Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AKM Trojaner 50 Euro (https://www.trojaner-board.de/111373-akm-trojaner-50-euro.html)

pablo-jill 13.03.2012 09:56
AKM Trojaner 50 Euro
 
Hallo! Ich hoffe, es kann mir wer helfen. Ich bin wie in anderen posts in diesem Forum geschildert auch vom AKM Trojaner befallen worden (Weißer Bildschirm verlangt die Zahlung von 50 Euro). Den Anweisungen in den anderen posts folgend habe ich einen Scan mit OTLPE gemacht. Bitte dringend um Hilfe!

Chris4You 13.03.2012 10:49
Hi,

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Innerhofer_ON_H\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\Innerhofer_ON_H\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\Innerhofer_ON_H..\Run: [K3aRyluP6SiCkoR] H:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe (SearchHelp, Inc)
O4 - HKLM..\Run: [K3aRyluP6SiCkoR] H:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe (SearchHelp, Inc)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Innerhofer_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Innerhofer_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Innerhofer_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe) - H:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe (SearchHelp, Inc)
O20 - HKLM Winlogon: UserInit - (C:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe) - H:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe (SearchHelp, Inc)
O20 - HKU\Innerhofer_ON_H Winlogon: Shell - (C:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe) - H:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe (SearchHelp, Inc)
O20 - HKU\Innerhofer_ON_H Winlogon: UserInit - (C:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe) - H:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe (SearchHelp, Inc)
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{572c13f8-9716-11e0-aa2f-00262d47605f}\Shell - "" = AutoRun
O33 - MountPoints2\{572c13f8-9716-11e0-aa2f-00262d47605f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5732a793-a7dc-11e0-beca-00262d47605f}\Shell - "" = AutoRun
O33 - MountPoints2\{5732a793-a7dc-11e0-beca-00262d47605f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{91997672-9006-11e0-be37-00262d47605f}\Shell - "" = AutoRun
O33 - MountPoints2\{91997672-9006-11e0-be37-00262d47605f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c33a9213-8b9e-11e0-b7f5-00262d47605f}\Shell - "" = AutoRun
O33 - MountPoints2\{c33a9213-8b9e-11e0-b7f5-00262d47605f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c33a9220-8b9e-11e0-b7f5-00262d47605f}\Shell - "" = AutoRun
O33 - MountPoints2\{c33a9220-8b9e-11e0-b7f5-00262d47605f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f79220d7-9010-11e0-b026-8fe5a369199b}\Shell - "" = AutoRun
O33 - MountPoints2\{f79220d7-9010-11e0-b026-8fe5a369199b}\Shell\AutoRun\command - "" = G:\AutoRun.exe

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

TDSS-Killer
Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

markusg 13.03.2012 10:51
edit.........

Chris4You 13.03.2012 10:54
@Markus: Erster :zunge:
chris

markusg 13.03.2012 10:55
ich gebe mich ja schon geschlagen hehe

pablo-jill 13.03.2012 12:19
Hallo Chris!

Vielen Dank für die schnelle und professionelle Hilfe, es war eine große Erleichterung, als Windows wieder gestartet ist!

Ich habe die logs in der zip-Datei zusammengefasst. Da anstatt dem fix log die Meldung "the filename, directory name, or volume label syntax is incorrect" kam, habe ich den gesamten OTL-Ordner miteingepackt.

Chris4You 13.03.2012 14:04
Hi,

poste bitte noch das Log von MAM und TDSS...

chris

pablo-jill 13.03.2012 14:20
Hier das Log von MAM und TDSS:

Chris4You 13.03.2012 14:49
Hi,

sieht beides gut aus, noch den MBR prüfen:

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

Poste abschließend noch mal ein neues OTL-Log (mit Extras)...

chris

Chris4You 13.03.2012 15:13
Hi,

bitte lade den TDSS-Killer neu runter und poste noch mal ein Log...
Warum hast Du ihn schon mal laufen lassenß

chris

pablo-jill 13.03.2012 15:22
Der MBR-Check:

Code:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Home Premium Edition
Windows Information:                Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:        eMachines
BIOS Manufacturer:                American Megatrends, Inc.
System Manufacturer:                eMachines
System Product Name:                EL1352
Logical Drives Mask:                0x0000007c

Kernel Drivers (total 190):
  0x02E58000 \SystemRoot\system32\ntoskrnl.exe
  0x02E0F000 \SystemRoot\system32\hal.dll
  0x00BA8000 \SystemRoot\system32\kdcom.dll
  0x00CEF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00CFC000 \SystemRoot\system32\PSHED.dll
  0x00D10000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00E9A000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F3E000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F4D000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FA4000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FAD000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00FB7000 \SystemRoot\system32\drivers\pci.sys
  0x00FEA000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E86000 \SystemRoot\system32\drivers\pciide.sys
  0x00CC0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00CD0000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00E8D000 \SystemRoot\system32\drivers\atapi.sys
  0x00D6E000 \SystemRoot\system32\drivers\ataport.SYS
  0x00D98000 \SystemRoot\system32\DRIVERS\nvstor64.sys
  0x01094000 \SystemRoot\system32\DRIVERS\storport.sys
  0x010F7000 \SystemRoot\system32\drivers\amdxata.sys
  0x01102000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0114E000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0121D000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01162000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013C0000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01000000 \SystemRoot\System32\Drivers\cng.sys
  0x013DB000 \SystemRoot\System32\drivers\pcw.sys
  0x013EC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x014FF000 \SystemRoot\system32\drivers\ndis.sys
  0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x016F0000 \SystemRoot\System32\drivers\tcpip.sys
  0x018F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0193E000 \SystemRoot\system32\drivers\volsnap.sys
  0x0198A000 \SystemRoot\System32\Drivers\spldr.sys
  0x01992000 \SystemRoot\System32\drivers\rdyboost.sys
  0x019CC000 \SystemRoot\System32\Drivers\mup.sys
  0x019DE000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x0148B000 \SystemRoot\system32\drivers\cdrom.sys
  0x019E7000 \SystemRoot\System32\Drivers\Null.SYS
  0x019F0000 \SystemRoot\System32\Drivers\Beep.SYS
  0x014B5000 \SystemRoot\System32\drivers\vga.sys
  0x014C3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x014E8000 \SystemRoot\System32\drivers\watchdog.sys
  0x019F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x015F2000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x013F6000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01200000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x0120B000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01072000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x011C0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03EAF000 \SystemRoot\system32\drivers\afd.sys
  0x03F38000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03F7D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03F86000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03FAC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03FC2000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03FD1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03FEC000 \SystemRoot\system32\drivers\termdd.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03E51000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03E5D000 \SystemRoot\system32\drivers\mssmbios.sys
  0x03E68000 \SystemRoot\System32\drivers\discache.sys
  0x03E77000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03E95000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x011CD000 \SystemRoot\system32\DRIVERS\avkmgr.sys
  0x011D7000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x00DD7000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x0403C000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x04051000 \SystemRoot\system32\drivers\i8042prt.sys
  0x0406F000 \SystemRoot\system32\drivers\kbdclass.sys
  0x0407E000 \SystemRoot\system32\drivers\mouclass.sys
  0x0408D000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x04098000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x040EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x040FF000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x04123000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
  0x0F0B5000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x0FDCC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x04249000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x0433D000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04383000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x0438C000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x0439C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x043B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x043D6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04200000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x043E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0FDCE000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x0422F000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x043FD000 \SystemRoot\system32\drivers\swenum.sys
  0x0F000000 \SystemRoot\system32\drivers\ks.sys
  0x0F043000 \SystemRoot\system32\drivers\umbus.sys
  0x0F055000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x04175000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x04859000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x04A82000 \SystemRoot\system32\drivers\portcls.sys
  0x04ABF000 \SystemRoot\system32\drivers\drmk.sys
  0x04AE1000 \SystemRoot\system32\drivers\ksthunk.sys
  0x000B0000 \SystemRoot\System32\win32k.sys
  0x04AE7000 \SystemRoot\System32\drivers\Dxapi.sys
  0x04AF3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x04B10000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x04B12000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x04B40000 \SystemRoot\system32\drivers\usbaudio.sys
  0x04B5B000 \SystemRoot\system32\drivers\hidusb.sys
  0x04B69000 \SystemRoot\system32\drivers\HIDCLASS.SYS
  0x04B82000 \SystemRoot\system32\drivers\HIDPARSE.SYS
  0x04B8B000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x04B98000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x04BA9000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x04BC6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00560000 \SystemRoot\System32\TSDDD.dll
  0x04BD4000 \SystemRoot\system32\drivers\USBSTOR.SYS
  0x00760000 \SystemRoot\System32\cdd.dll
  0x04BEF000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x04800000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x0480A000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
  0x0418A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x026C5000 \SystemRoot\system32\DRIVERS\RTL8192cu.sys
  0x027D7000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x02600000 \SystemRoot\system32\drivers\luafv.sys
  0x02623000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x02643000 \SystemRoot\system32\drivers\WudfPf.sys
  0x02664000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x0419D000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x02679000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x0268C000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x04C4E000 \SystemRoot\system32\drivers\HTTP.sys
  0x04D17000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x04D4D000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x04D6B000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x04D83000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x04DB0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x04C00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x05219000 \SystemRoot\system32\drivers\peauth.sys
  0x052BF000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x052CA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x052FB000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x0530D000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0586E000 \SystemRoot\System32\DRIVERS\srv.sys
  0x05906000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x76EE0000 \Windows\System32\ntdll.dll
  0x47FD0000 \Windows\System32\smss.exe
  0xFF200000 \Windows\System32\apisetschema.dll
  0xFF510000 \Windows\System32\autochk.exe
  0xFF1D0000 \Windows\System32\sechost.dll
  0xFF0F0000 \Windows\System32\oleaut32.dll
  0xFF0D0000 \Windows\System32\imagehlp.dll
  0xFF0A0000 \Windows\System32\imm32.dll
  0xFF000000 \Windows\System32\msvcrt.dll
  0xFEF90000 \Windows\System32\gdi32.dll
  0xFEDB0000 \Windows\System32\setupapi.dll
  0xFECA0000 \Windows\System32\msctf.dll
  0xFEC20000 \Windows\System32\difxapi.dll
  0x76CD0000 \Windows\System32\iertutil.dll
  0xFEBC0000 \Windows\System32\Wldap32.dll
  0x76BD0000 \Windows\System32\user32.dll
  0xFEBB0000 \Windows\System32\lpk.dll
  0xFEB10000 \Windows\System32\clbcatq.dll
  0xFE900000 \Windows\System32\ole32.dll
  0xFE860000 \Windows\System32\comdlg32.dll
  0x76AB0000 \Windows\System32\kernel32.dll
  0x76950000 \Windows\System32\wininet.dll
  0xFE7E0000 \Windows\System32\shlwapi.dll
  0xFDA50000 \Windows\System32\shell32.dll
  0x76800000 \Windows\System32\urlmon.dll
  0x770B0000 \Windows\System32\normaliz.dll
  0x770A0000 \Windows\System32\psapi.dll
  0xFDA40000 \Windows\System32\nsi.dll
  0xFD960000 \Windows\System32\advapi32.dll
  0xFD890000 \Windows\System32\usp10.dll
  0xFD840000 \Windows\System32\ws2_32.dll
  0xFD710000 \Windows\System32\rpcrt4.dll
  0xFD5A0000 \Windows\System32\crypt32.dll
  0xFD560000 \Windows\System32\wintrust.dll
  0xFD4F0000 \Windows\System32\KernelBase.dll
  0xFD4B0000 \Windows\System32\cfgmgr32.dll
  0xFD410000 \Windows\System32\comctl32.dll
  0xFD3F0000 \Windows\System32\devobj.dll
  0xFD3E0000 \Windows\System32\msasn1.dll
  0x750B0000 \Windows\SysWOW64\normaliz.dll

Processes (total 61):
      0 System Idle Process
      4 System
    260 C:\Windows\System32\smss.exe
    388 csrss.exe
    456 csrss.exe
    464 C:\Windows\System32\wininit.exe
    512 C:\Windows\System32\winlogon.exe
    560 C:\Windows\System32\services.exe
    568 C:\Windows\System32\lsass.exe
    576 C:\Windows\System32\lsm.exe
    676 C:\Windows\System32\svchost.exe
    744 C:\Windows\System32\nvvsvc.exe
    784 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\svchost.exe
    396 C:\Windows\System32\svchost.exe
    768 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\nvvsvc.exe
    1180 C:\Windows\System32\spoolsv.exe
    1228 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1320 C:\Windows\System32\taskhost.exe
    1388 C:\Windows\System32\dwm.exe
    1416 C:\Windows\explorer.exe
    1520 C:\Windows\System32\svchost.exe
    1672 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1692 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1732 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    1812 C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
    1864 C:\Windows\System32\svchost.exe
    1900 C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    1968 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    1384 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    2052 C:\Windows\System32\conhost.exe
    2184 WUDFHost.exe
    2192 C:\Windows\System32\rundll32.exe
    2672 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2704 C:\Users\Innerhofer\AppData\Roaming\tele.ring Verbindungsmanager\ouc.exe
    2724 C:\Program Files (x86)\Skype\Phone\Skype.exe
    2768 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    2788 C:\Program Files (x86)\Steam\Steam.exe
    2844 C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    2852 C:\Program Files (x86)\tele.ring Verbindungsmanager\DataCardMonitor.exe
    2868 C:\Users\Innerhofer\AppData\Roaming\Dropbox\bin\Dropbox.exe
    2880 C:\Program Files (x86)\Winamp\winampa.exe
    2892 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2908 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    2608 C:\Windows\System32\SearchIndexer.exe
    3196 C:\Windows\System32\svchost.exe
    3448 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3696 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    3752 C:\Windows\System32\svchost.exe
    3172 C:\Windows\System32\svchost.exe
    1612 C:\PROGRA~2\MICROS~3\OFFICE11\WINWORD.EXE
    1160 C:\Windows\splwow64.exe
    2808 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2984 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    1876 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    4872 C:\Users\Innerhofer\Downloads\MBRCheck.exe
    4280 C:\Windows\System32\conhost.exe
    4600 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`06500000  (NTFS)

PhysicalDrive0 Model Number: HitachiHDS721050CLA, Rev: JP2O

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
und die OTL-log:

OTL Logfile:
Code:
OTL logfile created on: 13.03.2012 15:12:04 - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = D:\PROGRAMS\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 255,74 Gb Free Space | 56,37% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,63 Gb Total Space | 4,32 Gb Free Space | 29,52% Space Free | Partition Type: FAT32
 
Computer Name: PC-OTK | User Name: Innerhofer
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.02 13:08:55 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.04.04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.08.10 15:01:06 | 000,206,880 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 15:01:04 | 000,626,208 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://emachines.msn.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1003362008-250663990-163593031-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
IE - HKU\S-1-5-21-1003362008-250663990-163593031-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://emachines.msn.com
IE - HKU\S-1-5-21-1003362008-250663990-163593031-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.21 07:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.12 07:56:22 | 000,000,000 | ---D | M]
 
[2011.05.31 17:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Innerhofer\AppData\Roaming\mozilla\Extensions
[2012.03.11 17:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Innerhofer\AppData\Roaming\mozilla\Firefox\Profiles\xpzmcmev.default\extensions
[2012.03.11 17:32:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Innerhofer\AppData\Roaming\mozilla\Firefox\Profiles\xpzmcmev.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.14 04:50:52 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Innerhofer\AppData\Roaming\mozilla\Firefox\Profiles\xpzmcmev.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.06.28 15:25:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Innerhofer\AppData\Roaming\mozilla\Firefox\Profiles\xpzmcmev.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.10.08 07:19:13 | 000,000,000 | ---D | M] (Dictionnaire français «Classique &amp;amp; Réforme 1990») -- C:\Users\Innerhofer\AppData\Roaming\mozilla\Firefox\Profiles\xpzmcmev.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org
[2011.11.24 08:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.15 08:58:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2012.02.21 07:42:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.06.21 18:48:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.21 07:42:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.21 07:42:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.21 07:42:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.21 07:42:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.21 07:42:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.21 07:42:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\tele.ring Verbindungsmanager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1003362008-250663990-163593031-1000..\Run: [HW_OPENEYE_OUC_tele.ring Verbindungsmanager] C:\Program Files (x86)\tele.ring Verbindungsmanager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-1003362008-250663990-163593031-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1003362008-250663990-163593031-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-21-1003362008-250663990-163593031-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Innerhofer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Innerhofer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 16:03:14 | 000,000,000 | ---D | C] -- C:\TDSS
[2012.03.13 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Innerhofer\AppData\Roaming\Malwarebytes
[2012.03.13 15:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.13 15:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.13 15:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.13 00:44:05 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.03.13 00:38:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.06 17:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD
[2012.03.06 17:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XviD
[2012.03.06 17:03:46 | 000,000,000 | ---D | C] -- C:\Users\Innerhofer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012.03.06 17:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012.03.06 17:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012.03.06 17:03:19 | 000,000,000 | ---D | C] -- C:\Users\Innerhofer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
[2012.03.06 17:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
[2012.03.06 17:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2012.03.06 17:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK
[2012.03.06 17:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoGK
[2012.03.02 12:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.03.02 12:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.03.02 12:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012.02.21 12:33:04 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012.02.21 12:33:04 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.21 12:33:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.21 12:33:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012.02.21 12:33:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.21 12:33:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.21 12:33:04 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.02.21 12:33:04 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.02.21 12:33:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2012.02.21 12:33:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.02.21 12:33:04 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.02.21 12:33:04 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.02.21 12:33:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.02.21 12:33:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.02.21 12:33:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.02.21 12:33:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.02.21 12:33:04 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.02.21 12:33:04 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.02.21 12:33:04 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.02.21 12:33:04 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.02.21 12:33:04 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.02.21 12:33:04 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.02.21 12:33:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.02.21 12:33:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.02.21 12:33:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.02.21 12:33:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.02.21 12:33:03 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.02.21 12:33:03 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.02.21 12:33:03 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.21 12:33:03 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.21 12:33:03 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2012.02.21 12:33:03 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.02.21 12:33:03 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.02.21 12:33:03 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.02.21 12:33:03 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2012.02.21 12:33:03 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.02.21 12:33:03 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.02.21 12:33:03 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2012.02.21 12:33:03 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.02.21 12:33:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.21 12:33:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.21 12:33:03 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.02.21 12:33:03 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.02.21 12:33:03 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2012.02.21 12:33:03 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.02.21 12:33:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.02.21 12:33:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.02.21 12:33:03 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.02.21 12:33:03 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.02.21 12:33:03 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.02.21 12:33:03 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.02.21 12:33:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.02.21 12:33:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.02.21 12:33:03 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.02.21 12:33:03 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2012.02.21 12:33:03 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.02.21 12:33:03 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.02.21 12:33:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.02.21 12:33:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.02.21 12:33:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.02.21 12:33:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.02.21 12:33:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.02.21 12:33:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.02.21 12:33:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.21 12:33:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012.02.21 12:33:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.02.21 12:33:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2012.02.21 12:33:03 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.02.21 12:33:03 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2012.02.21 12:33:03 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.02.21 12:33:03 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.02.21 12:33:03 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2012.02.21 12:33:03 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.02.21 12:33:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.02.21 12:33:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.02.21 12:33:03 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.02.21 12:33:03 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.02.21 12:33:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2012.02.21 11:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.02.21 11:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.02.21 11:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.02.21 11:04:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.02.20 11:45:14 | 000,000,000 | ---D | C] -- C:\Users\Innerhofer\AppData\Roaming\Mobipocket
[2012.02.15 07:54:38 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.15 07:54:38 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.02.15 07:54:29 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
[2012.02.15 07:54:20 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 16:25:40 | 3019,399,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.13 15:09:36 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.13 15:09:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.13 15:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 14:56:49 | 000,000,584 | ---- | M] () -- C:\Users\Innerhofer\AppData\Roaming\AutoGK.ini
[2012.03.06 17:04:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK
[2012.03.06 17:04:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD
[2012.03.06 17:03:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012.03.06 17:03:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
[2012.03.02 12:34:04 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.03.02 12:34:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.03.01 08:13:19 | 000,001,018 | ---- | M] () -- C:\Users\Innerhofer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.26 08:19:39 | 383,850,834 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.21 15:11:02 | 000,001,442 | ---- | M] () -- C:\Users\Innerhofer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.02.21 12:33:04 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012.02.21 12:33:04 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.21 12:33:04 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.21 12:33:04 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012.02.21 12:33:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.21 12:33:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.21 12:33:04 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.02.21 12:33:04 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.02.21 12:33:04 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2012.02.21 12:33:04 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.02.21 12:33:04 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.02.21 12:33:04 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.02.21 12:33:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.02.21 12:33:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.02.21 12:33:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.02.21 12:33:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.02.21 12:33:04 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.02.21 12:33:04 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.02.21 12:33:04 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.02.21 12:33:04 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.02.21 12:33:04 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.02.21 12:33:04 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.02.21 12:33:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.02.21 12:33:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.02.21 12:33:04 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.02.21 12:33:04 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.02.21 12:33:03 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.02.21 12:33:03 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.02.21 12:33:03 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.21 12:33:03 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.21 12:33:03 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2012.02.21 12:33:03 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.02.21 12:33:03 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.02.21 12:33:03 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.02.21 12:33:03 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2012.02.21 12:33:03 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.02.21 12:33:03 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.02.21 12:33:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2012.02.21 12:33:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.02.21 12:33:03 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.21 12:33:03 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.21 12:33:03 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.02.21 12:33:03 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.02.21 12:33:03 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2012.02.21 12:33:03 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.02.21 12:33:03 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.02.21 12:33:03 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.02.21 12:33:03 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.02.21 12:33:03 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.02.21 12:33:03 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.02.21 12:33:03 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.02.21 12:33:03 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.02.21 12:33:03 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.02.21 12:33:03 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.02.21 12:33:03 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2012.02.21 12:33:03 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.02.21 12:33:03 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.02.21 12:33:03 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.02.21 12:33:03 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.02.21 12:33:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.02.21 12:33:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.02.21 12:33:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.02.21 12:33:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.02.21 12:33:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.02.21 12:33:03 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.02.21 12:33:03 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.21 12:33:03 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012.02.21 12:33:03 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.02.21 12:33:03 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2012.02.21 12:33:03 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.02.21 12:33:03 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2012.02.21 12:33:03 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.02.21 12:33:03 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.02.21 12:33:03 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2012.02.21 12:33:03 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.02.21 12:33:03 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.02.21 12:33:03 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.02.21 12:33:03 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.02.21 12:33:03 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.02.21 12:33:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2012.02.21 12:20:31 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012.02.21 12:20:31 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012.02.21 11:37:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.02.20 16:44:25 | 000,000,844 | ---- | M] () -- C:\Windows\wininit.ini
 
========== Files Created - No Company Name ==========
 
[2012.03.13 15:09:36 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.12 14:56:49 | 000,000,584 | ---- | C] () -- C:\Users\Innerhofer\AppData\Roaming\AutoGK.ini
[2012.03.02 12:34:04 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.02.21 15:10:56 | 000,001,448 | ---- | C] () -- C:\Users\Innerhofer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.02.21 12:33:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.02.21 12:33:03 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.02.21 11:04:30 | 383,850,834 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.06 08:51:36 | 000,004,096 | -H-- | C] () -- C:\Users\Innerhofer\AppData\Local\keyfile3.drm
[2011.10.29 09:29:17 | 000,000,844 | ---- | C] () -- C:\Windows\wininit.ini
[2011.07.26 15:57:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.06.06 09:18:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.06.06 08:10:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.31 17:39:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== LOP Check ==========
 
[2011.06.06 08:49:37 | 000,000,000 | ---D | M] -- C:\Users\Innerhofer\AppData\Roaming\Canon
[2012.03.13 16:27:08 | 000,000,000 | ---D | M] -- C:\Users\Innerhofer\AppData\Roaming\Dropbox
[2011.06.08 18:50:49 | 000,000,000 | ---D | M] -- C:\Users\Innerhofer\AppData\Roaming\IrfanView
[2012.02.20 11:46:51 | 000,000,000 | ---D | M] -- C:\Users\Innerhofer\AppData\Roaming\Mobipocket
[2011.05.31 17:10:24 | 000,000,000 | ---D | M] -- C:\Users\Innerhofer\AppData\Roaming\OEM
[2011.05.31 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\Innerhofer\AppData\Roaming\tele.ring Verbindungsmanager
[2011.05.31 17:11:27 | 000,000,000 | ---D | M] -- C:\Users\Innerhofer\AppData\Roaming\WildTangent
[2010.08.27 16:40:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer
[2011.05.31 17:08:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.06.08 14:14:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011.06.06 08:49:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011.05.31 17:08:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010.08.27 16:41:24 | 000,000,000 | ---D | M] -- C:\ProgramData\eMachines
[2011.05.31 17:08:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.05.31 17:10:22 | 000,000,000 | ---D | M] -- C:\ProgramData\oem
[2011.06.06 15:01:51 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011.05.31 17:08:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.05.31 17:08:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011.05.31 17:11:45 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2012.02.01 08:09:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

[/CODE]

Chris4You 13.03.2012 15:41
Hi,

noch nicht alles gefixt...
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O20 - HKLM Winlogon: UserInit - (C:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe) -  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Log posten

CCleaner
Anleitung & Download: http://www.trojaner-board.de/51464-a...-ccleaner.html
Die Registry (blaues Würfel-Symbol linke Seite) musst du mehrmals durchsuchen und bereinigen lassen, bis nichts mehr gefunden wird.
Installation des cCleaners ohne die Toolbar! Benutzerdefinierte Installation wählen.

chris

pablo-jill 13.03.2012 16:23
Habe die Registry mit dem CCleaner bereinigt.

Hier das OTL-log:

Code:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Innerhofer\AppData\Roaming\flint4ytw.exe deleted successfully.
Registry key HKEY_USERS\S-1-5-19\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-20\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Innerhofer
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5612 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1427944 bytes
 
Total Files Cleaned = 1,00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 03132012_160616

Chris4You 13.03.2012 16:31
Hi,

ok, jetzt noch den Cleaner ...

Dann sollten wir durch sein...

chris

pablo-jill 13.03.2012 16:42
Der Cleaner hat an die 200 Fehler behoben. Jetzt findet trotz mehrmaligen Behebens immer wieder folgenden einen Fehler:

Ungenutzte Datei-Endungen {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:07 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131