Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox öffnet unaufgefordert schädliche Webseiten (https://www.trojaner-board.de/94826-firefox-oeffnet-unaufgefordert-schaedliche-webseiten.html)

Stampfi 18.01.2011 01:24
Firefox öffnet unaufgefordert schädliche Webseiten
 
Huhu!
Seit einiger Zeit öffnet Firefox völlig zufällig, ohne dass ich etwas anklicke "als attackierend gemeldete" Webseiten, bzw. er will wohl irgendetwas öffnen und glücklicherweise wird diese Seite dann blockiert. Ich habe schon mir AntiVir und Antimalware mein System geprüft, es wurde auch etwas gefunden, aber es passiert immernoch. Ich denke mal nicht dass es an Firefox selbst liegt.

Hier ist die Logfile von Malwarebyte:


-----
Malwarebytes' Anti-Malware 1.50.1.1100

Datenbank Version: 5537

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.01.2011 13:49:32
mbam-log-2011-01-17 (13-49-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 379951
Laufzeit: 42 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{27BA317E-7BBD-4EBE-A06A-47F076D9D6F7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2574231F-9D6F-4B0E-9041-5DD7484564AD} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MinBHO.ShowBarObj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MinBHO.ShowBarObj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files (x86)\savetubevideo.com (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files (x86)\savetubevideo.com\savetubevideo (Adware.SkyLab) -> Quarantined and deleted successfully.
c:\program files (x86)\savetubevideo.com\savetubevideo\FF (Adware.SkyLab) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\cryptload_1.1.8\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files\cryptload_1.1.8\router\fritz!box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
c:\program files (x86)\savetubevideo.com\savetubevideo\FF\tmp (Adware.SkyLab) -> Quarantined and deleted successfully.

cosinus 18.01.2011 11:45
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Stampfi 18.01.2011 15:10
Nein das ist die einzige Log Datei, der Rechner ist realtiv neu, ich hatte Malwarebyte vorn paar Tagen auch noch nicht drauf und gestern das erste Mal suchen lassen...

cosinus 18.01.2011 15:18
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Stampfi 18.01.2011 20:41
Hier ist einmal die OTL File:OTL Logfile:
Code:
OTL logfile created on: 18.01.2011 20:25:20 - Run 1
OTL by OldTimer - Version 3.2.20.2    Folder = C:\Users\***\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,10 Gb Total Space | 139,69 Gb Free Space | 69,81% Space Free | Partition Type: NTFS
Drive D: | 400,49 Gb Total Space | 331,15 Gb Free Space | 82,69% Space Free | Partition Type: NTFS
Drive E: | 330,83 Gb Total Space | 175,01 Gb Free Space | 52,90% Space Free | Partition Type: NTFS
 
Computer Name: HAL2010 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\VLC\vlc.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
PRC - C:\Windows\system\w98eject.exe (Sigmatel)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- D:\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (!SASCORE) -- C:\Program Files (x86)\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (FLASHSYS) -- C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.smartwebsearch.net/index.php?from=3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 4D E9 7D D1 60 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "www.google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://www.smartwebsearch.net/index.php?form=5&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.16 13:54:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.16 13:54:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.16 13:54:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.16 13:54:34 | 000,000,000 | ---D | M]
 
[2010.11.01 23:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.01.18 20:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1bk83bym.default\extensions
[2011.01.11 15:17:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kaddi\AppData\Roaming\mozilla\Firefox\Profiles\1bk83bym.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.25 17:15:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kaddi\AppData\Roaming\mozilla\Firefox\Profiles\1bk83bym.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.01 20:32:18 | 000,002,138 | ---- | M] () -- C:\Users\Kaddi\AppData\Roaming\Mozilla\Firefox\Profiles\1bk83bym.default\searchplugins\GoogleFeed.xml
[2011.01.18 20:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.01.04 23:23:15 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.11.15 16:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.15 16:39:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.30 20:07:21 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] E:\Magix Video Deluxe 17\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaddi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaddi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4450c272-d4b0-11df-b920-6c626d08f7f4}\Shell - "" = AutoRun
O33 - MountPoints2\{4450c272-d4b0-11df-b920-6c626d08f7f4}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\machinarium_install.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.18 20:23:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaddi\Desktop\OTL.exe
[2011.01.18 01:38:03 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.01.17 16:11:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2011.01.17 14:21:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2011.01.17 14:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\SUPERAntiSpyware
[2011.01.17 14:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.01.17 14:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2011.01.17 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.01.17 14:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\WinRAR
[2011.01.17 14:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011.01.17 14:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\VideoLAN
[2011.01.17 14:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC
[2011.01.17 14:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.01.17 13:03:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.01.17 13:03:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.01.17 13:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.01.17 13:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.17 13:02:59 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.01.17 13:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.01.16 18:48:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TechSmith
[2011.01.16 18:47:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Camtasia Studio
[2011.01.16 18:47:11 | 000,107,864 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2011.01.16 18:47:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2011.01.16 18:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2011.01.16 18:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Camtasia Studio 5
[2011.01.16 18:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2011.01.16 18:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Camtasia Studio 5
[2011.01.16 13:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime
[2011.01.16 13:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.01.16 13:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.01.14 02:25:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.01.14 01:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ImgBurn
[2011.01.14 01:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011.01.13 19:07:43 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.13 19:07:43 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.13 19:07:43 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.13 19:07:43 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.13 19:07:43 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.13 19:07:43 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.13 19:07:43 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.13 19:07:42 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.13 19:07:42 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.13 19:07:42 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.13 19:07:42 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.13 19:07:42 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.13 19:07:42 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.13 19:07:42 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.13 19:07:42 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.13 19:07:42 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.13 19:07:41 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.13 19:07:41 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.13 19:07:41 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.13 19:07:41 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.13 19:07:41 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.13 19:07:41 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.13 19:07:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.13 19:07:41 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.13 19:07:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.01.13 19:07:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.13 19:07:41 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.13 19:07:34 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.13 19:07:34 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.11 15:15:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\reakktor
[2011.01.11 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Reakktor Media
[2011.01.11 01:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Seven Kingdoms
[2011.01.10 13:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Gamigo
[2011.01.10 11:25:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PMB Files
[2011.01.10 11:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011.01.10 11:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011.01.09 23:06:48 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011.01.09 23:06:48 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011.01.09 23:06:48 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011.01.09 23:06:48 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011.01.09 23:06:47 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011.01.09 23:06:47 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011.01.09 23:06:45 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011.01.09 23:06:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011.01.03 20:48:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogMeIn Hamachi
[2011.01.03 20:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\LogMeIn Hamachi
[2011.01.01 20:58:18 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap
[2011.01.01 20:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tipard Studio
[2011.01.01 20:40:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Tipard Studio
[2011.01.01 20:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\WinPcap
[2011.01.01 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tipard Video Downloader
[2010.12.25 15:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\cdex_170b2_enu_nonunicode
[2010.12.21 11:53:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_MusicEditor
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.18 20:23:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.01.18 19:33:39 | 000,011,361 | ---- | M] () -- C:\Users\***\Documents\coolespiele.odt
[2011.01.18 14:29:39 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.18 14:29:39 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.18 14:26:31 | 001,597,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.18 14:26:31 | 000,693,394 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.18 14:26:31 | 000,648,072 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.18 14:26:31 | 000,145,752 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.18 14:26:31 | 000,119,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.18 14:22:07 | 000,397,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.01.18 14:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.18 14:21:53 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.18 01:38:04 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.01.17 18:41:28 | 000,006,656 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.17 14:21:05 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.01.17 13:03:02 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.16 18:47:05 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 5.lnk
[2011.01.16 17:19:00 | 000,016,018 | ---- | M] () -- C:\Users\***\Documents\minecraft server.odt
[2011.01.14 13:35:50 | 000,003,851 | ---- | M] () -- C:\Windows\ULEAD32.INI
[2011.01.14 01:54:35 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011.01.11 17:00:28 | 001,577,876 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.10 21:42:15 | 001,594,514 | ---- | M] () -- C:\Users\***\Desktop\dez - Knall diese Schlampe (DAS ORIGINAL) Two and a half Man.mp4.ff.mp3
[2011.01.10 13:22:09 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\ Black Prophecy Client BETA  starten.lnk
[2011.01.10 13:22:09 | 000,000,144 | ---- | M] () -- C:\Users\Public\Desktop\Für  Black Prophecy Client BETA  anmelden.url
[2011.01.09 16:33:21 | 006,303,744 | ---- | M] () -- C:\Users\***\Desktop\Mason - Exceeder (Original Version).mp3
[2011.01.09 16:30:33 | 003,436,289 | ---- | M] () -- C:\Users\***\Desktop\Mason Vs Princess Superstar - Perfect Exceeder.mp3
[2011.01.09 01:32:49 | 010,110,181 | ---- | M] () -- C:\Users\***\Desktop\09 The Island, Pt. II (Dusk).mp3
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.01.18 01:38:04 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.01.17 14:21:05 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.01.17 13:03:02 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.16 18:47:05 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 5.lnk
[2011.01.15 12:34:55 | 000,011,361 | ---- | C] () -- C:\Users\***\Documents\coolespiele.odt
[2011.01.14 01:54:35 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011.01.10 21:41:16 | 001,594,514 | ---- | C] () -- C:\Users\***\Desktop\dez - Knall diese Schlampe (DAS ORIGINAL) Two and a half Man.mp4.ff.mp3
[2011.01.10 13:24:07 | 001,577,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.10 13:22:09 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\ Black Prophecy Client BETA  starten.lnk
[2011.01.10 13:22:09 | 000,000,144 | ---- | C] () -- C:\Users\Public\Desktop\Für  Black Prophecy Client BETA  anmelden.url
[2011.01.09 16:30:29 | 003,436,289 | ---- | C] () -- C:\Users\***\Desktop\Mason Vs Princess Superstar - Perfect Exceeder.mp3
[2011.01.09 16:29:56 | 006,303,744 | ---- | C] () -- C:\Users\***\Desktop\Mason - Exceeder (Original Version).mp3
[2011.01.09 01:28:18 | 010,110,181 | ---- | C] () -- C:\Users\***\Desktop\09 The Island, Pt. II (Dusk).mp3
[2011.01.08 00:10:38 | 000,016,018 | ---- | C] () -- C:\Users\***\Documents\minecraft server.odt
[2010.10.25 20:56:37 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI
[2010.10.18 14:25:22 | 000,006,656 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 00:11:50 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.10.13 23:07:48 | 000,003,851 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010.10.11 17:17:33 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.10.11 17:15:02 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.10.10 20:24:11 | 000,166,400 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1999.07.07 01:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---

Stampfi 18.01.2011 20:41
Und hier die Extras:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 18.01.2011 20:25:20 - Run 1
OTL by OldTimer - Version 3.2.20.2    Folder = C:\Users\***\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,10 Gb Total Space | 139,69 Gb Free Space | 69,81% Space Free | Partition Type: NTFS
Drive D: | 400,49 Gb Total Space | 331,15 Gb Free Space | 82,69% Space Free | Partition Type: NTFS
Drive E: | 330,83 Gb Total Space | 175,01 Gb Free Space | 52,90% Space Free | Partition Type: NTFS
 
Computer Name: HAL2010 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64
"CCleaner" = CCleaner
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{179C91E9-D9ED-D5CC-F0D8-9579DBDED8D6}" = CCC Help English
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D96D2F0-8FB4-45C2-9B80-2DCB88016316}_is1" = Machinarium
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EADB65C-70E8-4C94-AD0A-221462D41A85}" = Camtasia Studio 5
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DE258A5-9085-4C94-9BDA-9539ED0D0F6A}" = openCanvas4.5.17e Plus
"{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium Download-Version
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B76BE192-7AD9-4A02-90A8-E3DA068D2F00}" = Wolkig mit Aussicht auf Fleischbällchen(TM)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9AAF970-4E7E-4C98-AD67-09C74379D345}" = Harry Potter und die Heiligtümer des Todes™ - Teil 1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F71E7762-8A64-AECC-0917-DA51677041CF}" = Catalyst Control Center InstallProxy
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static
"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter und der Halbblut-Prinz™
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Black Prophecy Client BETA_is1" = Black Prophecy Client BETA
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.15
"ImgBurn" = ImgBurn
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Liveupdate4_is1" = Liveupdate4
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Video deluxe 2008 D" = MAGIX Video deluxe 2008 7.5.0.20 (D)
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Seven Kingdoms" = Seven Kingdoms
"Steam App 40800" = Super Meat Boy
"Steam App 45740" = Dead Rising 2
"Steam App 550" = Left 4 Dead 2
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SysInfo" = Creative Systeminformationen
"Ulead PhotoImpact 5.0" = Ulead PhotoImpact 5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2011 14:49:57 | Computer Name = HAL2010 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.01.2011 13:26:02 | Computer Name = HAL2010 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.01.2011 20:00:46 | Computer Name = HAL2010 | Source = Application Hang | ID = 1002
Description = Programm 7K.EXE, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 10bc    Startzeit:
 01cbb1227c56d309    Endzeit: 3    Anwendungspfad: F:\7K.EXE    Berichts-ID: 
 
Error - 10.01.2011 20:01:21 | Computer Name = HAL2010 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUTO.EXE, Version: 1.0.0.1, Zeitstempel:
 0x3474528a  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b29c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e25b  ID des fehlerhaften Prozesses:
 0xd14  Startzeit der fehlerhaften Anwendung: 0x01cbb122ab172138  Pfad der fehlerhaften
 Anwendung: F:\AUTO.EXE  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 eb632896-1d15-11e0-8910-6c626d08f7f4
 
Error - 10.01.2011 20:02:10 | Computer Name = HAL2010 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 7K.EXE, Version: 0.0.0.0, Zeitstempel:
 0x34741cc1  Name des fehlerhaften Moduls: 7K.EXE, Version: 0.0.0.0, Zeitstempel:
0x34741cc1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000115b  ID des fehlerhaften Prozesses:
 0xc84  Startzeit der fehlerhaften Anwendung: 0x01cbb122b55161ee  Pfad der fehlerhaften
 Anwendung: F:\7K.EXE  Pfad des fehlerhaften Moduls: F:\7K.EXE  Berichtskennung: 08cce2d7-1d16-11e0-8910-6c626d08f7f4
 
Error - 13.01.2011 14:03:00 | Computer Name = HAL2010 | Source = TabletServicePen | ID = 1
Description =
 
Error - 13.01.2011 19:25:18 | Computer Name = HAL2010 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.01.2011 22:04:13 | Computer Name = HAL2010 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 16.01.2011 15:46:44 | Computer Name = HAL2010 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.01.2011 13:35:06 | Computer Name = HAL2010 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 25.11.2010 09:14:10 | Computer Name = HAL2010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 25.11.2010 09:14:11 | Computer Name = HAL2010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 26.11.2010 12:28:43 | Computer Name = HAL2010 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 26.11.2010 12:28:45 | Computer Name = HAL2010 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 26.11.2010 12:28:45 | Computer Name = HAL2010 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 26.11.2010 13:45:26 | Computer Name = HAL2010 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 27.11.2010 06:25:01 | Computer Name = HAL2010 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.11.2010 08:37:30 | Computer Name = HAL2010 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR4.
 
Error - 27.11.2010 10:05:56 | Computer Name = HAL2010 | Source = DCOM | ID = 10010
Description =
 
Error - 02.12.2010 11:22:33 | Computer Name = HAL2010 | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
 
< End of report >
--- --- ---

cosinus 18.01.2011 20:49
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4450c272-d4b0-11df-b920-6c626d08f7f4}\Shell - "" = AutoRun
O33 - MountPoints2\{4450c272-d4b0-11df-b920-6c626d08f7f4}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\machinarium_install.exe
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Stampfi 18.01.2011 22:50
Hier bidde:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4450c272-d4b0-11df-b920-6c626d08f7f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4450c272-d4b0-11df-b920-6c626d08f7f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4450c272-d4b0-11df-b920-6c626d08f7f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4450c272-d4b0-11df-b920-6c626d08f7f4}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\machinarium_install.exe not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 2062868 bytes
->Temporary Internet Files folder emptied: 717360 bytes
->Java cache emptied: 183763 bytes
->FireFox cache emptied: 101658424 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 4020 bytes

User: Public

User: user

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 698147003 bytes

Total Files Cleaned = 766,00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01182011_223654

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 18.01.2011 22:56
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Stampfi 29.01.2011 08:52
hat zwar etwas länger gedauert, aber hier ist jetzt die ComboFix Log:

Combofix Logfile:
Code:
ComboFix 11-01-28.02 - *** 29.01.2011  8:41.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.4087.2904 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\Color
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


(((((((((((((((((((((((  Dateien erstellt von 2010-12-28 bis 2011-01-29  ))))))))))))))))))))))))))))))
.

2011-01-29 07:44 . 2011-01-29 07:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-01-18 21:36 . 2011-01-18 21:36        --------        d-----w-        C:\_OTL
2011-01-18 00:38 . 2011-01-29 07:31        --------        d-----w-        c:\program files\CCleaner
2011-01-17 15:11 . 2011-01-17 15:12        --------        d-----w-        c:\users\***\AppData\Roaming\vlc
2011-01-17 13:21 . 2011-01-17 13:21        --------        d-----w-        c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2011-01-17 13:21 . 2011-01-17 13:21        --------        d-----w-        c:\programdata\!SASCORE
2011-01-17 13:20 . 2011-01-17 13:21        --------        d-----w-        c:\program files (x86)\SUPERAntiSpyware
2011-01-17 13:13 . 2011-01-17 13:13        --------        d-----w-        c:\program files (x86)\VLC
2011-01-17 13:03 . 2011-01-17 13:03        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2011-01-17 12:03 . 2011-01-17 12:03        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2011-01-17 12:03 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-17 12:03 . 2011-01-17 12:03        --------        d-----w-        c:\programdata\Malwarebytes
2011-01-17 12:02 . 2011-01-17 12:03        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-17 12:02 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-01-16 17:48 . 2011-01-16 17:48        --------        d-----w-        c:\users\***\AppData\Local\TechSmith
2011-01-16 17:47 . 2007-08-27 09:53        107864        ----a-w-        c:\windows\SysWow64\tsccvid.dll
2011-01-16 17:47 . 2011-01-16 17:47        --------        d-----w-        c:\windows\SysWow64\QuickTime
2011-01-16 17:47 . 2011-01-16 17:47        --------        d-----w-        c:\programdata\TechSmith
2011-01-16 17:47 . 2011-01-16 17:47        --------        d-----w-        c:\program files (x86)\Camtasia Studio 5
2011-01-16 17:47 . 2011-01-16 17:47        --------        d-----w-        c:\program files (x86)\Common Files\TechSmith Shared
2011-01-14 01:25 . 2011-01-14 01:32        --------        d-----w-        c:\users\***\AppData\Roaming\ImgBurn
2011-01-14 00:54 . 2011-01-14 00:54        --------        d-----w-        c:\program files (x86)\ImgBurn
2011-01-11 14:15 . 2011-01-11 14:15        --------        d-----w-        c:\users\***\AppData\Local\reakktor
2011-01-10 10:25 . 2011-01-10 12:24        --------        d-----w-        c:\users\***\AppData\Local\PMB Files
2011-01-10 10:25 . 2011-01-10 10:25        --------        d-----w-        c:\programdata\PMB Files
2011-01-10 10:24 . 2011-01-10 10:24        --------        d-----w-        c:\program files (x86)\Pando Networks
2011-01-09 22:06 . 2010-02-04 09:01        78680        ----a-w-        c:\windows\system32\XAPOFX1_4.dll
2011-01-09 22:06 . 2010-02-04 09:01        74072        ----a-w-        c:\windows\SysWow64\XAPOFX1_4.dll
2011-01-09 22:06 . 2010-02-04 09:01        530776        ----a-w-        c:\windows\system32\XAudio2_6.dll
2011-01-09 22:06 . 2010-02-04 09:01        528216        ----a-w-        c:\windows\SysWow64\XAudio2_6.dll
2011-01-09 22:06 . 2009-09-04 16:29        1974616        ----a-w-        c:\windows\SysWow64\D3DCompiler_42.dll
2011-01-09 22:06 . 2009-09-04 16:29        2582888        ----a-w-        c:\windows\system32\D3DCompiler_42.dll
2011-01-09 22:06 . 2009-09-04 16:29        1892184        ----a-w-        c:\windows\SysWow64\D3DX9_42.dll
2011-01-09 22:06 . 2009-09-04 16:29        2475352        ----a-w-        c:\windows\system32\D3DX9_42.dll
2011-01-03 19:48 . 2011-01-04 10:59        --------        d-----w-        c:\users\***\AppData\Local\LogMeIn Hamachi
2011-01-01 19:58 . 2011-01-01 19:58        --------        d-----w-        c:\program files\WinPcap
2011-01-01 19:40 . 2011-01-01 19:40        --------        d-----w-        c:\programdata\Tipard Studio
2011-01-01 19:40 . 2011-01-01 19:42        --------        d-----w-        c:\program files (x86)\Tipard Video Downloader

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
2010-11-23 20:59 . 2010-09-30 19:41        83120        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-11-15 15:39 . 2010-11-15 15:39        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-16 07:23        1194496        ----a-w-        c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-16 07:23        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-16 07:23        978944        ----a-w-        c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-16 07:23        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-16 07:23        482816        ----a-w-        c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-16 07:23        386048        ----a-w-        c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-16 07:23        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-16 07:23        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-16 07:23        524288        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-16 07:23        473600        ----a-w-        c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-16 07:23        1169408        ----a-w-        c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-16 07:23        1114624        ----a-w-        c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-16 07:23        464384        ----a-w-        c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-16 07:23        285696        ----a-w-        c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-16 07:23        496128        ----a-w-        c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-16 07:23        305152        ----a-w-        c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-16 07:23        192000        ----a-w-        c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-16 07:23        179712        ----a-w-        c:\windows\SysWow64\schtasks.exe
2010-03-15 09:28 . 2010-10-10 19:24        166400        ----a-w-        c:\program files (x86)\RarExt.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\SysWOW64\nbDX.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44        1400712        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-11 281768]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"TrayServer"="e:\magix video deluxe 17\TrayServer.exe" [2008-08-07 90112]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - c:\windows\System\w98eject.exe [2010-10-30 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]
R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\DRIVERS\V0330Vid.sys [2007-08-08 193312]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-10 868848]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files (x86)\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-11 135336]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\logmein hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-09-21 5788016]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-09-21 484720]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-09-15 18288]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF25753.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1bk83bym.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://www.smartwebsearch.net/index.php?form=5&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\logmein hamachi\hamachi-2-ui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-29  08:48:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-01-29 07:48

Vor Suchlauf: 11 Verzeichnis(se), 158.422.388.736 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 158.099.894.272 Bytes frei

- - End Of File - - 4DA4F12430BD8394D4F06809AAD6B0C0
--- --- ---

cosinus 30.01.2011 13:24
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Stampfi 09.02.2011 13:27
GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-09 13:18:34
Windows 6.1.7600 
Running: 5tpoee6h.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                    771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                    285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                    1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x08 0x70 0xF2 0x0E ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                      0x2C 0xC7 0x7D 0x63 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x6D 0x10 0x8B 0x9C ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x08 0x70 0xF2 0x0E ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x2C 0xC7 0x7D 0x63 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x6D 0x10 0x8B 0x9C ...

---- EOF - GMER 1.0.15 ----
--- --- ---

Stampfi 09.02.2011 13:28
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MSI
System Product Name: MS-7585
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 200):
0x02E1A000 \SystemRoot\system32\ntoskrnl.exe
0x033F6000 \SystemRoot\system32\hal.dll
0x00BBD000 \SystemRoot\system32\kdcom.dll
0x00C79000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CBD000 \SystemRoot\system32\PSHED.dll
0x00CD1000 \SystemRoot\system32\CLFS.SYS
0x00D2F000 \SystemRoot\system32\CI.dll
0x00E14000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC7000 \SystemRoot\System32\Drivers\spmv.sys
0x00E00000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00C00000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x010DF000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01136000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01140000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x0114D000 \SystemRoot\system32\DRIVERS\pci.sys
0x01180000 \SystemRoot\System32\drivers\partmgr.sys
0x01195000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01000000 \SystemRoot\System32\drivers\volmgrx.sys
0x0105C000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01063000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01073000 \SystemRoot\System32\drivers\mountmgr.sys
0x0108D000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01096000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010C0000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010CB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x011AA000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C2F000 \SystemRoot\system32\drivers\fileinfo.sys
0x01238000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0140B000 \SystemRoot\System32\Drivers\msrpc.sys
0x01469000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01483000 \SystemRoot\System32\Drivers\cng.sys
0x014F6000 \SystemRoot\System32\drivers\pcw.sys
0x01507000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016A5000 \SystemRoot\system32\drivers\ndis.sys
0x01797000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01675000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01511000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01685000 \SystemRoot\System32\Drivers\spldr.sys
0x0155D000 \SystemRoot\System32\drivers\rdyboost.sys
0x0168D000 \SystemRoot\System32\Drivers\mup.sys
0x017F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01597000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015D1000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00C43000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01400000 \SystemRoot\System32\Drivers\Null.SYS
0x01230000 \SystemRoot\System32\Drivers\Beep.SYS
0x00DEF000 \SystemRoot\System32\drivers\vga.sys
0x02C52000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C77000 \SystemRoot\System32\drivers\watchdog.sys
0x02C87000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C90000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C99000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02CA2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02CAD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02CBE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CDC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CE9000 \SystemRoot\system32\drivers\afd.sys
0x02D73000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DB8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DC1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DE7000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x02C00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03ED5000 \SystemRoot\system32\drivers\vpcvmm.sys
0x03F2C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03F40000 \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL64.SYS
0x03F4A000 \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV64.SYS
0x03F54000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03FA5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03FB1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03FBC000 \SystemRoot\System32\drivers\discache.sys
0x03E00000 \SystemRoot\system32\drivers\csc.sys
0x03E83000 \SystemRoot\System32\Drivers\dfsc.sys
0x03EA1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03EB2000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03FCB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02C2A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04041000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04836000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0408B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0417F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04824000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0428D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x042E3000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0433A000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x0436A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0436C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x043AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x043C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04200000 \SystemRoot\System32\Drivers\a3055y74.SYS
0x04243000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0424C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0425C000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x0425F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04278000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x043D7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041C5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05097000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x050B2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x050D3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x050ED000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x050F8000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05103000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05112000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05114000 \SystemRoot\system32\DRIVERS\ks.sys
0x05157000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05169000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x05186000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x05195000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x05000000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0505A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x05072000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0507F000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x051D1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E3B000 \SystemRoot\system32\drivers\AtihdW76.sys
0x05E5B000 \SystemRoot\system32\drivers\portcls.sys
0x05E98000 \SystemRoot\system32\drivers\drmk.sys
0x05EBA000 \SystemRoot\system32\drivers\ksthunk.sys
0x06416000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0667A000 \SystemRoot\system32\DRIVERS\udfs.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x066CE000 \SystemRoot\System32\drivers\Dxapi.sys
0x066DA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x066E8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x066F4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x066FD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06710000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0671E000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x0672A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06747000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06755000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x007B0000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x06763000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
0x0676C000 \SystemRoot\system32\drivers\luafv.sys
0x067AA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x067C7000 \SystemRoot\system32\drivers\WudfPf.sys
0x067E8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05EC0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05ED8000 \SystemRoot\system32\drivers\HTTP.sys
0x05FA0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05FBE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05E00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x086B6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08704000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08727000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x08600000 \SystemRoot\system32\drivers\peauth.sys
0x086A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08781000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x087AE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0906B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x090D2000 \SystemRoot\System32\DRIVERS\srv.sys
0x778F0000 \Windows\System32\ntdll.dll
0x478C0000 \Windows\System32\smss.exe
0xFFC10000 \Windows\System32\apisetschema.dll
0xFF100000 \Windows\System32\autochk.exe
0xFFBB0000 \Windows\System32\Wldap32.dll
0xFFB40000 \Windows\System32\gdi32.dll
0x777F0000 \Windows\System32\user32.dll
0xFFAA0000 \Windows\System32\msvcrt.dll
0xFF9D0000 \Windows\System32\usp10.dll
0xFF950000 \Windows\System32\difxapi.dll
0xFF940000 \Windows\System32\lpk.dll
0x77AC0000 \Windows\System32\psapi.dll
0xFF7C0000 \Windows\System32\urlmon.dll
0xFF560000 \Windows\System32\iertutil.dll
0xFF430000 \Windows\System32\wininet.dll
0xFF390000 \Windows\System32\clbcatq.dll
0x776D0000 \Windows\System32\kernel32.dll
0xFE600000 \Windows\System32\shell32.dll
0xFE3F0000 \Windows\System32\ole32.dll
0x77AB0000 \Windows\System32\normaliz.dll
0xFE2E0000 \Windows\System32\msctf.dll
0xFE2C0000 \Windows\System32\imagehlp.dll
0xFE190000 \Windows\System32\rpcrt4.dll
0xFE140000 \Windows\System32\ws2_32.dll
0xFE130000 \Windows\System32\nsi.dll
0xFE050000 \Windows\System32\advapi32.dll
0xFE020000 \Windows\System32\imm32.dll
0xFE000000 \Windows\System32\sechost.dll
0xFDE20000 \Windows\System32\setupapi.dll
0xFDDA0000 \Windows\System32\shlwapi.dll
0xFDD00000 \Windows\System32\comdlg32.dll
0xFDC20000 \Windows\System32\oleaut32.dll
0xFDBE0000 \Windows\System32\cfgmgr32.dll
0xFDBC0000 \Windows\System32\devobj.dll
0xFDB20000 \Windows\System32\comctl32.dll
0xFDAB0000 \Windows\System32\KernelBase.dll
0xFDA70000 \Windows\System32\wintrust.dll
0xFD900000 \Windows\System32\crypt32.dll
0xFD8F0000 \Windows\System32\msasn1.dll

Processes (total 71):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
444 csrss.exe
512 C:\Windows\System32\wininit.exe
528 csrss.exe
576 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
608 C:\Windows\System32\lsm.exe
700 C:\Windows\System32\winlogon.exe
760 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\atiesrxx.exe
316 C:\Windows\System32\svchost.exe
448 C:\Windows\System32\svchost.exe
712 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\atieclxx.exe
1224 C:\Program Files\Tablet\Pen\Pen_TouchService.exe
1232 C:\Windows\System32\wisptis.exe
1460 C:\Windows\System32\wisptis.exe
1468 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1548 C:\Windows\System32\svchost.exe
1672 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
1744 C:\Windows\System32\dwm.exe
1788 C:\Windows\explorer.exe
1960 C:\Windows\System32\spoolsv.exe
1980 C:\Windows\System32\taskhost.exe
1152 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1424 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1728 C:\Windows\System32\svchost.exe
1732 C:\Program Files\Windows Sidebar\sidebar.exe
2116 C:\Program Files (x86)\SUPERAntiSpyware\SASCore64.exe
2148 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2204 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2216 C:\Windows\System32\StikyNot.exe
2240 C:\Windows\system\w98eject.exe
2296 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
2400 D:\LogMeIn Hamachi\hamachi-2.exe
2472 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2520 C:\Windows\System32\svchost.exe
2584 D:\LogMeIn Hamachi\hamachi-2-ui.exe
2704 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2724 C:\Windows\System32\conhost.exe
2884 C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
2892 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
3016 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3036 C:\Windows\V0330Mon.exe
2412 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2544 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1760 C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
3128 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3156 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
3328 WmiPrvSE.exe
3568 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3604 C:\Windows\System32\SearchIndexer.exe
3856 C:\Windows\System32\svchost.exe
4044 C:\Program Files\Windows Media Player\wmpnetwk.exe
2864 C:\Windows\System32\svchost.exe
2280 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
1408 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
3780 C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
3904 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
1068 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
2816 <unknown>
4312 <unknown>
1292 C:\Windows\System32\notepad.exe
4476 C:\Windows\System32\audiodg.exe
1328 C:\Users\***\Desktop\MBRCheck.exe
4544 C:\Windows\System32\conhost.exe
2928 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000032`0c900000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000096`2bd00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD105SI, Rev: 1AJ10001

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 09.02.2011 15:04
Wir müssen den MBR neu machen, hast du eine Win7-DVD-64-Bit zur Hand? (Daten gehen dabei nicht verloren)

Stampfi 12.02.2011 21:23
Jo, ich hab die DVD hier noch irgendwo, was soll ich denn dann machen?

cosinus 12.02.2011 21:29
Boot von dieser DVD den Computer.
Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Mach danach neue Logs mit MBRcheck und wenn's geht GMER.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19