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.25 08:41:02 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.25 08:41:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.25 08:41:02 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.25 08:41:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.25 08:41:02 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.05 22:50:38 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wi-Fi Sync] C:\Program Files\Wi-Fi Sync\wifisync.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9370a121-e05c-11df-b766-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.08 12:28:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Caroline\Desktop\OTL.exe
[2011.01.08 03:43:15 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Roaming\Malwarebytes
[2011.01.08 03:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.08 03:42:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011.01.08 03:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.08 03:42:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011.01.08 03:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.08 02:20:36 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Roaming\Tific
[2011.01.08 02:20:32 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Local\Symantec
[2011.01.08 01:57:57 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\symnets.sys
[2011.01.08 01:57:56 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\symefa.sys
[2011.01.08 01:57:56 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011.01.08 01:57:56 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\symds.sys
[2011.01.08 01:57:56 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\ironx86.sys
[2011.01.08 01:57:56 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011.01.08 01:57:25 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1205000.07D
[2011.01.08 01:40:32 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011.01.08 01:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.01.08 01:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.01.08 01:40:18 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.sys
[2011.01.08 01:40:18 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symnets.sys
[2011.01.08 01:40:17 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.sys
[2011.01.08 01:40:17 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.sys
[2011.01.08 01:40:17 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\Ironx86.sys
[2011.01.08 01:40:17 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.sys
[2011.01.08 01:39:48 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
[2011.01.08 01:39:48 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1201000.025
[2011.01.08 01:39:44 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011.01.08 01:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011.01.08 01:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.01.08 01:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.01.08 01:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.01.08 01:28:54 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Local\ESET
[2011.01.08 00:34:24 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Roaming\ESET
[2010.12.19 19:32:24 | 000,000,000 | ---D | C] -- C:\Users\Caroline\Desktop\Kinderlieder
[2010.12.15 07:22:57 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010.12.15 07:22:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010.12.15 07:21:20 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010.12.15 07:21:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010.12.15 07:21:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010.12.15 07:21:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010.12.15 07:21:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010.12.15 07:21:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010.12.15 07:21:17 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010.12.15 07:21:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010.12.15 07:21:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010.12.15 07:21:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010.12.15 07:21:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010.12.15 07:20:37 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2010.12.15 07:20:37 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2010.12.15 07:20:36 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2010.12.15 07:20:36 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2010.12.15 07:20:15 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010.12.15 07:20:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010.12.15 07:19:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2010.12.15 07:19:15 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2010.12.09 19:15:41 | 000,000,000 | ---D | C] -- C:\Users\Caroline\Desktop\Golf
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.08 12:34:08 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.08 12:34:08 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.08 12:30:46 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011.01.08 12:30:46 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011.01.08 12:30:46 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011.01.08 12:30:46 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011.01.08 12:26:23 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2011.01.08 12:26:13 | 1579,626,496 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.08 03:42:55 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.08 03:10:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caroline\Desktop\OTL.exe
[2011.01.08 01:41:15 | 001,053,804 | ---- | M] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011.01.08 01:40:32 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011.01.08 01:40:32 | 000,007,456 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011.01.08 01:40:32 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011.01.08 01:40:25 | 000,002,495 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.01.07 21:09:57 | 000,020,274 | -H-- | M] () -- C:\Users\Caroline\AppData\Roaming\Carolinelog.dat
[2011.01.07 12:18:50 | 000,000,600 | ---- | M] () -- C:\Users\Caroline\AppData\Roaming\winscp.rnd
[2011.01.01 20:02:11 | 000,024,576 | ---- | M] () -- C:\Users\Caroline\Desktop\Urlaub 2011.doc
[2010.12.22 09:34:18 | 000,013,824 | ---- | M] () -- C:\Users\Caroline\Desktop\Kopie von Telefonnummern.xls
[2010.12.20 19:30:13 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.12.17 09:36:44 | 000,025,600 | ---- | M] () -- C:\Users\Caroline\Desktop\Liste Babysachen.doc
[2010.12.16 12:38:23 | 000,029,696 | ---- | M] () -- C:\Users\Caroline\Desktop\mama rechnungen zum überweisen.doc
[2010.12.16 00:37:36 | 000,427,224 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010.12.14 13:08:46 | 195,597,311 | ---- | M] () -- C:\windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2011.01.08 03:42:55 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.08 01:57:56 | 000,007,458 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symnet.cat
[2011.01.08 01:57:56 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symefa.cat
[2011.01.08 01:57:56 | 000,007,454 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011.01.08 01:57:56 | 000,007,450 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symds.cat
[2011.01.08 01:57:56 | 000,007,450 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011.01.08 01:57:56 | 000,003,374 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symefa.inf
[2011.01.08 01:57:56 | 000,002,792 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symds.inf
[2011.01.08 01:57:56 | 000,001,446 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symnet.inf
[2011.01.08 01:57:56 | 000,001,389 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011.01.08 01:57:56 | 000,001,383 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011.01.08 01:57:55 | 000,007,528 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\iron.cat
[2011.01.08 01:57:55 | 000,000,742 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\iron.inf
[2011.01.08 01:57:25 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\isolate.ini
[2011.01.08 01:40:34 | 001,053,804 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011.01.08 01:40:32 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011.01.08 01:40:32 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011.01.08 01:40:25 | 000,002,495 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.01.08 01:39:56 | 000,003,373 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.inf
[2011.01.08 01:39:56 | 000,002,792 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.inf
[2011.01.08 01:39:56 | 000,001,445 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.inf
[2011.01.08 01:39:56 | 000,001,389 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.inf
[2011.01.08 01:39:56 | 000,001,383 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.inf
[2011.01.08 01:39:56 | 000,000,741 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Iron.inf
[2011.01.08 01:39:48 | 000,007,446 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.cat
[2011.01.08 01:39:48 | 000,007,444 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.cat
[2011.01.08 01:39:48 | 000,007,442 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.cat
[2011.01.08 01:39:48 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.cat
[2011.01.08 01:39:48 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.cat
[2011.01.08 01:39:48 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\iron.cat
[2011.01.08 01:39:48 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\isolate.ini
[2011.01.01 20:02:11 | 000,024,576 | ---- | C] () -- C:\Users\Caroline\Desktop\Urlaub 2011.doc
[2010.12.22 09:34:18 | 000,013,824 | ---- | C] () -- C:\Users\Caroline\Desktop\Kopie von Telefonnummern.xls
[2010.12.17 09:36:44 | 000,025,600 | ---- | C] () -- C:\Users\Caroline\Desktop\Liste Babysachen.doc
[2010.12.16 12:38:23 | 000,029,696 | ---- | C] () -- C:\Users\Caroline\Desktop\mama rechnungen zum überweisen.doc
[2010.11.04 00:03:37 | 000,003,584 | ---- | C] () -- C:\Users\Caroline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.26 14:48:49 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2010.10.26 14:48:49 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2010.10.05 18:11:16 | 000,000,600 | ---- | C] () -- C:\Users\Caroline\AppData\Roaming\winscp.rnd
[2010.08.01 18:37:42 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2010.07.31 12:42:28 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010.05.13 19:40:02 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010.05.13 19:40:02 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010.05.13 19:40:02 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010.05.13 19:40:01 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010.05.13 19:40:01 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010.05.13 19:39:46 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010.05.13 19:39:14 | 000,057,344 | ---- | C] () -- C:\windows\AsfHelper.dll
[2010.05.13 19:39:14 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2010.05.13 19:38:59 | 000,163,840 | ---- | C] () -- C:\windows\System32\SM37XCoInst.dll
[2010.05.13 19:37:23 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010.05.13 19:33:04 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2005.04.08 03:16:43 | 000,020,274 | -H-- | C] () -- C:\Users\Caroline\AppData\Roaming\Carolinelog.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
 
< End of report >
--- --- ---


und Extras.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 08.01.2011 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Caroline\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 210,83 Gb Total Space | 139,36 Gb Free Space | 66,10% Space Free | Partition Type: NTFS
Drive D: | 122,79 Gb Total Space | 37,99 Gb Free Space | 30,94% Space Free | Partition Type: NTFS
Drive E: | 117,19 Gb Total Space | 75,48 Gb Free Space | 64,41% Space Free | Partition Type: NTFS
 
Computer Name: CAROLINE-PC | User Name: Caroline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7AA5E78D-BE64-4EA2-9CA7-DE37DCB3009A}" = Microsoft Expression Blend 3 SDK
"{7C668763-D786-460C-8921-079B8954C352}" = Microsoft Expression Studio 3
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{850C957B-9E1C-4B19-9B66-0013E9B50879}" = Live Messenger Gadget for SideShow
"{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1C4F4F3-067B-4E16-87AB-1DF79D287126}" = Microsoft Expression Blend 3
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blend_3.0.1938.0" = Microsoft Expression Blend 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Design_6.0.1739.0" = Microsoft Expression Design 3
"EasyCapture4.0" = EasyCapture
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"ExpressionStudio_3.0.1064.0" = Microsoft Expression Studio 3
"FileZilla Client" = FileZilla Client 3.3.3
"Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"NIS" = Norton Internet Security
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.2
"Web_3.0.3813.0" = Microsoft Expression Web 3
"Wi-Fi Sync" = Wi-Fi Sync
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
"XMedia Recode" = XMedia Recode 2.2.7.7
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 09.01.2011 16:34
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

sven77 09.01.2011 17:16
hallo ,

schön das sich doch noch jemand meldet :daumenhoc

leider ist da nur eine logdatei.

weis jetzt auch nicht genau wie oder was ich machen soll ,ob noch irgendwas auf dem rechner ist oder nicht .

cosinus 09.01.2011 17:27
Warum hast du Norton IS und AntiVir drauf?! Das macht keinen Sinn. Deinstallier am besten Norton IS komplett. Zudem würde ich auch empfehlen, TuneUp komplett zu deinstalleren, das Teil ist kontraproduktiv.

sven77 09.01.2011 17:34
ich habe schon gestern einen der beiden deinstalliert,hab aber jetzt den antivir runter geschmissen , dachte eigentlich das das norten IS besser ist und mir auch schon wegen der firewall mehr schutz gibt,

mit tunup war mir bis jetzt nicht klar das das prog. kontraproduktiv ist

sven77 09.01.2011 17:37
was würdest du den empfehlen ,virenprog,firewall u.s.w.

cosinus 09.01.2011 17:50
Zitat:
dachte eigentlich das das norten IS besser ist und mir auch schon wegen der firewall mehr schutz gibt,
Nur leider kann man Personal Firewalls bzw. Security Suites nicht empfehlen, weil die diverse Unzulänglichkeiten haben. Mit der Windows-Firewall und ggf. einem DSL-Router bist du viel besser dran.

Lies einfach mal hier, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de
NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de
microsoft.public.de.security.heimanwender FAQ

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen... :rolleyes:

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?


Wegen Tuneup => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de

sven77 09.01.2011 18:39
alles klar werde ich machen ,danke erstmal dafür

hättest du nicht noch einen tip ,wegen dem virus !!!!

hann man den im logfile irgendetwas erkennen ???warscheinlich nicht oder??

weiß ja jetzt leider immer noch nicht , ob noch andere sachen betroffen sind oder durch die löschung durch malware reicht und ich mich sicher fühlen kann !!!

cosinus 09.01.2011 18:51
Deinstallier erstmal TunUp und Norton IS, mach dann neue OTL-Logs und es geht weiter ;)

sven77 09.01.2011 19:26
so hab jetzt NIS und Tuneup deinstalliert

hier sind die neuen log files

OTL.txtOTL Logfile:
Code:
OTL logfile created on: 09.01.2011 19:19:11 - Run 1
OTL by OldTimer - Version 3.2.20.1    Folder = C:\Users\Caroline\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 210,83 Gb Total Space | 145,86 Gb Free Space | 69,18% Space Free | Partition Type: NTFS
Drive D: | 122,79 Gb Total Space | 38,00 Gb Free Space | 30,94% Space Free | Partition Type: NTFS
Drive E: | 117,19 Gb Total Space | 76,88 Gb Free Space | 65,60% Space Free | Partition Type: NTFS
 
Computer Name: CAROLINE-PC | User Name: Caroline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Caroline\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Wi-Fi Sync\wifisync.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
PRC - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Caroline\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (ReadyComm.DirectRouter) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (PS_MDP) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WinRing0_1_2_0) -- D:\test\ECECECEC\WinRing0.sys File not found
DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- C:\windows\System32\Drivers\RtsUStor.sys File not found
DRV - (hwdatacard) -- C:\windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.king.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 17:12:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.15 23:22:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.01.01 18:48:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
[2010.08.02 06:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Extensions
[2010.08.01 19:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.02 06:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.01.09 08:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions
[2010.07.31 13:09:31 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.12.13 23:45:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.14 23:09:02 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\finder@meingutscheincode.de
[2010.07.31 13:09:42 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\noia2_option@kk.noia
[2010.08.01 07:23:29 | 000,001,819 | ---- | M] () -- C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\6t4kdac6.default\searchplugins\bing.xml
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\6t4kdac6.default\searchplugins\conduit.xml
[2010.08.08 11:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.08 11:06:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.08 11:02:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.08 11:02:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.25 08:41:02 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.25 08:41:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.25 08:41:02 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.25 08:41:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.25 08:41:02 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.05 22:50:38 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wi-Fi Sync] C:\Program Files\Wi-Fi Sync\wifisync.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9370a121-e05c-11df-b766-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.09 19:17:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Caroline\Desktop\OTL.exe
[2011.01.09 18:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.01.09 18:58:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2011.01.09 18:58:13 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011.01.09 18:58:13 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2011.01.09 18:58:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys
[2011.01.09 18:58:13 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys
[2011.01.09 18:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.01.09 18:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.01.08 03:43:15 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Roaming\Malwarebytes
[2011.01.08 03:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.08 03:42:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011.01.08 03:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.08 03:42:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011.01.08 03:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.08 02:20:36 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Roaming\Tific
[2011.01.08 02:20:32 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Local\Symantec
[2011.01.08 01:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.01.08 01:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.01.08 01:28:54 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Local\ESET
[2011.01.08 00:34:24 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Roaming\ESET
[2010.12.19 19:32:24 | 000,000,000 | ---D | C] -- C:\Users\Caroline\Desktop\Kinderlieder
[2010.12.15 07:22:57 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010.12.15 07:22:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010.12.15 07:21:20 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010.12.15 07:21:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010.12.15 07:21:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010.12.15 07:21:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010.12.15 07:21:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010.12.15 07:21:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010.12.15 07:21:17 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010.12.15 07:21:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010.12.15 07:21:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010.12.15 07:21:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010.12.15 07:21:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010.12.15 07:20:37 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2010.12.15 07:20:37 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2010.12.15 07:20:36 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2010.12.15 07:20:36 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2010.12.15 07:20:15 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010.12.15 07:20:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010.12.15 07:19:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2010.12.15 07:19:15 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.09 19:16:53 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.09 19:16:53 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.09 19:09:23 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2011.01.09 19:09:17 | 1579,626,496 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.09 18:58:24 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.08 14:16:30 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011.01.08 14:16:30 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011.01.08 14:16:30 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011.01.08 14:16:30 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011.01.08 03:42:55 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.08 03:10:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caroline\Desktop\OTL.exe
[2011.01.07 21:09:57 | 000,020,274 | -H-- | M] () -- C:\Users\Caroline\AppData\Roaming\Carolinelog.dat
[2011.01.07 12:18:50 | 000,000,600 | ---- | M] () -- C:\Users\Caroline\AppData\Roaming\winscp.rnd
[2011.01.01 20:02:11 | 000,024,576 | ---- | M] () -- C:\Users\Caroline\Desktop\Urlaub 2011.doc
[2010.12.22 09:34:18 | 000,013,824 | ---- | M] () -- C:\Users\Caroline\Desktop\Kopie von Telefonnummern.xls
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.12.17 09:36:44 | 000,025,600 | ---- | M] () -- C:\Users\Caroline\Desktop\Liste Babysachen.doc
[2010.12.16 12:38:23 | 000,029,696 | ---- | M] () -- C:\Users\Caroline\Desktop\mama rechnungen zum überweisen.doc
[2010.12.16 00:37:36 | 000,427,224 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010.12.14 13:08:46 | 195,597,311 | ---- | M] () -- C:\windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2011.01.09 18:58:24 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.08 03:42:55 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.01 20:02:11 | 000,024,576 | ---- | C] () -- C:\Users\Caroline\Desktop\Urlaub 2011.doc
[2010.12.22 09:34:18 | 000,013,824 | ---- | C] () -- C:\Users\Caroline\Desktop\Kopie von Telefonnummern.xls
[2010.12.17 09:36:44 | 000,025,600 | ---- | C] () -- C:\Users\Caroline\Desktop\Liste Babysachen.doc
[2010.12.16 12:38:23 | 000,029,696 | ---- | C] () -- C:\Users\Caroline\Desktop\mama rechnungen zum überweisen.doc
[2010.11.04 00:03:37 | 000,003,584 | ---- | C] () -- C:\Users\Caroline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.26 14:48:49 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2010.10.26 14:48:49 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2010.10.05 18:11:16 | 000,000,600 | ---- | C] () -- C:\Users\Caroline\AppData\Roaming\winscp.rnd
[2010.08.01 18:37:42 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2010.07.31 12:42:28 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010.05.13 19:40:02 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010.05.13 19:40:02 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010.05.13 19:40:02 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010.05.13 19:40:01 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010.05.13 19:40:01 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010.05.13 19:39:46 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010.05.13 19:39:14 | 000,057,344 | ---- | C] () -- C:\windows\AsfHelper.dll
[2010.05.13 19:39:14 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2010.05.13 19:38:59 | 000,163,840 | ---- | C] () -- C:\windows\System32\SM37XCoInst.dll
[2010.05.13 19:37:23 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010.05.13 19:33:04 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2005.04.08 03:16:43 | 000,020,274 | -H-- | C] () -- C:\Users\Caroline\AppData\Roaming\Carolinelog.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

< End of report >
--- --- ---

Extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 09.01.2011 19:19:11 - Run 1
OTL by OldTimer - Version 3.2.20.1    Folder = C:\Users\Caroline\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 210,83 Gb Total Space | 145,86 Gb Free Space | 69,18% Space Free | Partition Type: NTFS
Drive D: | 122,79 Gb Total Space | 38,00 Gb Free Space | 30,94% Space Free | Partition Type: NTFS
Drive E: | 117,19 Gb Total Space | 76,88 Gb Free Space | 65,60% Space Free | Partition Type: NTFS
 
Computer Name: CAROLINE-PC | User Name: Caroline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7AA5E78D-BE64-4EA2-9CA7-DE37DCB3009A}" = Microsoft Expression Blend 3 SDK
"{7C668763-D786-460C-8921-079B8954C352}" = Microsoft Expression Studio 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{850C957B-9E1C-4B19-9B66-0013E9B50879}" = Live Messenger Gadget for SideShow
"{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1C4F4F3-067B-4E16-87AB-1DF79D287126}" = Microsoft Expression Blend 3
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blend_3.0.1938.0" = Microsoft Expression Blend 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Design_6.0.1739.0" = Microsoft Expression Design 3
"EasyCapture4.0" = EasyCapture
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"ExpressionStudio_3.0.1064.0" = Microsoft Expression Studio 3
"FileZilla Client" = FileZilla Client 3.3.3
"Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.2
"Web_3.0.3813.0" = Microsoft Expression Web 3
"Wi-Fi Sync" = Wi-Fi Sync
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
"XMedia Recode" = XMedia Recode 2.2.7.7
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 09.01.2011 19:45
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O33 - MountPoints2\{9370a121-e05c-11df-b766-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

sven77 09.01.2011 19:56
ok ,der rechner hat wie du schon erwähnt hast neu gestartet

01092011_194941.txt

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9370a121-e05c-11df-b766-88ae1d2327b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9370a121-e05c-11df-b766-88ae1d2327b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a920121b-b071-11df-baf4-88ae1d2327b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a920121b-b071-11df-baf4-88ae1d2327b5}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a920123a-b071-11df-baf4-88ae1d2327b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a920123a-b071-11df-baf4-88ae1d2327b5}\ not found.
File G:\AutoRun.exe not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Caroline
->Temp folder emptied: 7157285 bytes
->Temporary Internet Files folder emptied: 7999083 bytes
->Java cache emptied: 16208189 bytes
->FireFox cache emptied: 56956772 bytes
->Flash cache emptied: 33877 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6871408 bytes
RecycleBin emptied: 7446698499 bytes

Total Files Cleaned = 7.193,00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01092011_194941

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 09.01.2011 20:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

sven77 09.01.2011 20:57
so alles erledigt ,erstmal nochmal vielen dank , das du dir so viel zeit genommen hast

hier die cofi.txt

Combofix Logfile:
Code:
ComboFix 11-01-08.05 - Caroline 09.01.2011  20:22:41.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.2009.1240 [GMT 1:00]
ausgeführt von:: c:\users\Caroline\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-12-09 bis 2011-01-09  ))))))))))))))))))))))))))))))
.

2011-01-09 19:41 . 2011-01-09 19:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-01-09 19:12 . 2011-01-09 19:12        --------        d-----w-        c:\program files\CCleaner
2011-01-09 18:49 . 2011-01-09 18:49        --------        d-----w-        C:\_OTL
2011-01-09 18:39 . 2011-01-09 18:39        --------        d-----w-        c:\users\Caroline\AppData\Roaming\Avira
2011-01-09 17:58 . 2010-03-01 09:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-01-09 17:58 . 2010-02-16 13:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-01-09 17:58 . 2009-05-11 11:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2011-01-09 17:58 . 2009-05-11 11:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2011-01-09 17:58 . 2011-01-09 17:58        --------        d-----w-        c:\programdata\Avira
2011-01-09 17:58 . 2011-01-09 17:58        --------        d-----w-        c:\program files\Avira
2011-01-08 02:43 . 2011-01-08 02:43        --------        d-----w-        c:\users\Caroline\AppData\Roaming\Malwarebytes
2011-01-08 02:42 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 02:42 . 2011-01-08 02:42        --------        d-----w-        c:\programdata\Malwarebytes
2011-01-08 02:42 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-01-08 02:42 . 2011-01-08 02:43        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-01-08 01:20 . 2011-01-08 01:20        --------        d-----w-        c:\users\Caroline\AppData\Roaming\Tific
2011-01-08 01:20 . 2011-01-08 01:20        --------        d-----w-        c:\users\Caroline\AppData\Local\Symantec
2011-01-08 00:39 . 2011-01-09 18:09        --------        d-----w-        c:\programdata\Norton
2011-01-08 00:28 . 2011-01-08 00:28        --------        d-----w-        c:\users\Caroline\AppData\Local\ESET
2011-01-07 05:56 . 2010-11-10 04:33        6273872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{18633F97-17D8-4C2B-945E-6E2FA7971AD3}\mpengine.dll
2010-12-15 06:22 . 2010-10-20 03:00        2327552        ----a-w-        c:\windows\system32\win32k.sys
2010-12-15 06:22 . 2010-10-12 04:25        516096        ----a-w-        c:\program files\Windows Mail\wab.exe
2010-12-15 06:22 . 2010-10-27 04:32        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-12-15 06:20 . 2010-11-02 04:41        351232        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-12-15 06:20 . 2010-11-02 04:40        496128        ----a-w-        c:\windows\system32\taskschd.dll
2010-12-15 06:20 . 2010-11-02 04:39        749056        ----a-w-        c:\windows\system32\schedsvc.dll
2010-12-15 06:20 . 2010-11-02 04:40        305152        ----a-w-        c:\windows\system32\taskcomp.dll
2010-12-15 06:20 . 2010-11-02 04:34        192000        ----a-w-        c:\windows\system32\taskeng.exe
2010-12-15 06:20 . 2010-11-02 04:34        179712        ----a-w-        c:\windows\system32\schtasks.exe
2010-12-15 06:20 . 2010-10-20 04:54        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-12-15 06:20 . 2010-10-20 02:58        294400        ----a-w-        c:\windows\system32\atmfd.dll
2010-12-15 06:19 . 2010-10-16 04:36        314368        ----a-w-        c:\windows\system32\webio.dll
2010-12-15 06:19 . 2010-10-16 04:41        101760        ----a-w-        c:\windows\system32\consent.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-15 16:41 . 2010-11-05 00:50        775        ----a-w-        C:\cleanup.bat
2010-10-19 09:41 . 2010-08-01 19:16        222080        ------w-        c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Wi-Fi Sync"="c:\program files\Wi-Fi Sync\wifisync.exe" [2010-05-27 373248]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-06-24 32256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs        REG_MULTI_SZ          ReadyComm.DirectRouter PS_MDP
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.king.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\6t4kdac6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Winload Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Mein Gutscheincode Finder: finder@meingutscheincode.de - %profile%\extensions\finder@meingutscheincode.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-09  20:44:24
ComboFix-quarantined-files.txt  2011-01-09 19:44

Vor Suchlauf: 7 Verzeichnis(se), 156.689.600.512 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 156.714.528.768 Bytes frei

- - End Of File - - A2800B9D2DCC7EE3C34D9FB1E059324F
--- --- ---

cosinus 09.01.2011 21:49
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

sven77 10.01.2011 19:18
hallo, hier sind die logs


GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-10 16:47:41
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: nkwb0c3f.exe; Driver: C:\Users\Caroline\AppData\Local\Temp\pxdcrkog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                            82C48599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                      82C6CF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2864] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [753F5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2864] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [753F5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2864] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [753F5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2864] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [753F5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2864] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [753F5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2864] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]  [753F5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2864] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]  [753F5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                                          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                                               
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)                           

---- EOF - GMER 1.0.15 ----
--- --- ---


osam logfile:


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:13:53 on 10.01.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights 10" - "Nero AG" - C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"Bridge0" (Bridge0) - "Lenovo" - C:\windows\System32\drivers\WDBridge.sys
"catchme" (catchme) - ? - C:\Users\Caroline\AppData\Local\Temp\catchme.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"funfrm" (funfrm) - ? - C:\windows\system32\drivers\funfrm.sys
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\windows\System32\DRIVERS\ewusbmdm.sys  (File not found)
"LibUsb-Win32 - Kernel Driver, Version 0.1.12.2" (libusb0) - "hxxp://libusb-win32.sourceforge.net" - C:\windows\System32\drivers\libusb0.sys
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbamswissarmy.sys
"pxdcrkog" (pxdcrkog) - ? - C:\Users\Caroline\AppData\Local\Temp\pxdcrkog.sys  (Hidden registry entry, rootkit activity | File not found)
"Realtek IR Driver" (RtsUIR) - ? - C:\windows\System32\DRIVERS\Rts516xIR.sys  (File not found)
"Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\windows\System32\DRIVERS\RtsUCcid.sys  (File not found)
"RtsUStor.Sys Realtek USB Card Reader" (RSUSBSTOR) - ? - C:\windows\System32\Drivers\RtsUStor.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\wimfltr.sys
"WinRing0_1_2_0" (WinRing0_1_2_0) - ? - D:\test\ECECECEC\WinRing0.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{771C7324-DA80-49D3-8017-753B0AF60951} "VeriFace Enc" - ? -  (File not found | COM-object registry key not found)
{DF4F5AE4-E795-4C12-BC26-7726C27F71AE} "VeriFace file icon extension" - ? -  (File not found | COM-object registry key not found)
{2d3dd4c0-3bd7-11d2-821e-444553540000} "WdmidleDeviceShellExtension" - ? - c:\program files\lenovo\energy management\powcpl.dll  (File found, but it contains no detailed information)
{EB6024B6-1632-4CC7-94B1-3334A34B4554} "Web Sites" - "Microsoft Corporation" - C:\Program Files\Microsoft Expression\Web 3\fpnse.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Energy Management" - "Lenovo (Beijing) Limited" - C:\Program Files\Lenovo\Energy Management\Energy Management.exe
"EnergyUtility" - "Lenovo(beijing) Limited" - C:\Program Files\Lenovo\Energy Management\utility.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NBAgent" - "Nero AG" - "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SmartAudio" - ? - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
"UpdateP2GShortCut" - "CyberLink Corp." - "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
"Wi-Fi Sync" - ? - "C:\Program Files\Wi-Fi Sync\wifisync.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"IGRS" (IGRS) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lenovo ReadyComm AppSvc" (Lenovo ReadyComm AppSvc) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
"Lenovo ReadyComm ConnSvc" (Lenovo ReadyComm ConnSvc) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---




MBRcheck:




MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 0880
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 179):
0x82C05000 \SystemRoot\system32\ntkrnlpa.exe
0x83015000 \SystemRoot\system32\halmacpi.dll
0x80BA6000 \SystemRoot\system32\kdcom.dll
0x83219000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83291000 \SystemRoot\system32\PSHED.dll
0x832A2000 \SystemRoot\system32\BOOTVID.dll
0x832AA000 \SystemRoot\system32\CLFS.SYS
0x832EC000 \SystemRoot\system32\CI.dll
0x88820000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88891000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8889F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x888E7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x888F0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x888F8000 \SystemRoot\system32\DRIVERS\pci.sys
0x88922000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8892D000 \SystemRoot\System32\drivers\partmgr.sys
0x8893E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88946000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88951000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88961000 \SystemRoot\System32\drivers\volmgrx.sys
0x889AC000 \SystemRoot\System32\drivers\mountmgr.sys
0x88A0A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x88AE4000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88AED000 \SystemRoot\system32\drivers\fltmgr.sys
0x88B21000 \SystemRoot\system32\drivers\fileinfo.sys
0x88C1E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D4D000 \SystemRoot\System32\Drivers\msrpc.sys
0x88D78000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88D8B000 \SystemRoot\System32\Drivers\cng.sys
0x88DE8000 \SystemRoot\System32\drivers\pcw.sys
0x88DF6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88B32000 \SystemRoot\system32\drivers\ndis.sys
0x889C2000 \SystemRoot\system32\drivers\NETIO.SYS
0x83397000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x833BC000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x88C00000 \SystemRoot\System32\Drivers\spldr.sys
0x88E32000 \SystemRoot\System32\drivers\rdyboost.sys
0x88E5F000 \SystemRoot\System32\Drivers\mup.sys
0x88E6F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88E77000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88EA9000 \SystemRoot\system32\DRIVERS\disk.sys
0x88EBA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88FD7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88FF6000 \SystemRoot\System32\Drivers\Null.SYS
0x88E00000 \SystemRoot\System32\Drivers\Beep.SYS
0x88E07000 \SystemRoot\System32\drivers\vga.sys
0x8E025000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E046000 \SystemRoot\System32\drivers\watchdog.sys
0x8E053000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E05B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E063000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8E06B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E076000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E084000 \SystemRoot\System32\drivers\tcpip.sys
0x8E1CD000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8E000000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E017000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D42C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D45E000 \SystemRoot\system32\drivers\afd.sys
0x8D4B8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8D4BF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D4DE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8D4EF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D4FD000 \SystemRoot\System32\Drivers\funfrm.SYS
0x8D50E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D521000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D531000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8D537000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D578000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D582000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D58C000 \SystemRoot\System32\drivers\discache.sys
0x8D598000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D5B0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8D5BE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8D400000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EE1B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F43D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F4F4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8F52D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F538000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F583000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F592000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F629000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8F890000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8F89A000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8F8DB000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0x8F8EB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F8EF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F907000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F914000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8F94D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F95A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F960000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F972000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8F97F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8F991000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F9A9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F9B4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F9D6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F5B1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F617000 \SystemRoot\system32\DRIVERS\WDMirror.sys
0x8F61E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F5C8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F9EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E434000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E478000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E489000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8E501000 \SystemRoot\system32\drivers\portcls.sys
0x8E530000 \SystemRoot\system32\drivers\drmk.sys
0x8E549000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88EDF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8E556000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8E567000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E57E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95890000 \SystemRoot\System32\win32k.sys
0x8E580000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E58A000 \SystemRoot\system32\DRIVERS\SMIksdrv.sys
0x96E33000 \SystemRoot\system32\DRIVERS\SMIEXP.SYS
0x970A2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x970CB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95AF0000 \SystemRoot\System32\TSDDD.dll
0x95B20000 \SystemRoot\System32\cdd.dll
0x970DD000 \SystemRoot\system32\drivers\luafv.sys
0x970F8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9710D000 \SystemRoot\system32\drivers\WudfPf.sys
0x97127000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97137000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9717D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9718D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9242B000 \SystemRoot\system32\drivers\HTTP.sys
0x924B0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x924C9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x924DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x924FE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x92539000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x92554000 \SystemRoot\system32\drivers\peauth.sys
0x925EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x92400000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x971A0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x971AD000 \SystemRoot\System32\DRIVERS\srv2.sys
0x98A21000 \SystemRoot\System32\DRIVERS\srv.sys
0x98B5D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x98B68000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x98B7B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98B86000 \??\C:\Users\Caroline\AppData\Local\Temp\pxdcrkog.sys
0x77350000 \Windows\System32\ntdll.dll
0x47CE0000 \Windows\System32\smss.exe
0x77590000 \Windows\System32\apisetschema.dll
0x00690000 \Windows\System32\autochk.exe
0x774B0000 \Windows\System32\msctf.dll
0x77300000 \Windows\System32\gdi32.dll
0x77260000 \Windows\System32\usp10.dll
0x77210000 \Windows\System32\Wldap32.dll
0x774A0000 \Windows\System32\lpk.dll
0x771F0000 \Windows\System32\imm32.dll
0x77160000 \Windows\System32\clbcatq.dll
0x76FC0000 \Windows\System32\setupapi.dll
0x76F60000 \Windows\System32\shlwapi.dll
0x76ED0000 \Windows\System32\oleaut32.dll
0x76EA0000 \Windows\System32\imagehlp.dll
0x76E60000 \Windows\System32\ws2_32.dll
0x76DB0000 \Windows\System32\rpcrt4.dll
0x76D30000 \Windows\System32\comdlg32.dll
0x76C80000 \Windows\System32\msvcrt.dll
0x76A80000 \Windows\System32\iertutil.dll
0x77490000 \Windows\System32\psapi.dll
0x76A20000 \Windows\System32\difxapi.dll
0x76940000 \Windows\System32\kernel32.dll
0x76840000 \Windows\System32\wininet.dll
0x766E0000 \Windows\System32\ole32.dll
0x76610000 \Windows\System32\user32.dll
0x765F0000 \Windows\System32\sechost.dll
0x765E0000 \Windows\System32\nsi.dll
0x764A0000 \Windows\System32\urlmon.dll
0x76490000 \Windows\System32\normaliz.dll
0x75840000 \Windows\System32\shell32.dll
0x757A0000 \Windows\System32\advapi32.dll
0x75680000 \Windows\System32\crypt32.dll

Processes (total 69):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
412 csrss.exe
464 C:\Windows\System32\wininit.exe
472 csrss.exe
520 C:\Windows\System32\services.exe
536 C:\Windows\System32\lsass.exe
544 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\svchost.exe
728 C:\Windows\System32\svchost.exe
784 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\winlogon.exe
1228 C:\Windows\System32\wlanext.exe
1240 C:\Windows\System32\conhost.exe
1376 C:\Windows\System32\spoolsv.exe
1408 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1452 C:\Windows\System32\svchost.exe
1608 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1636 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1672 C:\Program Files\Bonjour\mDNSResponder.exe
1728 C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
1768 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
1820 C:\Windows\System32\IgrsSvcs.exe
1908 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2004 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2012 C:\Windows\System32\conhost.exe
2036 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\taskhost.exe
956 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1576 C:\Windows\explorer.exe
2136 WmiPrvSE.exe
2196 C:\Windows\System32\dwm.exe
2308 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2316 C:\Windows\System32\igfxtray.exe
2324 C:\Windows\System32\hkcmd.exe
2332 C:\Windows\System32\igfxpers.exe
2404 C:\Program Files\CONEXANT\SAII\SmartAudio.exe
2424 C:\Windows\System32\igfxsrvc.exe
2432 C:\Program Files\Lenovo\Energy Management\utility.exe
2468 C:\Program Files\Lenovo\Energy Management\Energy Management.exe
2532 C:\Program Files\Wi-Fi Sync\wifisync.exe
2572 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2772 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2852 C:\Program Files\Windows Sidebar\sidebar.exe
2864 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2892 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3292 WmiPrvSE.exe
3352 C:\Program Files\iTunes\iTunesHelper.exe
2248 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2100 C:\Program Files\iPod\bin\iPodService.exe
3600 C:\Windows\System32\svchost.exe
1616 C:\Program Files\Windows Media Player\wmpnetwk.exe
1372 C:\Windows\System32\svchost.exe
5336 C:\Program Files\Nero\Update\NASvc.exe
5452 C:\Windows\System32\svchost.exe
5200 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5980 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
3248 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
1320 C:\Program Files\Mozilla Firefox\firefox.exe
4960 C:\Windows\System32\audiodg.exe
5500 dllhost.exe
3884 dllhost.exe
4428 C:\Users\Caroline\Desktop\MBRCheck.exe
2948 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000034`c1e00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000053`74900000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-24A0RT0, Rev: 01.01A02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 10.01.2011 20:23
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

sven77 12.01.2011 16:42
hallo ,hab die beiden logs

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5481

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.01.2011 20:15:04
mbam-log-2011-01-11 (20-15-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 262268
Laufzeit: 1 Stunde(n), 7 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)







SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/12/2011 at 04:20 PM

Application Version : 4.47.1000

Core Rules Database Version : 6181
Trace Rules Database Version: 3993

Scan type : Complete Scan
Total Scan Time : 01:07:05

Memory items scanned : 547
Memory threats detected : 0
Registry items scanned : 9093
Registry threats detected : 0
File items scanned : 38312
File threats detected : 14

Adware.Tracking Cookie
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\caroline@atdmt.combing[2].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\caroline@atdmt[2].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@ad.yieldmanager[1].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@adfarm1.adition[2].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@adtech[2].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@advertising[1].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@adviva[2].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@apmebf[2].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@atdmt.combing[1].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@atdmt[2].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@doubleclick[2].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@fastclick[1].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@mediaplex[2].txt
C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Cookies\Low\caroline@specificclick[1].txt

cosinus 12.01.2011 16:52
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

sven77 12.01.2011 18:45
nein granix ,alles super soweit läuft auch wieder schneller der rechner,

vielen vielen dank nochmal ,schön das es so ein board wie dieses gibt:daumenhoc

cosinus 12.01.2011 20:13
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131