Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Laptop hat Aussetzer! (https://www.trojaner-board.de/94637-laptop-hat-aussetzer.html)

Alp90 10.01.2011 18:34
Laptop hat Aussetzer!
 
Hallo,

mein Laptop hat in letzter Zeit extrem viele aber sehr kurze Aussetzer. Meist ist es beim Surfen. Gerade beim Verfassen des Textes auch:)

Ich tippe zwar, aber das getippte erscheint später!

So ist dies auch beim Scrollen oder bei Videos. Desweiteren ist mir aufgefallen dass die Topicschrift bei Youtubevideos verzerrt ist. Kaum lesbar. Vllt hängt das ja alles miteinander zusammen :)

Hoffe man kann einen Hardwarefehler der GraKa ausschließen.

Mfg

Alp

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:32:14, on 10.01.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\BisonCam\BisonAPP.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Athan\Athan.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\mfpmp.exe
C:\Users\XY\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htt://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt://search.conduit.com?SearchSource=10&ctid=CT2613802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htt://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htt://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Athan] "C:\Program Files (x86)\Athan\Athan.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: phase-6 Reminder.lnk = C:\Program Files (x86)\phase-6\phase-6-basic\reminder\reminder.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8114 bytes

cosinus 10.01.2011 20:45
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Alp90 11.01.2011 19:56
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5500

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.01.2011 00:26:16
mbam-log-2011-01-11 (00-26-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 242867
Laufzeit: 32 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> 1476 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.

Alp90 11.01.2011 20:02
Doppelt..Sry :)

Alp90 11.01.2011 20:02
OTL Logfile:
Code:
OTL logfile created on: 11.01.2011 19:54:36 - Run 2
OTL by OldTimer - Version 3.2.20.1    Folder = C:\Users\XY\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 86,50 Gb Free Space | 37,14% Space Free | Partition Type: NTFS
Drive D: | 587,69 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: XY-PC | User Name: XY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XY\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Athan\Athan.exe (IslamicFinder: Accurate Prayer Times, Athan (Azan), Mosques (Masjids), Islamic Center, Muslim Owned Businesses, Hijri Calendar, Islamic Directory worldwide.)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XY\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Cam5603D) -- C:\Windows\SysNative\Drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV:64bit: - (smscirrx64) -- C:\Windows\SysNative\DRIVERS\smscirrx64.sys (SMSC)
DRV:64bit: - (WINIO) -- C:\Windows\SysNative\WinIo.sys (Internals.com - The best online resource for system programmers)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613802&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.co:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.co:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613802&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.14 18:46:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.29 19:48:29 | 000,000,000 | ---D | M]
 
[2010.06.26 20:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XY\AppData\Roaming\mozilla\Extensions
[2011.01.10 20:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XY\AppData\Roaming\mozilla\Firefox\Profiles\hcid4f9c.default\extensions
[2010.09.28 22:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XY\AppData\Roaming\mozilla\Firefox\Profiles\hcid4f9c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.10 18:41:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XY\AppData\Roaming\mozilla\Firefox\Profiles\hcid4f9c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.08 10:51:52 | 000,000,947 | ---- | M] () -- C:\Users\XY\AppData\Roaming\Mozilla\Firefox\Profiles\hcid4f9c.default\searchplugins\conduit.xml
[2010.11.26 11:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.11.26 11:55:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.16 19:41:18 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2010.11.17 12:39:57 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2010.06.28 15:03:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.02 16:38:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.02 16:38:42 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.02 16:38:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.02 16:38:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.02 16:38:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.19 20:01:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O4:64bit: - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PowerManager] C:\Program Files (x86)\Power Manager\PM.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (IslamicFinder: Accurate Prayer Times, Athan (Azan), Mosques (Masjids), Islamic Center, Muslim Owned Businesses, Hijri Calendar, Islamic Directory worldwide.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe (AVM Software Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\XY\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\XY\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.10 18:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.01.10 18:38:06 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.16 07:42:31 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.16 07:42:31 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.16 07:42:30 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.12.16 07:42:30 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.16 07:42:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.16 07:42:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.12.16 07:42:03 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.16 07:41:39 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.16 07:41:38 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.16 07:41:34 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.16 07:41:33 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.16 07:41:31 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.16 07:41:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.16 07:41:30 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.16 07:41:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.16 07:41:29 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010.12.16 07:41:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010.12.16 07:41:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010.12.16 07:41:28 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010.12.16 07:40:31 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.16 07:40:31 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.16 07:40:30 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.16 07:40:30 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.16 07:40:30 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.16 07:40:29 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.11 19:55:47 | 000,027,715 | ---- | M] () -- C:\Users\XY\AppData\Roaming\nvModes.dat
[2011.01.11 19:55:47 | 000,027,715 | ---- | M] () -- C:\Users\XY\AppData\Roaming\nvModes.001
[2011.01.11 19:37:10 | 000,000,680 | ---- | M] () -- C:\Users\XY\AppData\Local\d3d9caps.dat
[2011.01.11 19:37:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.11 19:37:06 | 000,031,306 | ---- | M] () -- C:\Windows\KernelMessage
[2011.01.11 00:28:39 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.11 00:28:38 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.11 00:27:00 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.10 23:51:39 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.10 18:38:08 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.01.10 11:15:14 | 000,114,514 | ---- | M] () -- C:\Users\XY\Desktop\Konsolosluk 2.jpg
[2011.01.10 11:14:47 | 000,131,488 | ---- | M] () -- C:\Users\XY\Desktop\Konsolosluk 1.jpg
[2011.01.07 19:59:19 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011.01.06 22:09:03 | 000,007,093 | ---- | M] () -- C:\Users\XY\Desktop\Dokument.rtf
[2011.01.06 22:04:13 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2010.12.29 20:30:22 | 000,139,723 | ---- | M] () -- C:\Users\XY\Desktop\Miswak.pdf
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.19 18:17:26 | 000,252,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.18 21:23:54 | 003,546,908 | ---- | M] () -- C:\Users\XY\Desktop\ebook_version_usul_ath_thalatha.pdf
[2010.12.18 04:04:50 | 001,472,576 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.18 04:04:50 | 000,638,344 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.18 04:04:50 | 000,604,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.18 04:04:50 | 000,131,514 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.18 04:04:50 | 000,107,958 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.17 12:42:40 | 031,072,742 | ---- | M] () -- C:\Users\XY\Desktop\SNC00007.mp4
 
========== Files Created - No Company Name ==========
 
[2011.01.10 18:38:08 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.01.10 11:15:14 | 000,114,514 | ---- | C] () -- C:\Users\XY\Desktop\Konsolosluk 2.jpg
[2011.01.10 11:14:46 | 000,131,488 | ---- | C] () -- C:\Users\XY\Desktop\Konsolosluk 1.jpg
[2011.01.07 19:59:19 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011.01.06 22:09:02 | 000,007,093 | ---- | C] () -- C:\Users\XY\Desktop\Dokument.rtf
[2011.01.06 22:04:13 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2010.12.29 20:30:22 | 000,139,723 | ---- | C] () -- C:\Users\XY\Desktop\Miswak.pdf
[2010.12.18 21:23:54 | 003,546,908 | ---- | C] () -- C:\Users\XY\Desktop\ebook_version_usul_ath_thalatha.pdf
[2010.12.18 03:25:46 | 031,072,742 | ---- | C] () -- C:\Users\XY\Desktop\SNC00007.mp4
[2010.11.27 10:29:27 | 000,000,552 | ---- | C] () -- C:\Users\XY\AppData\Local\d3d8caps.dat
[2010.09.29 11:12:41 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
[2010.09.29 11:12:41 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.09.29 11:12:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.07.10 21:39:11 | 000,023,413 | ---- | C] () -- C:\Users\XY\AppData\Roaming\__t.bin
[2010.06.28 14:04:35 | 000,002,479 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.06.27 20:22:40 | 000,017,920 | ---- | C] () -- C:\Users\XY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 20:19:53 | 000,443,528 | ---- | C] () -- C:\Users\XY\AppData\Local\dd_vcredistMSI4240.txt
[2010.06.26 20:19:53 | 000,013,978 | ---- | C] () -- C:\Users\XY\AppData\Local\dd_vcredistUI4240.txt
[2010.06.26 14:50:15 | 000,027,715 | ---- | C] () -- C:\Users\XY\AppData\Roaming\nvModes.001
[2010.06.26 14:50:12 | 000,027,715 | ---- | C] () -- C:\Users\XY\AppData\Roaming\nvModes.dat
[2010.06.26 14:35:58 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2010.06.26 14:26:27 | 000,000,680 | ---- | C] () -- C:\Users\XY\AppData\Local\d3d9caps.dat
[2010.06.26 14:22:44 | 000,000,732 | ---- | C] () -- C:\Users\XY\AppData\Local\d3d9caps64.dat
[2009.04.11 17:24:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.11 17:23:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2008.01.21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002.07.31 17:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2001.02.15 19:43:14 | 000,143,447 | ---- | C] () -- C:\Windows\SysWow64\DispLayline.dll
[1999.11.16 10:57:08 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Comdll32.DLL

< End of report >
--- --- ---

OTL Logfile:
Code:
OTL Extras logfile created on: 11.01.2011 19:54:39 - Run 2
OTL by OldTimer - Version 3.2.20.1    Folder = C:\Users\XY\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 86,50 Gb Free Space | 37,14% Space Free | Partition Type: NTFS
Drive D: | 587,69 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: XY-PC | User Name: XY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = 00 AF B5 BE C4 BA C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081C5A19-38F1-4CDB-BA5E-994FC047FE39}" = rport=445 | protocol=6 | dir=out | app=system |
"{118F4419-5A94-4C08-B428-DFF0D28A7BDE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{13377F9F-7E79-4CAC-B709-F0FFC4E2A101}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3FEB6D93-25F3-4CEC-985E-9861D7023247}" = lport=137 | protocol=17 | dir=in | app=system |
"{5E6407F6-0799-48DF-A3F5-21213B031D9B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6125BFEB-65F3-45B1-8606-363984EC97C5}" = lport=138 | protocol=17 | dir=in | app=system |
"{70A5043B-3210-406F-8A41-9289371FA5B6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{77C6CC02-0655-4044-88C5-AA2C62CAA1E3}" = rport=139 | protocol=6 | dir=out | app=system |
"{A074CB0E-0B46-4862-9B54-355D0112DCAD}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0688B91-B8AF-42AB-A1C0-9CA07CD6D228}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BCF14C2D-71BE-4075-899B-EAAFFCA1A66C}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE1754DE-D95A-45F5-BE2E-412FA4B7C09B}" = rport=138 | protocol=17 | dir=out | app=system |
"{C909E2D0-EC49-4F85-A017-AA30BE08ED75}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C9BC91D1-525B-41DC-9B63-7C9174DF4B90}" = lport=139 | protocol=6 | dir=in | app=system |
"{D58F19D3-03B7-4A12-8A7E-20C61934053C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DC435F22-3BBC-4D20-87DF-1C55FBB3EB4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{158A2D8E-4200-48CC-B075-244A9CA1A1EC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{265B0625-93F0-4E84-9990-EE15145FD3F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{38B86D69-FFA9-4DF0-9FD7-23E77C0A9B5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4B533D0A-C87E-4182-9EAF-96FE87126B06}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{4F37550C-74DF-450D-AAEC-63F2D451A88A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{52845D25-EC56-464F-BE12-57F32025E873}" = protocol=17 | dir=in | app=d:\alicesetup.exe |
"{56293037-0978-48CE-A2B3-8B64EF10F4D2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{61372077-EABD-4799-B550-2661CE5850A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3175D8A-9F3F-4038-8371-F9D0FCE62668}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A770477F-1ED1-4811-A242-67E6F38BA2C9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{AC3BECE0-9715-4005-BE89-39E453FCAEFD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{AF77A88D-7835-407E-B42F-55ACD0778623}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{BC04D75A-02FC-4A8E-A667-6C0088E9320B}" = protocol=6 | dir=in | app=d:\alicesetup.exe |
"{C62F560F-F9E7-43CD-BDA1-B09A6B8E1509}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DAA4C1BE-24CA-464C-AEAC-4913051EF3C0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{FBB83BFA-25D6-4617-A8A7-AF90612FE55E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{2FCFCAD4-4070-4A17-ADDC-24FA8DC84302}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{37F6AEB4-D543-43BB-B141-699341FD4832}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{55CEA5BE-5613-46A1-8A3B-12E9F01EDC86}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe |
"TCP Query User{A0E6CCDA-0E08-4D99-826C-A3B724671DD2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{E73AA3C5-BEBC-4228-B761-A8279EC7CDEF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{EFB78FA7-F1B2-4681-9DC9-24CD9B10A302}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{008CBBA5-3236-4482-824B-B95CEE30CF95}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{0455D09B-6F1B-4658-B76F-95FDF70F4126}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{6D1B9648-B141-4DC7-9C94-D1777BA7A191}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{89CA535C-7FF3-4EC6-9C7C-5CCAACDF4247}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{938762A7-08D7-4985-BD3C-0CF013A139E9}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe |
"UDP Query User{C3D69FEC-B169-4B08-9558-E1F0B02C9A78}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6D7AED4A30ABE45AFA06FB0B660D7C60C13E28F0" = Windows-Treiberpaket - SMSC (smscirrx64) HIDClass  (02/02/2007 6.1.6000.0)
"CCleaner" = CCleaner
"D9C2CADBCACF6F12970B98531B829B14456435B3" = Windows Driver Package - Silicon Integrated Systems Corp.(1.11.03) (SIS163u) Net  (05/07/2007 6.0.1039.1110)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"OEMInformation" = OEM Logo and Information
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.26
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Mythology 1.0" = Age of Mythology
"Athan" = Athan Basic 3.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free FLV Converter_is1" = Free FLV Converter V 6.91.0
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"IsoBuster_is1" = IsoBuster 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PalTalk8.2" = PaltalkScene
"phase-6-basic" = phase-6-basic 2.1.2.1b
"Power Manager_is1" = Power Manager 2.1.7
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.12.2010 13:25:40 | Computer Name = XY-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\XY\Downloads\SoftonicDownloader62459.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 10.12.2010 05:50:29 | Computer Name = XY-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\XY\Downloads\SoftonicDownloader62459.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 12.12.2010 08:35:28 | Computer Name = XY-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
 0x49e01e78, fehlerhaftes Modul tbEinl.dll, Version 5.7.2.2, Zeitstempel 0x4c1502d4,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0014ba56,  Prozess-ID 0x13f8, Anwendungsstartzeit
 01cb99f8f0e99490.
 
Error - 12.12.2010 14:51:47 | Computer Name = XY-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\XY\Downloads\SoftonicDownloader62459.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 13.12.2010 16:09:29 | Computer Name = XY-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\XY\Downloads\SoftonicDownloader62459.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 13.12.2010 16:13:36 | Computer Name = XY-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\$Recycle.Bin\S-1-5-21-1742451714-2794927852-2085575845-1000\$RKUVJQV.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 17.12.2010 19:18:54 | Computer Name = XY-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
 0x49e01e78, fehlerhaftes Modul tbEinl.dll, Version 5.7.2.2, Zeitstempel 0x4c1502d4,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0014ba56,  Prozess-ID 0x13f4, Anwendungsstartzeit
 01cb9e40bee4c3b0.
 
Error - 21.12.2010 06:36:02 | Computer Name = XY-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
 0x49e01e78, fehlerhaftes Modul tbEinl.dll, Version 5.7.2.2, Zeitstempel 0x4c1502d4,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0014ba56,  Prozess-ID 0x1080, Anwendungsstartzeit
 01cba0fa916b7d40.
 
Error - 22.12.2010 12:50:29 | Computer Name = XY-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aom.exe, Version 3.2004.4.2300, Zeitstempel
0x40897503, fehlerhaftes Modul d3d8.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a65b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0001b754,  Prozess-ID 0x30c, Anwendungsstartzeit
 01cba1f7f9d39c20.
 
Error - 29.12.2010 05:27:46 | Computer Name = XY-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
 0x49e01e78, fehlerhaftes Modul tbEinl.dll, Version 5.7.2.2, Zeitstempel 0x4c1502d4,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0014ba56,  Prozess-ID 0x1bb0, Anwendungsstartzeit
 01cba73a8ac996c0.
 
[ System Events ]
Error - 22.10.2010 03:40:02 | Computer Name = XY-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.10.2010 04:50:30 | Computer Name = XY-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.10.2010 07:38:31 | Computer Name = XY-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.10.2010 13:40:24 | Computer Name = XY-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.10.2010 13:43:13 | Computer Name = XY-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.10.2010 15:02:15 | Computer Name = XY-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.10.2010 15:03:30 | Computer Name = XY-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.10.2010 16:21:48 | Computer Name = XY-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.10.2010 16:22:45 | Computer Name = XY-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.10.2010 16:30:11 | Computer Name = XY-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.10.2010 um 22:27:16 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

cosinus 11.01.2011 20:11
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alp90 11.01.2011 21:28
Combofix Logfile:
Code:
ComboFix 11-01-10.08 - XY 11.01.2011  20:41:40.1.2 - x64
Microsoft® Windows Vista™ Ultimate  6.0.6002.2.1252.49.1031.18.4094.2553 [GMT 1:00]
ausgeführt von:: c:\users\XY\Desktop\Cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\BisonCam.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-12-11 bis 2011-01-11  ))))))))))))))))))))))))))))))
.

2011-01-11 19:46 . 2011-01-11 19:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-01-11 18:54 . 2010-11-10 05:35        8199504        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F2B4B2A-E4DB-4AA3-AFF2-861AF3AB1E46}\mpengine.dll
2011-01-10 17:38 . 2011-01-10 17:38        --------        d-----w-        c:\program files\CCleaner
2010-12-16 06:42 . 2010-10-28 14:05        367104        ----a-w-        c:\windows\system32\atmfd.dll
2010-12-16 06:42 . 2010-10-28 13:27        292352        ----a-w-        c:\windows\SysWow64\atmfd.dll
2010-12-16 06:42 . 2010-10-28 16:29        48128        ----a-w-        c:\windows\system32\atmlib.dll
2010-12-16 06:42 . 2010-10-28 15:44        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2010-12-16 06:42 . 2010-06-16 16:30        96256        ----a-w-        c:\windows\system32\fontsub.dll
2010-12-16 06:42 . 2010-06-16 15:30        72704        ----a-w-        c:\windows\SysWow64\fontsub.dll
2010-12-16 06:42 . 2010-11-03 10:53        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2010-12-16 06:42 . 2010-11-03 10:51        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat
2010-12-16 06:42 . 2010-10-18 15:35        87552        ----a-w-        c:\windows\system32\consent.exe
2010-12-16 06:40 . 2010-11-06 11:18        855040        ----a-w-        c:\windows\system32\schedsvc.dll
2010-12-16 06:40 . 2010-11-06 11:18        500224        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-12-16 06:40 . 2010-11-06 11:18        655872        ----a-w-        c:\windows\system32\taskschd.dll
2010-12-16 06:40 . 2010-11-06 11:18        410112        ----a-w-        c:\windows\system32\taskcomp.dll
2010-12-16 06:40 . 2010-11-04 23:58        267776        ----a-w-        c:\windows\system32\taskeng.exe
2010-12-16 06:40 . 2010-11-04 18:55        352768        ----a-w-        c:\windows\SysWow64\taskschd.dll
2010-12-16 06:40 . 2010-11-04 18:55        270336        ----a-w-        c:\windows\SysWow64\taskcomp.dll
2010-12-16 06:40 . 2010-11-04 16:34        171520        ----a-w-        c:\windows\SysWow64\taskeng.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-11-17 19:06        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-17 19:06        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-25 09:18 . 2010-06-26 19:23        83120        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2010-06-27 11:48        270720        ------w-        c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2988784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Athan"="c:\program files (x86)\Athan\Athan.exe" [2010-03-27 1146880]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6-basic\reminder\reminder.exe [2010-10-28 1032192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-03 868848]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S3 smscirrx64;SMSC CIR Receive;c:\windows\system32\DRIVERS\smscirrx64.sys [2007-02-02 44032]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2011-01-07 c:\windows\Tasks\WebReg Officejet 5600 series.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 19:36]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"RtHDVCpl"="RAVCpl64.exe" [2007-01-17 4962304]
"BisonAPP"="c:\windows\BisonCam\BisonAPP.exe" [2007-05-17 49152]
"NvSvc"="c:\windows\system32\nvsvc64.dll" [2007-07-24 88064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-24 10689536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-24 74752]
"PowerManager"="c:\program files (x86)\Power Manager\PM.exe" [2007-03-13 35328]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613802
mLocal Page = %SystemRoot%\system32\blank.htm
FF - ProfilePath - c:\users\XY\AppData\Roaming\Mozilla\Firefox\Profiles\hcid4f9c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613802&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.webaslan.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613802&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1742451714-2794927852-2085575845-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,ee,fc,de,c6,e5,88,70,9f,14,b3,3a,82,4d,3d,f7,58,6c,ae,00,48,
  9e,9f,07,fe,31,99,b8,13,19,e1,0e,58,6c,20,3e,62,79,ce,59,9a,99,71,d4,26,b6,\
"rkeysecu"=hex:64,84,11,4e,d8,ac,4c,c7,31,92,03,a0,ec,d0,3e,53

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-01-11  20:49:04
ComboFix-quarantined-files.txt  2011-01-11 19:49

Vor Suchlauf: 11 Verzeichnis(se), 90.692.325.376 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 90.606.821.376 Bytes frei

- - End Of File - - 37948B961261D84280ABEF7BA957C26A
--- --- ---

cosinus 11.01.2011 22:04
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Alp90 12.01.2011 13:45
Hallo ich kann bei GMER die Häkchen nicht setzen!

So siehts aus:

hxxp://img843.imageshack.us/i/bildm.jpg/

Ist das dennoch ok so?

Mfg

cosinus 12.01.2011 14:35
GMER per Rechtsklick als Administrator ausgeführt?

Alp90 12.01.2011 15:35
Ja :)...Dennoch...

cosinus 12.01.2011 15:36
Dann lass GMER einfach weg.

Alp90 12.01.2011 15:45
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Xa 2528
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 158):
0x0245F000 \SystemRoot\system32\ntoskrnl.exe
0x02419000 \SystemRoot\system32\hal.dll
0x00601000 \SystemRoot\system32\kdcom.dll
0x0060B000 \SystemRoot\system32\PSHED.dll
0x0061F000 \SystemRoot\system32\CLFS.SYS
0x0067C000 \SystemRoot\system32\CI.dll
0x0080A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00A0D000 \SystemRoot\System32\Drivers\sphw.sys
0x00B41000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00B4A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00B78000 \SystemRoot\system32\drivers\acpi.sys
0x00BCE000 \SystemRoot\system32\drivers\msisadrv.sys
0x008F2000 \SystemRoot\system32\drivers\pci.sys
0x00BD8000 \SystemRoot\System32\drivers\partmgr.sys
0x00BED000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00BF1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00922000 \SystemRoot\system32\drivers\volmgr.sys
0x00936000 \SystemRoot\System32\drivers\volmgrx.sys
0x00A00000 \SystemRoot\system32\drivers\pciide.sys
0x0099C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009AC000 \SystemRoot\System32\drivers\mountmgr.sys
0x009BF000 \SystemRoot\system32\drivers\atapi.sys
0x009C7000 \SystemRoot\system32\drivers\ataport.SYS
0x009EB000 \SystemRoot\system32\drivers\nvstor.sys
0x0072E000 \SystemRoot\system32\drivers\storport.sys
0x0078B000 \SystemRoot\system32\drivers\fltmgr.sys
0x007D2000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0E000 \SystemRoot\system32\drivers\ndis.sys
0x00C87000 \SystemRoot\system32\drivers\msrpc.sys
0x00CD7000 \SystemRoot\system32\drivers\NETIO.SYS
0x01003000 \SystemRoot\System32\drivers\tcpip.sys
0x01179000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01389000 \SystemRoot\system32\drivers\volsnap.sys
0x013CD000 \SystemRoot\System32\Drivers\spldr.sys
0x013D5000 \SystemRoot\System32\Drivers\mup.sys
0x011A5000 \SystemRoot\System32\drivers\ecache.sys
0x011D1000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013E7000 \SystemRoot\system32\drivers\disk.sys
0x00FD1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00E00000 \SystemRoot\system32\drivers\crcdisk.sys
0x00D6B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00D78000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x02E04000 \SystemRoot\system32\DRIVERS\athrx.sys
0x03001000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03A0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03AEE000 \SystemRoot\System32\drivers\watchdog.sys
0x03AFE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03B14000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03B22000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03B2E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03B33000 \SystemRoot\system32\DRIVERS\smscirrx64.sys
0x03B45000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x03B4F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03B5A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03BA0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03BB1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03BCD000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x03BDF000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x03C07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E0A000 \SystemRoot\system32\DRIVERS\nvm60x64.sys
0x03F2A000 \SystemRoot\System32\Drivers\aojxcd28.SYS
0x03F6C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03FA5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03FB2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03FD5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03CF4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03FE1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03D25000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03D43000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03D5B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x03931000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03FF1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03944000 \SystemRoot\system32\DRIVERS\ks.sys
0x03BEF000 \SystemRoot\system32\DRIVERS\circlass.sys
0x03FF3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03978000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03988000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x039D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0440F000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04503000 \SystemRoot\system32\drivers\portcls.sys
0x0453E000 \SystemRoot\system32\drivers\drmk.sys
0x04561000 \SystemRoot\system32\drivers\ksthunk.sys
0x04567000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
0x04805000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x04A0A000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x04AD1000 \SystemRoot\system32\drivers\modem.sys
0x04AE0000 \SystemRoot\system32\DRIVERS\hidir.sys
0x04AEB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04AFD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04B05000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04B10000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04B1B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04B25000 \SystemRoot\System32\Drivers\Null.SYS
0x04B2E000 \SystemRoot\System32\drivers\vga.sys
0x04B3C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04B61000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04B6A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04B73000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04B7E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04B8F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04B98000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04BB5000 \SystemRoot\system32\DRIVERS\smb.sys
0x04983000 \SystemRoot\system32\drivers\afd.sys
0x045B8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04BD0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04BEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04A00000 \??\C:\Windows\system32\WinIo.sys
0x039E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x049EE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04400000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02F69000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02FB6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04606000 \SystemRoot\system32\drivers\csc.sys
0x0467C000 \SystemRoot\System32\Drivers\dfsc.sys
0x04699000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x046BB000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x046C9000 \SystemRoot\System32\Drivers\bthport.sys
0x04777000 \SystemRoot\System32\Drivers\USBD.SYS
0x04779000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x047AA000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x047B7000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x04ED3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x04EEF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04EFD000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04F07000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x04F17000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x04F2A000 \SystemRoot\System32\drivers\Dxapi.sys
0x00460000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x04F49000 \SystemRoot\system32\drivers\luafv.sys
0x04F6B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x09C08000 \SystemRoot\system32\drivers\spsys.sys
0x09CA2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x09CB6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x09CEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x09CF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09D0D000 \SystemRoot\system32\drivers\HTTP.sys
0x09DB0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x09DD9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04F88000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04FA2000 \SystemRoot\system32\drivers\mrxdav.sys
0x04FC9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x00D8C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x047D6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02FC2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A002000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A096000 \SystemRoot\system32\drivers\peauth.sys
0x0A14C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A157000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A178000 \SystemRoot\system32\DRIVERS\monitor.sys
0x04E00000 \SystemRoot\System32\Drivers\BisonCam.sys
0x0A18B000 \SystemRoot\System32\Drivers\STREAM.SYS
0x77C70000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
516 C:\Windows\System32\smss.exe
592 csrss.exe
636 C:\Windows\System32\wininit.exe
656 csrss.exe
692 C:\Windows\System32\services.exe
724 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\lsass.exe
752 C:\Windows\System32\lsm.exe
904 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\svchost.exe
660 C:\Windows\System32\svchost.exe
684 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\audiodg.exe
1128 C:\Windows\System32\SLsvc.exe
1220 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\spoolsv.exe
1660 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1672 C:\Windows\System32\svchost.exe
1944 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1972 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2004 C:\Windows\System32\svchost.exe
2040 C:\Windows\SysWOW64\svchost.exe
900 C:\Windows\System32\svchost.exe
2020 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
1500 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2056 C:\Windows\System32\svchost.exe
2092 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2176 C:\Windows\System32\svchost.exe
2964 C:\Windows\System32\taskeng.exe
3008 C:\Windows\System32\dwm.exe
3064 C:\Windows\explorer.exe
1236 C:\Windows\RAVCpl64.exe
2576 C:\Windows\BisonCam\BisonAPP.exe
2764 C:\Windows\System32\rundll32.exe
1344 C:\Program Files (x86)\Power Manager\PM.exe
912 C:\Windows\WindowsMobile\wmdSync.exe
892 C:\Windows\System32\rundll32.exe
2932 C:\Windows\ehome\ehtray.exe
2804 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3112 C:\Windows\System32\svchost.exe
3208 C:\Program Files\Windows Defender\MSASCui.exe
3228 C:\Program Files\Windows Media Player\wmpnscfg.exe
3244 C:\Windows\ehome\ehmsas.exe
3328 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3348 C:\Program Files\Windows Media Player\wmpnetwk.exe
3368 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
3400 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3424 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
3432 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2256 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
3292 C:\Windows\System32\taskeng.exe
4716 C:\Windows\System32\svchost.exe
5060 C:\Users\Alparslan\Desktop\uyev4euu.exe
348 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4828 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1196 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
2064 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
204 C:\Users\Alparslan\Desktop\MBRCheck.exe
3656 C:\Windows\SysWOW64\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDC WD2500BEVS-00UST, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 12.01.2011 16:52
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Alp90 13.01.2011 21:25
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5512

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13.01.2011 21:23:51
mbam-log-2011-01-13 (21-23-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 247187
Laufzeit: 43 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 3424 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.


Sieht ja noch nicht ganz clean aus. Das Problem ist aber seit der ersten Bereinigung nicht mehr da :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:56 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131