Trojaner-Board - BKA Trojaner

Hallo Kira,

erstmal Danke für deine Hilfe.

Eine Systemwiederherstellung hat nicht funktioniert.
Es kam ein blauer Bildschirm mit einer Error Meldung.

Hier der Maleware Bericht:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 911122605
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

27.12.2011 13:58:06

mbam-log-2011-12-27 (13-58-06).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|L:\|M:\|)

Durchsuchte Objekte: 509479

Laufzeit: 1 Stunde(n), 11 Minute(n), 53 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\NormalUser\AppData\Local\Temp\0.7555952349452615.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\NormalUser\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\0.7555952349452615.exe.lnk (Backdoor.Agent) -> Quarantined and deleted successfully.

Dann die Beiden ODL Text Dateien:

OTL Logfile:

Code:

OTL Extras logfile created on: 27.12.2011 14:24:28 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Administrator\Downloads

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,62% Memory free

6,00 Gb Paging File | 4,39 Gb Available in Paging File | 73,13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195,21 Gb Total Space | 110,93 Gb Free Space | 56,82% Space Free | Partition Type: NTFS

Drive D: | 270,45 Gb Total Space | 246,30 Gb Free Space | 91,07% Space Free | Partition Type: NTFS

 

Computer Name: User-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"WinRAR archiver" = WinRAR 4.00 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25

"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.30 Patch 1

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World

"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi

"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{CC084EC0-5F74-4A17-8635-3ED61D501643}_is1" = Flyff

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3F04224-BA9A-4068-8A51-83267B4E7496}" = yo3_de

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1489-3350-5074-6281" = JDownloader 0.9

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DAEMON Tools Lite" = DAEMON Tools Lite

"DivX Setup.divx.com" = DivX-Setup

"EA Installer.-1797597899" = EA Installer

"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11

"GIGA_Deutsch Toolbar" = GIGA Deutsch Toolbar

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 2.8.5

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.5.0

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300

"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Opera 11.11.2109" = Opera 11.11

"PROR" = Microsoft Office Professional 2007

"Steam App 36620" = Forsaken World 

"Steam App 80" = Counter-Strike: Condition Zero

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Tunngle beta_is1" = Tunngle beta

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite" = Windows Live Essentials

"xampp" = XAMPP 1.7.4

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Wizard101(DE)_is1" = Wizard101(DE)

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.11.2011 14:55:45 | Computer Name = User-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: ideas.exe, Version: 1.0.3.9, Zeitstempel:

 0x00000000  Name des fehlerhaften Moduls: ideas.exe, Version: 1.0.3.9, Zeitstempel:

 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003469d  ID des fehlerhaften Prozesses:

 0x5e0  Startzeit der fehlerhaften Anwendung: 0x01cc9a59de029265  Pfad der fehlerhaften

 Anwendung: D:\Pokemon\ideas.exe  Pfad des fehlerhaften Moduls: D:\Pokemon\ideas.exe

Berichtskennung:

 6f717125-064d-11e1-9121-001921479614

 

Error - 05.11.2011 08:24:45 | Computer Name = User-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\User\Downloads\SoftonicDownloader_fuer_ideas.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

 

Error - 12.11.2011 09:33:28 | Computer Name = User-PC | Source = Application Hang | ID = 1002

Description = Programm msnmsgr.exe, Version 15.4.3508.1109 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 29c    Startzeit: 01cca13291bc165f    Endzeit: 34    Anwendungspfad: 

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe    Berichts-ID: e3fc3400-0d32-11e1-b07c-001921479614
 

 

Error - 20.11.2011 14:53:25 | Computer Name = User-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-1094067387-2297994123-2545568485-1003\$R6ZYL4V.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

 

Error - 09.12.2011 18:56:09 | Computer Name = User-PC | Source = Application Hang | ID = 1002

Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7d8    Startzeit: 

01ccb6c59ef9ff13    Endzeit: 7    Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe
 

Berichts-ID:

 f669854e-22b8-11e1-88e4-001921479614  

 

Error - 12.12.2011 19:25:21 | Computer Name = User-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667,

 Zeitstempel: 0x4c7dc5a1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,

 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xf9d94be8  ID des fehlerhaften

 Prozesses: 0x1374  Startzeit der fehlerhaften Anwendung: 0x01ccb920a58f0167  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Pfad

 des fehlerhaften Moduls: unknown  Berichtskennung: 8eaa02bd-2518-11e1-9223-001921479614

 

Error - 12.12.2011 19:25:42 | Computer Name = User-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,

 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,

 Zeitstempel: 0x4e211da1  Ausnahmecode: 0x0000046b  Fehleroffset: 0x000000000000a88d

ID

 des fehlerhaften Prozesses: 0x9b0  Startzeit der fehlerhaften Anwendung: 0x01ccb90a27b609ac

Pfad

 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad

 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 9ba653fa-2518-11e1-9223-001921479614

 

Error - 13.12.2011 13:55:17 | Computer Name = User-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: notepad.exe, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bc60f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,

 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00c8c65c  ID des fehlerhaften

 Prozesses: 0xe80  Startzeit der fehlerhaften Anwendung: 0x01ccb9c055ee29bb  Pfad der

 fehlerhaften Anwendung: C:\Windows\SysWOW64\notepad.exe  Pfad des fehlerhaften Moduls:

 unknown  Berichtskennung: 9d653d9c-25b3-11e1-a7b7-001921479614

 

Error - 13.12.2011 13:56:12 | Computer Name = User-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: notepad.exe, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bc60f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,

 Zeitstempel: 0x4e211485  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000b9bc  ID des fehlerhaften

 Prozesses: 0x608  Startzeit der fehlerhaften Anwendung: 0x01ccb9c0711e0908  Pfad der

 fehlerhaften Anwendung: C:\Windows\SysWOW64\notepad.exe  Pfad des fehlerhaften Moduls:

 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: bdc462cc-25b3-11e1-a7b7-001921479614

 

Error - 27.12.2011 07:31:31 | Computer Name = User | Source = System Restore | ID = 8204

Description = 

 

[ System Events ]

Error - 09.12.2011 20:37:47 | Computer Name = User-PC | Source = WMPNetworkSvc | ID = 866333

Description = 

 

Error - 12.12.2011 18:54:26 | Computer Name = User-PC | Source = WMPNetworkSvc | ID = 866333

Description = 

 

Error - 12.12.2011 19:25:50 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet

 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden

 in 30000 Millisekunden durchgeführt: Neustart des Diensts.

 

Error - 12.12.2011 19:26:20 | Computer Name = User-PC | Source = Service Control Manager | ID = 7032

Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden

 des Dienstes "Windows Media Player-Netzwerkfreigabedienst" Korrekturmaßnahmen (Neustart

 des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056

 

Error - 12.12.2011 19:28:17 | Computer Name = User-PC | Source = WMPNetworkSvc | ID = 866333

Description = 

 

Error - 12.12.2011 20:35:53 | Computer Name = User-PC | Source = WMPNetworkSvc | ID = 866333

Description = 

 

Error - 23.12.2011 11:17:52 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030

Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver

 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive

 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

 

Error - 23.12.2011 11:17:52 | Computer Name = User-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 LogMeIn Hamachi Tunneling Engine erreicht.
 

Error - 23.12.2011 11:17:52 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 27.12.2011 07:30:58 | Computer Name = User-PC | Source = BugCheck | ID = 1001

Description = 

 

 

< End of report >

--- --- ---

[/code]OTL Logfile:

Code:

OTL logfile created on: 27.12.2011 14:24:28 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Administrator\Downloads

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,62% Memory free

6,00 Gb Paging File | 4,39 Gb Available in Paging File | 73,13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195,21 Gb Total Space | 110,93 Gb Free Space | 56,82% Space Free | Partition Type: NTFS

Drive D: | 270,45 Gb Total Space | 246,30 Gb Free Space | 91,07% Space Free | Partition Type: NTFS

 

Computer Name: User-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.13 23:00:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe

PRC - [2011.12.09 14:41:49 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2011.08.02 21:35:44 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011.08.01 09:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe

PRC - [2011.06.29 13:20:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.15 13:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.05.25 08:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.04.14 17:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.09 14:41:48 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2011.12.09 14:41:46 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL

MOD - [2011.12.09 14:41:45 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll

MOD - [2011.12.09 14:41:45 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll

MOD - [2011.12.09 14:41:45 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll

MOD - [2011.08.31 10:28:22 | 000,077,312 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\pq10rmul.default\extensions\{1ce76c93-a797-4ca2-ab3c-f4a6cfba3440}\components\RadioWMPCoreGecko6.dll

MOD - [2011.08.31 10:28:22 | 000,076,800 | ---- | M] () -- C:\Users\Admionistrator\AppData\Roaming\Mozilla\Firefox\Profiles\pq10rmul.default\extensions\{1ce76c93-a797-4ca2-ab3c-f4a6cfba3440}\components\RadioWMPCoreGecko7.dll

MOD - [2011.08.31 10:28:22 | 000,076,288 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\pq10rmul.default\extensions\{1ce76c93-a797-4ca2-ab3c-f4a6cfba3440}\components\RadioWMPCoreGecko5.dll

MOD - [2011.05.20 21:35:00 | 000,247,400 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2011.05.15 18:50:16 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011.04.14 17:40:02 | 001,874,904 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.12.09 14:41:49 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011.06.29 13:20:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.15 13:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.05.25 08:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.05.11 18:06:00 | 004,330,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.06.29 13:20:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.06.29 13:20:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.05.15 22:43:18 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.09.16 06:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005.01.04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2967869

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 47 A8 25 20 0F CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "GIGA Deutsch Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "GIGA Deutsch Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2967869&SearchSource=13"

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&SearchSource=2&q="

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.11 17:25:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.11 17:25:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.15 18:45:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.27 02:00:22 | 000,000,000 | ---D | M]

 

[2011.05.15 18:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions

[2011.09.25 14:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\pq10rmul.default\extensions

[2011.09.25 14:54:21 | 000,000,000 | ---D | M] (GIGA Deutsch Community Toolbar) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\pq10rmul.default\extensions\{1ce76c93-a797-4ca2-ab3c-f4a6cfba3440}

[2011.08.31 10:28:22 | 000,000,927 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\pq10rmul.default\searchplugins\conduit.xml

[2011.06.06 20:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.06.06 20:47:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

[2011.04.14 17:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (GIGA Deutsch Toolbar) - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (GIGA Deutsch Toolbar) - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43C577BD-E2F9-48AF-9645-F1902658C0E3}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B91E6E76-D539-4219-9BBD-10F0AA3045C8}: DhcpNameServer = 7.254.254.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.27 14:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011.12.27 14:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.12.27 14:17:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8BEE707B-E26C-4E89-B597-F0368FC423F7}

[2011.12.27 12:30:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011.12.26 21:32:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5FB41663-592C-4841-B905-7EC980E58D7C}

[2011.12.26 21:31:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{435EB3E0-3355-44EB-85DF-2D3C03329A40}

[2011.12.26 00:38:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{271ACA9E-40E1-48F9-BB9F-9794D82B427F}

[2011.12.26 00:37:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9C8B1A77-09C7-4785-B13A-D9DC99BB4CB2}

[2011.12.25 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2CCAAFB6-0C05-4B70-AB31-95B14D21EC96}

[2011.12.25 18:43:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{62033B6F-3586-4881-977F-0EF15473CEE4}

[2011.12.25 00:04:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{102E079A-2F52-43F7-805C-A2E324F507B9}

[2011.12.25 00:04:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{386015A7-D5B8-4621-9E81-C8CEC5324801}

[2011.12.24 11:15:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9AFF2E0F-B53F-4334-A293-D8D0F4B554EF}

[2011.12.24 11:15:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{723566C8-8E31-4F70-BC50-6C06EFB1E628}

[2011.12.24 00:15:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc

[2011.12.23 22:32:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{101E5A06-E9B6-4048-85F3-523ED50B82AD}

[2011.12.23 22:32:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A3AB6DCA-F9D2-4B2D-AD53-885E7C55516E}

[2011.12.23 16:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2011.12.23 16:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2011.12.23 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5588714B-5F2F-471D-A9CD-6B65F17D3C41}

[2011.12.23 14:07:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9F504039-AE4F-45F0-A45F-49FCD7830484}

[2011.12.22 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B736C72E-C0C5-4C9F-BA78-1B4FDA1F7117}

[2011.12.22 21:02:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B06AA446-F2A3-4B06-A834-6FA7FC79F3BE}

[2011.12.22 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F73CB30C-2569-4B5D-BBE5-CA578F8A8B09}

[2011.12.22 16:53:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8CC42179-ED88-45AC-A205-4D289F54F4B3}

[2011.12.21 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76E7CCFA-C4A4-4EDB-9AA1-11A0E5A74EFB}

[2011.12.21 18:19:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6445491A-C304-4F59-8362-FA5DB73AE14E}

[2011.12.20 22:55:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{12705A4F-A380-4C87-B86C-295FC0C74D3A}

[2011.12.20 22:55:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{51371CAA-0628-4BB6-B68A-F360CE83C8FC}

[2011.12.20 22:37:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{17E91DD3-A930-4D85-8D50-3BC86C39912E}

[2011.12.20 22:37:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E9F39030-559F-442A-B059-F3807F7C0AE9}

[2011.12.20 15:31:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{6FCE5D73-01F2-4D68-AA95-929C35CE769A}

[2011.12.20 15:31:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5575377F-C9A0-4EB8-97B8-8997203A76A2}

[2011.12.19 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C54604BB-BA53-422D-9830-8DE092E9151A}

[2011.12.19 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{CBC6585B-C670-4B48-9325-31E1EB75C0C4}

[2011.12.18 22:49:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe

[2011.12.18 20:16:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E40808F-7CA0-4B62-880A-8148C8CB2C6D}

[2011.12.18 20:15:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BD7C6EE3-5035-4156-A9F1-ADCA44F31F8E}

[2011.12.18 08:02:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\ICQ

[2011.12.18 07:31:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5B00FBC3-62C5-4798-9B79-137DA58E934A}

[2011.12.18 07:31:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{88515C03-E999-46BE-A59A-A8BF2532CF69}

[2011.12.18 02:24:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{2A2B5E44-709D-4AF6-AFB3-5E4B6EC1D3AE}

[2011.12.18 02:24:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{CB69E11A-2D83-4305-A74A-790F3DA6051A}

[2011.12.17 15:03:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A08B705B-2292-424C-8680-0E0F07E0C9BC}

[2011.12.17 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{11654BA3-F809-409E-8123-EB96D7A1112A}

[2011.12.16 23:28:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7D62F219-6694-4C56-AD18-67FBC3FAD7F0}

[2011.12.16 23:28:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7E5A47DD-FFE2-4F2F-BC6F-92D099159B42}

[2011.12.16 17:26:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{777C8283-AD06-4910-9F3B-47F422BFC441}

[2011.12.16 17:26:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AD023CE0-B4DA-48E4-AE54-72E6A8339850}

[2011.12.15 21:56:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{958BE0E5-4212-4809-BFFD-343717DA726B}

[2011.12.15 21:56:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{99F3616B-DE18-4F6A-8566-02FA95A49850}

[2011.12.14 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7642E44E-9D5E-4284-856D-F00DCC2DDF35}

[2011.12.14 00:18:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011.12.14 00:18:39 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.12.14 00:18:39 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011.12.14 00:18:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.12.14 00:18:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.12.14 00:18:38 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011.12.14 00:18:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011.12.14 00:18:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011.12.14 00:18:38 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.12.14 00:18:38 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.12.14 00:18:38 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.12.14 00:18:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.12.14 00:18:38 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011.12.14 00:18:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011.12.14 00:18:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011.12.14 00:18:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011.12.14 00:18:12 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011.12.14 00:18:12 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2011.12.13 23:01:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2011.12.13 22:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.13 22:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.13 22:59:54 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.13 22:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.12.13 22:51:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{FCD0D5BB-F326-43F0-AF9B-41DACEBED4B7}

[2011.12.13 22:02:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{37264D72-E5FC-44C7-A113-7E886F673C5E}

[2011.12.12 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{FA648917-4191-4EA8-BE9D-F3C2C057430A}

[2011.12.12 21:45:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{04621800-AD60-4FD6-9151-B8F4AFB5FD52}

[2011.12.12 06:04:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{4A834A53-5686-4282-9D45-DDFAFE74D9DE}

[2011.12.12 06:04:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{45506C6B-5693-4F4D-A40E-438CC199E7EF}

[2011.12.11 13:48:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{903715B9-F78D-47F0-8645-7C8A8A87698B}

[2011.12.11 13:48:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{FD00A0B1-6DE9-4027-94F9-6C8EFC2C73F8}

[2011.12.11 01:48:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E10E52F8-712C-4393-86E1-74EF0ADC8754}

[2011.12.11 01:48:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8A375FE3-BFF9-4DE4-BD63-7E1CCCC050D3}

[2011.12.11 00:38:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F54B3026-64E6-4AEB-8A8F-115CAEBC067D}

[2011.12.11 00:38:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{D1F49582-2E54-43BD-9D49-A2C189EF398B}

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.27 14:23:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.27 14:06:47 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.27 14:06:47 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.27 13:59:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.27 13:59:09 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.27 13:58:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat

[2011.12.27 12:30:37 | 455,739,277 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.12.27 00:45:47 | 000,001,149 | ---- | M] () -- C:\Users\Administrator\Desktop\OTL - Verknüpfung.lnk

[2011.12.27 00:44:27 | 000,000,168 | ---- | M] () -- C:\Users\Administrator\defogger_reenable

[2011.12.27 00:43:04 | 000,000,773 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.lnk

[2011.12.20 23:24:57 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.12.20 23:24:57 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.12.20 23:24:57 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.12.20 23:24:57 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.12.20 23:24:57 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.12.14 17:47:19 | 000,425,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.13 22:59:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011.12.27 14:23:19 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.27 12:30:37 | 455,739,277 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.12.27 00:45:47 | 000,001,149 | ---- | C] () -- C:\Users\Administrator\Desktop\OTL - Verknüpfung.lnk

[2011.12.27 00:44:27 | 000,000,168 | ---- | C] () -- C:\Users\Administrator\defogger_reenable

[2011.12.27 00:43:04 | 000,000,773 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.lnk

[2011.12.13 22:59:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.08.06 20:48:06 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011.08.06 20:48:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011.08.06 20:48:04 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.08.06 20:48:04 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011.08.06 20:48:03 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011.07.05 23:54:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2011.06.05 00:54:56 | 000,000,032 | ---- | C] () -- C:\Windows\MineCraft.INI

[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.05.14 14:46:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 
 ========== LOP Check ==========

 

[2011.06.06 20:48:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft

[2011.05.15 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite

[2011.12.27 02:57:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ

[2011.09.11 15:41:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView

[2011.10.30 13:36:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Might & Magic Heroes VI

[2011.05.10 21:14:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera

[2011.12.16 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tunngle

[2011.11.14 22:30:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Hier noch der CC Bericht:

Code:

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        10.05.2011        6,00MB        10.2.159.1

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        14.05.2011        6,00MB        10.3.181.14

Adobe Flash Player 10 Plugin 64-bit        Adobe Systems Incorporated        13.05.2011        6,00MB        10.3.162.28

Adobe Reader X (10.1.0) - Deutsch        Adobe Systems Incorporated        26.06.2011        165,4MB        10.1.0

Avira AntiVir Personal - Free Antivirus        Avira GmbH        16.10.2011        70,6MB        10.2.0.704

CCleaner        Piriform        26.12.2011                3.14

Counter-Strike: Condition Zero        Valve        25.07.2011                

Counter-Strike: Source        Valve        22.05.2011        501MB        1.0.0.0

DAEMON Tools Lite        DT Soft Ltd        14.05.2011                4.40.2.0131

DivX-Setup        DivX, LLC        10.06.2011                2.5.0.11

Flyff        Gala Networks Europe Limited        17.06.2011                Flyff

Flyff        Gala-Net        18.06.2011                Flyff

Forsaken World                27.12.2011                

FUSSBALL MANAGER 11        Electronic Arts        08.07.2011                1.0.0.3

GIGA Deutsch Toolbar        GIGA Deutsch        24.09.2011                6.7.0.6

ICQ7.5        ICQ        10.05.2011                7.5

IrfanView (remove only)        Irfan Skiljan        10.09.2011        1,50MB        4.30

IsoBuster 2.8.5        Smart Projects        20.10.2011        10,7MB        2.8.5

Java(TM) 6 Update 25        Oracle        05.06.2011        94,7MB        6.0.250

JDownloader 0.9        AppWork GmbH        11.07.2011                0.9

K-Lite Mega Codec Pack 7.5.0                05.08.2011        48,2MB        7.5.0

LastChaosGER        Barunsongames CO., LTD.        10.05.2011                1.00.000

LogMeIn Hamachi        LogMeIn, Inc.        22.12.2011                2.1.0.124

Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        12.12.2011        13,8MB        1.51.2.1300

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        10.05.2011        38,8MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        10.05.2011        2,94MB        4.0.30319

Microsoft Office Professional 2007        Microsoft Corporation        15.05.2011                12.0.6425.1000

Microsoft Silverlight        Microsoft Corporation        13.10.2011        80,3MB        4.0.60831.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        12.06.2011        1,42MB        9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        10.05.2011        0,23MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        10.05.2011        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,59MB        9.0.30729.6161

Might & Magic Heroes VI        Ubisoft        20.10.2011                1.1.1

Mozilla Firefox 4.0.1 (x86 de)        Mozilla        14.05.2011        29,8MB        4.0.1

Need For Speed™ World        Electronic Arts        03.07.2011        18,8MB        1.0.0.482

NVIDIA 3D Vision Controller-Treiber 275.33        NVIDIA Corporation        02.06.2011                275.33

NVIDIA 3D Vision Treiber 275.33        NVIDIA Corporation        02.06.2011                275.33

NVIDIA Grafiktreiber 275.33        NVIDIA Corporation        02.06.2011                275.33

NVIDIA PhysX-Systemsoftware 9.10.0514        NVIDIA Corporation        02.06.2011                9.10.0514

NVIDIA Update 1.3.5        NVIDIA Corporation        02.06.2011                1.3.5

Opera 11.11        Opera Software ASA        18.05.2011                11.11.2109

Pando Media Booster        Pando Networks Inc.        10.05.2011        5,47MB        2.3.5.6

Pokemon Online 1.0.30 Patch 1        Dreambelievers        29.10.2011        47,2MB        

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        10.06.2011                6.0.1.5888

Skype Toolbars        Skype Technologies S.A.        06.07.2011        5,84MB        5.3.7555

Skype™ 5.3        Skype Technologies S.A.        06.07.2011        16,6MB        5.3.120

Steam(TM)        Valve        22.05.2011        16,6MB        1.0.0.0

Stronghold Crusader Extreme        Firefly Studios        05.07.2011                1.20.0000

Stronghold Kingdoms        Firefly Studios        12.06.2011        123,4MB        

TeamSpeak 3 Client        TeamSpeak Systems GmbH        10.05.2011                

Tunngle beta        Tunngle.net GmbH        05.07.2011                

Ubisoft Game Launcher        UBISOFT        20.10.2011                1.0.0.0

VLC media player 1.1.11        VideoLAN        06.08.2011                1.1.11

Windows Live Essentials        Microsoft Corporation        15.05.2011                15.4.3508.1109

WinRAR 4.00 (64-Bit)        win.rar GmbH        10.05.2011                4.00.0

Wizard101(DE)        Gameforge 4D GmbH        22.10.2011        9,24MB        

XAMPP 1.7.4                03.07.2011                

yo3_de        Konami Digital Entertainment        22.07.2011        779MB        1.00.3000

Ich habe zum Zeitpunkt der Infektion noch meine Externe Festplatte angeschlossen gehabt.
Wie kann ich sicherstellen, dass sich auf dieser keine infizierten Dateien befinden?

Gruß,

Hallo Kira,

entschuldigung für die etwas verspätete Antwort, allerdings hatte ich früher keine Zeit deine Anweisungen zu befolgen.

1. Der OTL Log:

Code:

All processes killed

Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2967869> in the current context!

Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp> in the current context!

Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)> in the current context!

Error: Unable to interpret <FF - prefs.js..browser.search.defaultthis.engineName: "GIGA Deutsch Customized Web Search"> in the current context!

Error: Unable to interpret <FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&SearchSource=3&q={searchTerms}"> in the current context!

Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "GIGA Deutsch Customized Web Search"> in the current context!

Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2967869&SearchSource=13"> in the current context!

Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&SearchSource=2&q="> in the current context!

Error: Unable to interpret <[2011.08.31 10:28:22 | 000,000,927 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\pq10rmul.default\searchplugins\conduit.xml> in the current context!

Error: Unable to interpret <[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml> in the current context!

Error: Unable to interpret <[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!

Error: Unable to interpret <O2 - BHO: (GIGA Deutsch Toolbar) - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)> in the current context!

Error: Unable to interpret <O3 - HKLM\..\Toolbar: (GIGA Deutsch Toolbar) - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)> in the current context!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Normal User

->Temp folder emptied: 2343230534 bytes

->Temporary Internet Files folder emptied: 103569587 bytes

->Java cache emptied: 1056898 bytes

->FireFox cache emptied: 877508012 bytes

->Opera cache emptied: 13096232 bytes

->Flash cache emptied: 51036 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Administrator

->Temp folder emptied: 92547218 bytes

->Temporary Internet Files folder emptied: 60620036 bytes

->Java cache emptied: 858071 bytes

->FireFox cache emptied: 308874649 bytes

->Opera cache emptied: 19695692 bytes

->Flash cache emptied: 28967 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 122343687 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 736 bytes

RecycleBin emptied: 1238 bytes

 

Total Files Cleaned = 3.761,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 12302011_001747
 

Files\Folders moved on Reboot...

C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

2. Java habe ich aktualisiert.

3. ist auch abgeschlossen.

4. Super Anti Spyweare

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 12/30/2011 at 01:23 AM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8090

Trace Rules Database Version: 5902
 

Scan type       : Complete Scan

Total Scan Time : 00:35:27
 

Operating System Information

Windows 7 Ultimate 64-bit (Build 6.01.7600)

UAC On - Limited User
 

Memory items scanned      : 553

Memory threats detected   : 0

Registry items scanned    : 75337

Registry threats detected : 0

File items scanned        : 63412

File threats detected     : 83
 

Adware.Tracking Cookie

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\E2RO75TY.txt [ Cookie:User@apmebf.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\User@zbox.zanox[1].txt [ Cookie:User@zbox.zanox.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\3UE89P34.txt [ Cookie:User@www.zanox-affiliate.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\IES75ERW.txt [ Cookie:User@ad.dyntracker.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\OQSE684L.txt [ Cookie:User@eyewonder.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\User@ad4.adfarm1.adition[2].txt [ Cookie:User@ad4.adfarm1.adition.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\3LU8BHMK.txt [ Cookie:User@ad2.adfarm1.adition.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\User@ad.adnet[1].txt [ Cookie:User@ad.adnet.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\6NNUBN85.txt [ Cookie:User@serving-sys.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\SGANZ00H.txt [ Cookie:User@fastclick.net/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\FBILE6ZC.txt [ Cookie:User@doubleclick.net/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\DA0RBCKI.txt [ Cookie:User@ad.yieldmanager.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\6JL29PNL.txt [ Cookie:User@ad3.adfarm1.adition.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\PP1KRDQD.txt [ Cookie:User@c.atdmt.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\663K179I.txt [ Cookie:User@bs.serving-sys.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\8J7OJBW6.txt [ Cookie:User@smartadserver.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\U4OGC1OG.txt [ Cookie:User@zanox.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\YDGXNKC2.txt [ Cookie:User@content.yieldmanager.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\J90BCENK.txt [ Cookie:User@imrworldwide.com/cgi-bin ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\6N2XTN0U.txt [ Cookie:User@adserv.kwick.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\7ARSZEH8.txt [ Cookie:User@tracking.mindshare.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\ASGLISVL.txt [ Cookie:User@invitemedia.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\L4CDN4MO.txt [ Cookie:User@ad.adition.net/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\1DYYC7C2.txt [ Cookie:User@tradedoubler.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\User@adtech[1].txt [ Cookie:User@adtech.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\135PMVUR.txt [ Cookie:User@mediaplex.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\OX4SVMMX.txt [ Cookie:User@doubleclick.net/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\VTHBYM9T.txt [ Cookie:User@revsci.net/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\User@adx.chip[2].txt [ Cookie:User@adx.chip.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\SK9F62NZ.txt [ Cookie:User@ad.zanox.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\User@apmebf[1].txt [ Cookie:User@apmebf.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\User@naked[1].txt [ Cookie:User@naked.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\51J73JP5.txt [ Cookie:User@ad1.adfarm1.adition.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\8QX8178G.txt [ Cookie:User@ad2.adfarm1.adition.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\User@2o7[1].txt [ Cookie:User@2o7.net/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\UH9OC0YG.txt [ Cookie:User@serving-sys.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\0S293K1Z.txt [ Cookie:User@doubleclick.net/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\User@ad.yieldmanager[2].txt [ Cookie:User@ad.yieldmanager.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\AJP00N7I.txt [ Cookie:User@www.googleadservices.com/pagead/conversion/1067337496/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\FMRS2M7Z.txt [ Cookie:User@eas.apm.emediate.eu/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\95ZOL441.txt [ Cookie:User@bs.serving-sys.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\JO3GGTUP.txt [ Cookie:User@zanox.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\User@content.yieldmanager[1].txt [ Cookie:User@content.yieldmanager.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\1N8YH111.txt [ Cookie:User@imrworldwide.com/cgi-bin ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\5OCM3TGZ.txt [ Cookie:User@www.etracker.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\IX7JIGC3.txt [ Cookie:User@traffictrack.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\S0MMGI1S.txt [ Cookie:User@tradedoubler.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\User@ads.zeusclicks[1].txt [ Cookie:User@ads.zeusclicks.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\3Z9WNJAX.txt [ Cookie:User@tto2.traffictrack.de/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\F94DWGID.txt [ Cookie:User@mediaplex.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\User@adnetxchange[2].txt [ Cookie:User@adnetxchange.com/ ]

        C:\USERS\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\61MD9K50.txt [ Cookie:User@ad.zanox.com/ ]

        C:\USERS\User\Cookies\E2RO75TY.txt [ Cookie:User@apmebf.com/ ]

        C:\USERS\User\Cookies\User@zbox.zanox[1].txt [ Cookie:User@zbox.zanox.com/ ]

        C:\USERS\User\Cookies\3UE89P34.txt [ Cookie:User@www.zanox-affiliate.de/ ]

        C:\USERS\User\Cookies\IES75ERW.txt [ Cookie:User@ad.dyntracker.de/ ]

        C:\USERS\User\Cookies\OQSE684L.txt [ Cookie:User@eyewonder.com/ ]

        C:\USERS\User\Cookies\User@ad4.adfarm1.adition[2].txt [ Cookie:User@ad4.adfarm1.adition.com/ ]

        C:\USERS\User\Cookies\3LU8BHMK.txt [ Cookie:User@ad2.adfarm1.adition.com/ ]

        C:\USERS\User\Cookies\User@ad.adnet[1].txt [ Cookie:User@ad.adnet.de/ ]

        C:\USERS\User\Cookies\6NNUBN85.txt [ Cookie:User@serving-sys.com/ ]

        C:\USERS\User\Cookies\SGANZ00H.txt [ Cookie:User@fastclick.net/ ]

        C:\USERS\User\Cookies\FBILE6ZC.txt [ Cookie:User@doubleclick.net/ ]

        C:\USERS\User\Cookies\DA0RBCKI.txt [ Cookie:User@ad.yieldmanager.com/ ]

        C:\USERS\User\Cookies\6JL29PNL.txt [ Cookie:User@ad3.adfarm1.adition.com/ ]

        C:\USERS\User\Cookies\PP1KRDQD.txt [ Cookie:User@c.atdmt.com/ ]

        C:\USERS\User\Cookies\663K179I.txt [ Cookie:User@bs.serving-sys.com/ ]

        C:\USERS\User\Cookies\8J7OJBW6.txt [ Cookie:User@smartadserver.com/ ]

        C:\USERS\User\Cookies\U4OGC1OG.txt [ Cookie:User@zanox.com/ ]

        C:\USERS\User\Cookies\YDGXNKC2.txt [ Cookie:User@content.yieldmanager.com/ ]

        C:\USERS\User\Cookies\J90BCENK.txt [ Cookie:User@imrworldwide.com/cgi-bin ]

        C:\USERS\User\Cookies\6N2XTN0U.txt [ Cookie:User@adserv.kwick.de/ ]

        C:\USERS\User\Cookies\7ARSZEH8.txt [ Cookie:User@tracking.mindshare.de/ ]

        C:\USERS\User\Cookies\ASGLISVL.txt [ Cookie:User@invitemedia.com/ ]

        C:\USERS\User\Cookies\L4CDN4MO.txt [ Cookie:User@ad.adition.net/ ]

        C:\USERS\User\Cookies\1DYYC7C2.txt [ Cookie:User@tradedoubler.com/ ]

        C:\USERS\User\Cookies\User@adtech[1].txt [ Cookie:User@adtech.de/ ]

        C:\USERS\User\Cookies\135PMVUR.txt [ Cookie:User@mediaplex.com/ ]

        C:\USERS\User\Cookies\OX4SVMMX.txt [ Cookie:User@doubleclick.net/ ]

        C:\USERS\User\Cookies\VTHBYM9T.txt [ Cookie:User@revsci.net/ ]

        C:\USERS\User\Cookies\User@adx.chip[2].txt [ Cookie:User@adx.chip.de/ ]

        C:\USERS\User\Cookies\SK9F62NZ.txt [ Cookie:User@ad.zanox.com/ ]
 

Trojan.Agent/Gen-SoftonicDownloader

        C:\$RECYCLE.BIN\S-1-5-21-1094067387-2297994123-2545568485-1003\$R6ZYL4V.EXE

5. sowie 6. ebenfalls durchgeführt.

7. Der Log:

Code:

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software

Run date: 2011-12-30 15:45:55

-----------------------------

15:45:55.801    OS Version: Windows x64 6.1.7600 

15:45:55.801    Number of processors: 4 586 0x1707

15:45:55.802    ComputerName: User-PC  UserName: 

15:46:01.774    Initialize success

15:46:29.478    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

15:46:29.480    Disk 0 Vendor: WDC_WD5000AAJS-00YFA0 12.01C02 Size: 476940MB BusType: 3

15:46:29.513    Disk 0 MBR read successfully

15:46:29.513    Disk 0 MBR scan

15:46:29.515    Disk 0 Windows 7 default MBR code

15:46:29.533    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

15:46:29.560    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       199900 MB offset 206848

15:46:29.588    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       276938 MB offset 409602048

15:46:29.593    Service scanning

15:46:31.100    Modules scanning

15:46:31.103    Disk 0 trace - called modules:

15:46:31.115    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 

15:46:31.118    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003500060]

15:46:31.123    3 CLASSPNP.SYS[fffff8800192143f] -> nt!IofCallDriver -> [0xfffffa80032ac520]

15:46:31.128    5 ACPI.sys[fffff88000f3b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80032a9060]

15:46:31.133    Scan finished successfully

15:46:44.402    Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"

15:46:44.407    The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

Ist mein System jetzt wieder sauber?

Was kann ich in Zukunft machen, um mein System besser zu schützen?

-Welcher Browser?
-Welches Antivierenprogramm?
-Sollte ich CC Cleaner und Super Anti Spyware in Zukunft weiter nutzen?

Vielen Dank und einen guten Rutsch ins Neue Jahr wünsche ich dir.

Gruß,