Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google leitet auf ungewünschte Seiten weiter (redirect, jumper) (https://www.trojaner-board.de/95572-google-leitet-ungewuenschte-seiten-redirect-jumper.html)

Deynet 10.02.2011 16:30
Google leitet auf ungewünschte Seiten weiter (redirect, jumper)
 
Hallo,

seit einiger Zeit leitet wird wenn ich etwas mit Google suche sehr häufig auf unerwünschte Seiten weitergeleitet wenn ich ein Suchergebnis anklicke.

MBAM hab ich etliche Male durchlaufen lassen, keine Funde.

Hab jetzt ComboFix so wie in einem anderen Thread empfohlen angewendet wo jemand dasselbe Problem hat.

Hier der Log:
Combofix Logfile:
Code:
ComboFix 11-02-09.05 - Fabian 10.02.2011 16:04:21.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3999.2703 [GMT 1:00]
ausgeführt von:: c:\users\Fabian\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\install.exe
C:\readme.txt
c:\windows\isRS-000.tmp
c:\windows\system32\spool\DRIVERS\x64\3\E_IATIFJU.exe
 
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-10 bis 2011-02-10 ))))))))))))))))))))))))))))))
.
 
2011-02-10 13:06 . 2011-02-10 13:06    --------    d-----w-    c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-10 12:22 . 2011-02-10 12:22    --------    d-----w-    c:\windows\SysWow64\wbem\en-US
2011-02-10 12:22 . 2011-02-10 12:22    --------    d-----w-    c:\windows\system32\wbem\en-US
2011-02-10 12:09 . 2011-02-10 12:09    --------    d-----w-    c:\program files (x86)\Feedback Tool
2011-02-10 09:22 . 2010-12-18 06:11    714752    ----a-w-    c:\windows\system32\kerberos.dll
2011-02-10 09:22 . 2010-12-18 05:29    541184    ----a-w-    c:\windows\SysWow64\kerberos.dll
2011-02-10 09:22 . 2011-01-05 04:00    3127808    ----a-w-    c:\windows\system32\win32k.sys
2011-02-10 09:22 . 2010-12-21 06:16    214016    ----a-w-    c:\windows\system32\winsrv.dll
2011-02-10 09:18 . 2011-01-13 01:20    7844688    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1B9938F-5592-4703-9F7A-2416F8D3C8E2}\mpengine.dll
2011-02-10 09:18 . 2011-01-26 06:53    265088    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2011-02-10 09:18 . 2011-01-26 06:53    982912    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 09:18 . 2011-01-26 06:31    144384    ----a-w-    c:\windows\system32\cdd.dll
2011-02-10 09:17 . 2010-10-27 05:18    5510528    ----a-w-    c:\windows\system32\ntoskrnl.exe
2011-02-10 09:17 . 2010-10-27 05:16    1739176    ----a-w-    c:\windows\system32\ntdll.dll
2011-02-10 09:17 . 2010-10-27 04:40    1293120    ----a-w-    c:\windows\SysWow64\ntdll.dll
2011-02-10 09:17 . 2010-10-27 04:43    3901824    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2011-02-10 09:17 . 2010-10-27 04:43    3957120    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2011-02-10 09:16 . 2011-01-07 08:06    46080    ----a-w-    c:\windows\system32\atmlib.dll
2011-02-10 09:16 . 2011-01-07 07:27    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2011-02-10 09:16 . 2011-01-07 05:49    366080    ----a-w-    c:\windows\system32\atmfd.dll
2011-02-10 09:16 . 2011-01-07 05:33    294400    ----a-w-    c:\windows\SysWow64\atmfd.dll
2011-02-03 15:41 . 2011-02-03 15:48    --------    d-----w-    c:\users\Fabian\AppData\Roaming\FileZilla
2011-02-03 15:41 . 2011-02-05 09:45    --------    d-----w-    c:\program files (x86)\FileZilla FTP Client
2011-02-02 16:20 . 2011-02-10 15:01    --------    d-----w-    c:\users\Fabian\AppData\Roaming\ICQ
2011-02-02 16:20 . 2011-02-02 18:13    --------    d-----w-    c:\program files (x86)\ICQ7.4
2011-01-30 15:45 . 2011-01-30 15:45    135568    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-29 13:23 . 2011-01-29 13:23    --------    d-----w-    c:\users\Fabian\AppData\Roaming\Octoshape
2011-01-27 00:08 . 2011-01-27 00:39    --------    d-----w-    c:\users\Fabian\AppData\Roaming\DMCache
2011-01-26 09:31 . 2011-01-26 09:31    --------    d-----w-    c:\programdata\McAfee
2011-01-26 08:46 . 2011-01-26 08:46    601424    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A964EABD-4B31-4AC2-9F7E-7F0885858CF4}\gapaengine.dll
2011-01-26 08:30 . 2011-01-26 08:30    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2011-01-26 08:30 . 2011-01-26 08:30    --------    d-----w-    c:\windows\Temp4498F543-8251-F5BC-439F-C59EA90FD3D4-Signatures
2011-01-26 08:29 . 2011-01-26 08:31    --------    d-----w-    c:\program files\Microsoft Security Client
2011-01-26 08:29 . 2010-04-09 11:06    374664    ----a-w-    c:\windows\system32\drivers\netio.sys
2011-01-12 08:33 . 2010-10-16 05:17    720896    ----a-w-    c:\windows\system32\odbc32.dll
 
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 12:19 . 2010-10-26 07:20    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2011-01-13 01:20 . 2010-04-04 20:53    7844688    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-20 17:08 . 2010-04-21 13:16    24152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-12-17 13:30 . 2010-12-17 13:30    34032    ----a-w-    c:\windows\system32\drivers\seehcri.sys
2010-12-17 13:29 . 2010-12-17 13:29    27176    ----a-w-    c:\windows\system32\drivers\ggsemc.sys
2010-12-17 13:29 . 2010-12-17 13:29    13352    ----a-w-    c:\windows\system32\drivers\ggflt.sys
2010-12-04 10:19 . 2010-11-16 09:29    88274    ----a-w-    c:\programdata\bdinstall.bin
2010-11-29 16:38 . 2010-11-29 16:38    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
.
 
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-02-02 119608]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776]
"WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-08-14 62744]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
 
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
 
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2010-10-05 549384]
R2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-27 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-27 35104]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\DRIVERS\cjusb.sys [2007-06-13 43320]
R3 dvblinkcap;DVBLink Capture B90A12CC6C544A961E7028D3A08A2C632551DE3F;c:\windows\system32\DRIVERS\dvblinkcap.sys [2010-04-12 18608]
R3 dvblinkcap2;DVBLink Capture 5C3B268ADE2E693A42BFBC49F3EBAF0AD3A57BFE25070C30B60F714F;c:\windows\system32\DRIVERS\dvblinkcap2.sys [2010-04-12 18608]
R3 dvblinkcap3;DVBLink Capture 1FC24AFA7DE950B5FDBDA8673412F3883AA61D96F28D057B3111D4B1FDD658C5;c:\windows\system32\DRIVERS\dvblinkcap3.sys [2010-04-12 18608]
R3 dvblinkcap4;DVBLink Capture 7A489C6F335339BF1349A65F6FF08BE465CAF3F7F02FAD0941DA1ED685D1245E228F1C238BF13D9691863A377E0231EA;c:\windows\system32\DRIVERS\dvblinkcap4.sys [2010-04-12 18608]
R3 dvblinktun;DVBLink Tuner 50700D4E15024598D94DCF7F283840B0F5F20935;c:\windows\system32\DRIVERS\dvblinktun.sys [2010-04-12 20784]
R3 dvblinktun2;DVBLink Tuner 6087B55DBA907503F9232E739AD4354E0DF9EA0EFA4808BA55BA79A1;c:\windows\system32\DRIVERS\dvblinktun2.sys [2010-04-12 20784]
R3 dvblinktun3;DVBLink Tuner 9E35F72855E3F9D9A737E369D508E65CAF3CE20DABEE2FD07E6D4D6ACD48B96C;c:\windows\system32\DRIVERS\dvblinktun3.sys [2010-04-12 20784]
R3 dvblinktun4;DVBLink Tuner 79D1057C34BF015640F64477EE6B73DDB692E0012920629BD513FAF19670B43DB91FC3DB70EE9CA15CDD3CCC9CD3D9DF;c:\windows\system32\DRIVERS\dvblinktun4.sys [2010-04-12 20784]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-17 13352]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2009-07-09 24088]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2010-03-27 5435904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 PORTIO64;PORTIO64;c:\users\Fabian\Downloads\JungleFlasher v0.1.76 Beta (166)\JungleFlasher v0.1.76 Beta (166)\portio64.sys [2008-09-10 4096]
R3 sermux;Sierra Wireless Serial MUX;c:\windows\system32\DRIVERS\serialmux.sys [2008-04-22 39168]
R3 SwiProt;Sierra Wireless Protocol Driver;c:\windows\system32\DRIVERS\swiprot.sys [2007-05-02 30720]
R3 SWNC8U55;Sierra Wireless MUX NDIS Driver (UMTS55);c:\windows\system32\DRIVERS\swnc8u55.sys [2010-01-28 283136]
R3 swvspser;MP VSP using Serial MUX;c:\windows\system32\DRIVERS\swvspser.sys [2008-03-04 24064]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2009-08-24 220696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2009-04-15 654640]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-10 20456]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 havasvc;HAVA Service;c:\program files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe [2009-06-16 145408]
S2 inpoutx64;inpoutx64;c:\windows\system32\Drivers\inpoutx64.sys [2010-04-13 15008]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [2010-06-02 380928]
S3 havabus;HAVA Bus Enumerator;c:\windows\system32\DRIVERS\havabus.sys [2009-06-16 45056]
S3 HAVATV;Hava Video Device;c:\windows\system32\DRIVERS\HAVATV.sys [2009-06-16 343168]
S3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\DRIVERS\HavaTV_10.sys [2009-06-16 343168]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 scrswix64;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswix64.sys [2010-01-19 27648]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-12-17 34032]
S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 23552]
S3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\system32\DRIVERS\swumx55.sys [2009-12-08 206848]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
 
.
 
--------- x86-64 -----------
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: {757878C0-41A3-417C-B61B-57FFE80F71D0} = 212.23.97.2 212.23.97.3
TCP: {ECED2042-1EAA-4E40-8867-77FB3BEA6477} = 62.134.11.4 195.182.110.132?
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\p85ul6zo.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://de.mg41.mail.yahoo.com/dc/launch?sysreq=ignore
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
 
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
 
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Virtual CD v10\System\VC10Tray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-10 16:20:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-10 15:20
 
Vor Suchlauf: 12 Verzeichnis(se), 423.091.240.960 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 422.546.018.304 Bytes frei
 
- - End Of File - - D842C66222831E89A222FFA0DA31FCD5
--- --- ---

cosinus 10.02.2011 19:41
Hallo und :hallo:

CF sollst du erst auf Anweisung hin ausführen!!!! Hinweis zu http://www.trojaner-board.de/95175-combofix.html


Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Deynet 11.02.2011 00:04
PHP-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5735

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

10.02.2011 23:56:13
mbam-log-2011-02-10 (23-56-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 274648
Laufzeit: 49 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 
OTL Logfile:
Code:
OTL logfile created on: 11.02.2011 00:08:24 - Run 1
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\Fabian\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 392,72 Gb Free Space | 84,32% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
PRC - C:\Program Files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe (Monsoon Multimedia Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SynoDrService) -- C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (havasvc) -- C:\Program Files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe (Monsoon Multimedia Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk])
DRV:64bit: - (dvblinktun4) -- C:\Windows\SysNative\drivers\dvblinktun4.sys (DVBLink)
DRV:64bit: - (dvblinktun3) -- C:\Windows\SysNative\drivers\dvblinktun3.sys (DVBLink)
DRV:64bit: - (dvblinktun2) -- C:\Windows\SysNative\drivers\dvblinktun2.sys (DVBLink)
DRV:64bit: - (dvblinktun) -- C:\Windows\SysNative\drivers\dvblinktun.sys (DVBLink)
DRV:64bit: - (dvblinkcap4) -- C:\Windows\SysNative\drivers\dvblinkcap4.sys (DVBLink)
DRV:64bit: - (dvblinkcap3) -- C:\Windows\SysNative\drivers\dvblinkcap3.sys (DVBLink)
DRV:64bit: - (dvblinkcap2) -- C:\Windows\SysNative\drivers\dvblinkcap2.sys (DVBLink)
DRV:64bit: - (dvblinkcap) -- C:\Windows\SysNative\drivers\dvblinkcap.sys (DVBLink)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SWNC8U55) Sierra Wireless MUX NDIS Driver (UMTS55) -- C:\Windows\SysNative\drivers\swnc8u55.sys (Sierra Wireless Inc.)
DRV:64bit: - (scrswix64) -- C:\Windows\SysNative\drivers\scrswix64.sys (Sierra Wireless )
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)
DRV:64bit: - (SWUMX55) Sierra Wireless USB MUX Driver (UMTS55) -- C:\Windows\SysNative\drivers\swumx55.sys (Sierra Wireless Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HavaTV_10) -- C:\Windows\SysNative\drivers\HavaTV_10.sys (Monsoon Multimedia Inc.)
DRV:64bit: - (HAVATV) -- C:\Windows\SysNative\drivers\HavaTV.sys (Monsoon Multimedia Inc.)
DRV:64bit: - (havabus) -- C:\Windows\SysNative\drivers\havabus.sys (Monsoon Multimedia Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MotDev) -- C:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (sermux) -- C:\Windows\SysNative\drivers\serialmux.sys (Sierra Wireless Inc.)
DRV:64bit: - (swvspser) -- C:\Windows\SysNative\drivers\swvspser.sys (Sierra Wireless Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (SwiProt) -- C:\Windows\SysNative\drivers\SwiProt.sys (Sierra Wireless Inc.)
DRV:64bit: - (swivsp) -- C:\Windows\SysNative\drivers\swivspnt.sys (Sierra Wireless Inc.)
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (PORTIO64) -- C:\Users\Fabian\Downloads\JungleFlasher v0.1.76 Beta (166)\JungleFlasher v0.1.76 Beta (166)\portio64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 47 E8 F8 B9 DF CA 01  [binary data]
IE - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2011.02.10 14:06:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins
 
[2010.03.27 16:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2011.02.10 14:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\p85ul6zo.default\extensions
[2010.12.03 15:01:19 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\p85ul6zo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011.01.27 00:23:29 | 000,000,000 | ---D | M] (Real-Debrid - Plugin) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\p85ul6zo.default\extensions\real@debrid
[2011.02.10 13:19:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2010.11.16 21:40:20 | 000,000,862 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-47627433-3400642544-1298846585-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.10 23:05:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.02.10 23:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.10 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.02.10 16:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011.02.10 16:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2011.02.10 16:36:23 | 000,025,608 | ---- | C] (Dritek System Inc.) -- C:\Windows\SysWow64\drivers\DKbFltr.sys
[2011.02.10 16:36:22 | 000,347,656 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2011.02.10 16:32:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.02.10 16:20:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.02.10 16:12:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.02.10 16:02:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.10 16:02:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.10 16:02:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.10 16:02:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.10 16:02:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.02.10 16:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.10 16:02:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.10 14:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
[2011.02.10 13:11:48 | 001,633,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.02.10 13:11:48 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.02.10 13:11:48 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.02.10 13:11:48 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011.02.10 13:11:48 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.02.10 13:11:48 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.02.10 13:11:47 | 000,819,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.10 13:11:47 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.10 13:11:47 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.02.10 13:11:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.02.10 13:11:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.02.10 13:11:47 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.02.10 13:11:47 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.02.10 13:11:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.02.10 13:11:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.02.10 13:11:47 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.02.10 13:11:47 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.02.10 13:11:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011.02.10 13:11:46 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.10 13:11:46 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.10 13:11:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.02.10 13:11:44 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.10 13:11:44 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.10 13:11:44 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.10 13:11:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.10 13:11:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.02.10 13:11:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.02.10 13:11:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.02.10 13:11:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.02.10 13:11:43 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.02.10 13:11:42 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.02.10 13:11:42 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.02.10 13:11:42 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.02.10 13:11:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.02.10 13:11:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.02.10 13:11:42 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.02.10 13:11:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.02.10 13:11:41 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.10 13:11:41 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.10 13:11:41 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011.02.10 13:11:41 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011.02.10 13:11:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.02.10 13:11:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.02.10 13:11:41 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.02.10 13:11:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.02.10 13:11:40 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.10 13:11:40 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.10 13:11:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.02.10 13:11:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.02.10 13:11:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.02.10 13:11:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.02.10 13:11:39 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.02.10 13:11:39 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.02.10 13:11:39 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.02.10 13:11:38 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.02.10 13:11:36 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.02.10 13:11:36 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.02.10 13:11:35 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.10 13:11:34 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.02.10 13:11:34 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.02.10 13:11:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.02.10 13:11:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.02.10 13:11:34 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.02.10 13:11:34 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.02.10 13:11:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.02.10 13:11:32 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.02.10 13:11:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011.02.10 13:11:32 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.02.10 13:11:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.02.10 13:11:32 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.02.10 13:11:31 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.02.10 13:11:31 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.02.10 13:11:31 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.10 13:11:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.10 13:11:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.02.10 13:11:31 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.02.10 13:11:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.02.10 13:11:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.02.10 13:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2011.02.10 10:23:33 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.10 10:23:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.10 10:23:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.10 10:23:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.10 10:23:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.10 10:23:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.10 10:23:28 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.10 10:23:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.10 10:22:44 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.10 10:18:01 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.10 10:18:00 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.10 10:17:04 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.10 10:17:03 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.10 10:17:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.10 10:17:01 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.10 10:16:43 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.10 10:16:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.10 10:16:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.10 10:16:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.03 16:41:53 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\FileZilla
[2011.02.03 16:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011.02.02 17:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.02.02 17:20:54 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\ICQ
[2011.02.02 17:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4
[2011.02.01 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Konten 2010
[2011.01.29 14:23:35 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Octoshape
[2011.01.29 11:02:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2011.01.29 10:36:43 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Anti-Malware
[2011.01.29 10:01:03 | 000,000,000 | R--D | C] -- C:\Users\Fabian\Documents\Scanned Documents
[2011.01.29 10:01:02 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Fax
[2011.01.27 01:08:36 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\DMCache
[2011.01.26 10:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.01.26 09:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.01.26 09:30:01 | 000,000,000 | ---D | C] -- C:\Windows\Temp4498F543-8251-F5BC-439F-C59EA90FD3D4-Signatures
[2011.01.26 09:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.01.26 09:29:00 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011.01.24 14:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.01.24 14:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.01.23 12:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klever Group
[2011.01.12 09:33:50 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 09:33:50 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.12 09:33:45 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.12 09:33:45 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.12 09:33:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.12 09:33:45 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.12 09:33:44 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.12 09:33:43 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.12 09:33:43 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.12 09:33:42 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.12 09:33:42 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.12 09:33:42 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.12 09:33:41 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.12 09:33:40 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.12 09:33:39 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.12 09:33:39 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.12 09:33:39 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.12 09:33:38 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.12 09:33:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.12 09:33:37 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.12 09:33:37 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.12 09:33:37 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.12 09:33:37 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.12 09:33:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.12 09:33:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.12 09:33:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.12 09:33:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.10 23:05:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.10 22:59:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.10 16:36:40 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI
[2011.02.10 16:36:30 | 000,000,089 | ---- | M] () -- C:\Windows\LManager.UNI
[2011.02.10 16:22:09 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 16:22:09 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 16:11:50 | 3144,871,936 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.10 14:06:31 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 11.lnk
[2011.02.10 13:19:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.02.10 10:31:05 | 000,291,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.03 16:13:38 | 000,000,600 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\winscp.rnd
[2011.02.03 15:44:41 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.03 15:44:41 | 000,658,140 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.03 15:44:41 | 000,618,646 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.03 15:44:41 | 000,131,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.03 15:44:41 | 000,107,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.29 11:02:33 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2011.01.28 14:11:01 | 654,570,567 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.26 09:31:08 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.01.26 09:30:18 | 001,530,612 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.26 07:53:10 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.26 07:31:20 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.20 09:38:01 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011.01.14 19:22:59 | 000,001,873 | ---- | M] () -- C:\Users\Fabian\Desktop\heise_ueberweisung1.pdf
 
========== Files Created - No Company Name ==========
 
[2011.02.10 23:05:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.10 16:36:40 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2011.02.10 16:36:30 | 000,000,089 | ---- | C] () -- C:\Windows\LManager.UNI
[2011.02.10 16:02:49 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.10 16:02:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.10 16:02:49 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.10 16:02:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.10 16:02:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.10 14:06:31 | 000,002,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 11.lnk
[2011.02.10 14:06:31 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 11.lnk
[2011.02.10 13:11:47 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.02.10 13:11:47 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.01.26 09:31:08 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.01.26 09:30:18 | 001,530,612 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.14 19:22:59 | 000,001,873 | ---- | C] () -- C:\Users\Fabian\Desktop\heise_ueberweisung1.pdf
[2010.11.24 14:46:39 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2010.11.16 10:29:20 | 000,088,274 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.08.06 11:49:06 | 000,000,600 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\winscp.rnd
[2010.05.18 15:18:57 | 000,000,962 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2010.04.21 11:37:34 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.04.19 13:22:35 | 000,000,038 | ---- | C] () -- C:\Windows\xbins_options.ini
[2010.04.13 08:03:34 | 000,008,449 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.03.27 21:19:44 | 000,000,680 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.03.27 21:18:07 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2010.03.27 21:18:07 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2010.03.27 19:30:40 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.03.27 19:30:40 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2001.08.29 13:11:40 | 000,398,848 | R--- | C] () -- C:\Windows\SysWow64\DK2WIN32.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:14236B7B
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 11.02.2011 00:08:24 - Run 1
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\Fabian\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 392,72 Gb Free Space | 84,32% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-47627433-3400642544-1298846585-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\GPS Monitor\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\GPS Monitor\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\GPS Monitor\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\GPS Monitor\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D5B46D30-F054-4C64-9C0F-97C8451E7D04}" = BtwMfcMM
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"8EA3E06A12B0DACD40B4C1EE7ADE0EA5151433DC" = Windows-Treiberpaket - Prolific (Ser2pl) Ports  (02/12/2007 3.0.1.0)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"EPSON BX610FW Series" = Druckerdeinstallation für EPSON BX610FW Series
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{081E540C-1A6F-4C46-994B-6E3229222A10}" = HAVA Software
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{12904FE6-E6B8-4259-8C33-B5D44A610EE6}" = 39703
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{27BC2ACB-2A15-47F1-B8CD-139969221616}" = Sierra Wireless Drivers
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{5509C1B5-A1C9-459A-9616-382458CBFD50}" = StarMoney 7.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B1E9B7ED-8187-433a-9EAE-20DF1A8968B1}" = Synology Download Redirector
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1AFD1D1-3536-4614-8333-6B1B256E806F}" = Sierra Wireless Watcher
"{FA7621DC-7144-4A24-973C-B9BC0E945628}" = Ulead Straight-to-Disc SDK
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.9.1
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"EPSON Scanner" = EPSON Scan
"flip.exe" = Flip 3.4.1
"HijackThis" = HijackThis 2.0.2
"InstallShield_{081E540C-1A6F-4C46-994B-6E3229222A10}" = HAVA Software
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0b11 (x86 en-US)" = Mozilla Firefox 4.0b11 (x86 en-US)
"PumpKIN" = Klever PumpKIN 2.7.2
"Synology Assistant" = Synology Assistant (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.4
"WinAVR-20100110" = WinAVR 20100110 (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2011 09:27:16 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 10.02.2011 09:27:16 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 10.02.2011 09:27:17 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 10.02.2011 09:27:17 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 10.02.2011 09:27:17 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 10.02.2011 10:44:42 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 10.02.2011 10:44:42 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 10.02.2011 10:44:42 | Computer Name = Fabian-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 10.02.2011 11:25:31 | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000096  Fehleroffset: 0x0000000000d5c000
ID
 des fehlerhaften Prozesses: 0x224  Startzeit der fehlerhaften Anwendung: 0x01cbc934e33ca797
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: ff03aeb3-3529-11e0-b006-f57095b153a7
 
Error - 10.02.2011 11:25:31 | Computer Name = Fabian-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei:    Der Fehlerwert
 ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie
die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem, das selbstständig
 behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht
 auf die Datei zugreifen können und  - diese sich im Netzwerk befindet,  dann sollte
 der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass
 eine Verbindung mit dem Server hergestellt werden kann.  - diese sich auf einem Wechseldatenträger,
 wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger
 richtig in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.  Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
[ Media Center Events ]
Error - 21.04.2010 07:59:27 | Computer Name = Fabian-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hava Remote
 Video TvTuner
 
Error - 21.04.2010 07:59:37 | Computer Name = Fabian-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hava Remote
 Video TvTuner
 
[ System Events ]
Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sekundäre Anmeldung" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 10.02.2011 11:25:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 10.02.2011 11:26:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler:  %%1056
 
Error - 10.02.2011 11:27:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:  %%1056
 
Error - 10.02.2011 11:27:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1062
 
Error - 10.02.2011 11:27:39 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:  %%1056
 
 
< End of report >
--- --- ---

cosinus 11.02.2011 09:20
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Deynet 11.02.2011 09:21
Nein, hab keine weiteren MBAM Logs, sonst hätte ich die bereits gepostet!

cosinus 11.02.2011 09:31
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:14236B7B
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Deynet 11.02.2011 09:52
Danke soweit, hier der gewünschte Log:

Zitat:
All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:14236B7B deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fabian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2076923 bytes
->Java cache emptied: 19450120 bytes
->FireFox cache emptied: 118038522 bytes
->Flash cache emptied: 6709 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526498 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 189784 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 134,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02112011_094700

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 11.02.2011 10:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Deynet 11.02.2011 11:12
Erledigt, hier der ComboFix Log:

Combofix Logfile:
Code:
ComboFix 11-02-09.05 - Fabian 11.02.2011  10:53:57.2.2 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.3999.2752 [GMT 1:00]
ausgeführt von:: c:\users\Fabian\Desktop\cofi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2011-01-11 bis 2011-02-11  ))))))))))))))))))))))))))))))
.

2011-02-11 10:00 . 2011-02-11 10:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-02-11 09:47 . 2011-02-11 09:47        --------        d-----w-        c:\program files\CCleaner
2011-02-11 09:22 . 2011-01-13 01:20        7844688        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3584CA5-C81E-4F02-AD5D-014FA63CB028}\mpengine.dll
2011-02-11 08:47 . 2011-02-11 08:47        --------        d-----w-        C:\_OTL
2011-02-11 08:35 . 2011-02-11 08:36        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2011-02-11 08:23 . 2010-12-18 03:35        2381824        ----a-w-        c:\windows\system32\mshtml.tlb
2011-02-11 08:23 . 2010-12-18 03:15        2381824        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-02-11 08:23 . 2010-12-18 03:39        1502208        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-02-11 08:23 . 2010-12-18 03:19        1448448        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2011-02-10 15:36 . 2011-02-10 15:36        --------        d-----w-        c:\program files (x86)\Launch Manager
2011-02-10 15:36 . 2009-03-26 10:16        25608        ----a-w-        c:\windows\SysWow64\drivers\DKbFltr.sys
2011-02-10 15:36 . 2009-08-21 09:31        347656        ----a-w-        c:\windows\UNINST32.EXE
2011-02-10 15:02 . 2011-02-10 15:20        --------        d-----w-        C:\ComboFix
2011-02-10 13:06 . 2011-02-11 08:39        --------        d-----w-        c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-10 12:22 . 2011-02-10 12:22        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2011-02-10 12:22 . 2011-02-10 12:22        --------        d-----w-        c:\windows\system32\wbem\en-US
2011-02-10 12:09 . 2011-02-10 12:09        --------        d-----w-        c:\program files (x86)\Feedback Tool
2011-02-10 09:22 . 2010-12-18 06:11        714752        ----a-w-        c:\windows\system32\kerberos.dll
2011-02-10 09:22 . 2010-12-18 05:29        541184        ----a-w-        c:\windows\SysWow64\kerberos.dll
2011-02-10 09:22 . 2011-01-05 04:00        3127808        ----a-w-        c:\windows\system32\win32k.sys
2011-02-10 09:22 . 2010-12-21 06:16        214016        ----a-w-        c:\windows\system32\winsrv.dll
2011-02-10 09:18 . 2011-01-26 06:53        265088        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-10 09:18 . 2011-01-26 06:53        982912        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 09:18 . 2011-01-26 06:31        144384        ----a-w-        c:\windows\system32\cdd.dll
2011-02-10 09:17 . 2010-10-27 05:18        5510528        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-02-10 09:17 . 2010-10-27 05:16        1739176        ----a-w-        c:\windows\system32\ntdll.dll
2011-02-10 09:17 . 2010-10-27 04:40        1293120        ----a-w-        c:\windows\SysWow64\ntdll.dll
2011-02-10 09:17 . 2010-10-27 04:43        3901824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-02-10 09:17 . 2010-10-27 04:43        3957120        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-02-10 09:16 . 2011-01-07 08:06        46080        ----a-w-        c:\windows\system32\atmlib.dll
2011-02-10 09:16 . 2011-01-07 07:27        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-02-10 09:16 . 2011-01-07 05:49        366080        ----a-w-        c:\windows\system32\atmfd.dll
2011-02-10 09:16 . 2011-01-07 05:33        294400        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-02-03 15:41 . 2011-02-03 15:48        --------        d-----w-        c:\users\Fabian\AppData\Roaming\FileZilla
2011-02-03 15:41 . 2011-02-05 09:45        --------        d-----w-        c:\program files (x86)\FileZilla FTP Client
2011-02-02 16:20 . 2011-02-11 09:48        --------        d-----w-        c:\users\Fabian\AppData\Roaming\ICQ
2011-02-02 16:20 . 2011-02-02 18:13        --------        d-----w-        c:\program files (x86)\ICQ7.4
2011-01-30 15:45 . 2011-01-30 15:45        135568        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45        135568        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-29 13:23 . 2011-01-29 13:23        --------        d-----w-        c:\users\Fabian\AppData\Roaming\Octoshape
2011-01-27 00:08 . 2011-01-27 00:39        --------        d-----w-        c:\users\Fabian\AppData\Roaming\DMCache
2011-01-26 09:31 . 2011-01-26 09:31        --------        d-----w-        c:\programdata\McAfee
2011-01-26 08:46 . 2011-01-26 08:46        601424        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A964EABD-4B31-4AC2-9F7E-7F0885858CF4}\gapaengine.dll
2011-01-26 08:30 . 2011-01-26 08:30        --------        d-----w-        c:\program files (x86)\Microsoft Security Client
2011-01-26 08:30 . 2011-01-26 08:30        --------        d-----w-        c:\windows\Temp4498F543-8251-F5BC-439F-C59EA90FD3D4-Signatures
2011-01-26 08:29 . 2011-01-26 08:31        --------        d-----w-        c:\program files\Microsoft Security Client
2011-01-26 08:29 . 2010-04-09 11:06        374664        ----a-w-        c:\windows\system32\drivers\netio.sys

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 12:19 . 2010-10-26 07:20        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-01-13 01:20 . 2010-04-04 20:53        7844688        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-20 17:08 . 2010-04-21 13:16        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-12-17 13:30 . 2010-12-17 13:30        34032        ----a-w-        c:\windows\system32\drivers\seehcri.sys
2010-12-17 13:29 . 2010-12-17 13:29        27176        ----a-w-        c:\windows\system32\drivers\ggsemc.sys
2010-12-17 13:29 . 2010-12-17 13:29        13352        ----a-w-        c:\windows\system32\drivers\ggflt.sys
2010-12-04 10:19 . 2010-11-16 09:29        88274        ----a-w-        c:\programdata\bdinstall.bin
2010-11-29 16:38 . 2010-11-29 16:38        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
.

(((((((((((((((((((((((((((((  SnapShot@2011-02-10_15.12.46  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-27 15:51 . 2011-02-11 09:14        46888              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-11 09:14        42052              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 15:51 . 2011-02-11 09:14        14280              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-47627433-3400642544-1298846585-1001_UserData.bin
+ 2009-07-14 05:30 . 2011-02-10 15:36        86016              c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-02-10 12:12        86016              c:\windows\system32\DriverStore\infpub.dat
+ 2011-02-10 15:36 . 2009-03-26 10:16        25608              c:\windows\system32\DriverStore\FileRepository\lmanager.inf_amd64_neutral_25a0b307b5f045bd\DKbFltr.sys
+ 2010-03-27 14:47 . 2011-02-11 09:45        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-27 14:47 . 2011-02-10 12:47        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-27 14:47 . 2011-02-10 12:47        98304              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-27 14:47 . 2011-02-11 09:45        98304              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-11 09:45        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-10 12:47        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-02-11 09:22        84592              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-11-10 11:49 . 2010-11-10 11:49        73624              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\wow_helper.exe
+ 2010-11-10 11:49 . 2010-11-10 11:49        17304              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        35736              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 11:49 . 2010-11-10 11:49        84896              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        94608              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 11:49 . 2010-11-10 11:49        49064              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 11:49 . 2010-11-10 11:49        17824              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 11:49 . 2010-11-10 11:49        62376              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        64928              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        63384              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\Acrofx32.dll
- 2011-02-10 15:12 . 2011-02-10 15:12        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-11 10:01 . 2011-02-11 10:01        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-10 15:12 . 2011-02-10 15:12        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-11 10:01 . 2011-02-11 10:01        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-10 12:11 . 2010-08-31 23:41        176640              c:\windows\SysWOW64\ieui.dll
+ 2011-02-11 08:23 . 2010-12-18 03:13        176640              c:\windows\SysWOW64\ieui.dll
+ 2010-04-02 18:36 . 2011-02-11 07:31        259370              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-02-10 12:11 . 2010-08-31 23:40        242688              c:\windows\system32\ieui.dll
+ 2011-02-11 08:23 . 2010-12-18 03:32        242688              c:\windows\system32\ieui.dll
+ 2009-07-14 05:30 . 2011-02-10 15:36        239616              c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-02-10 12:12        239616              c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-02-10 12:12        143360              c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-02-10 15:36        143360              c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2011-02-10 15:10        273836              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-02-11 10:00        273836              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-10 12:46 . 2011-02-11 10:00        468888              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-47627433-3400642544-1298846585-1001-12288.dat
+ 2010-11-10 11:49 . 2010-11-10 11:49        390552              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        135568              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        681872              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        104344              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        702352              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        294808              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 11:49 . 2010-11-10 11:49        205720              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\a3dutils.dll
- 2009-07-14 04:45 . 2011-02-10 12:27        3897560              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-02-11 08:43        3897560              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-10 21:03 . 2010-11-10 21:03        2321408              c:\windows\Installer\3bbe508.msi
+ 2010-11-10 11:49 . 2010-11-10 11:49        2207632              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        6222744              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        5503368              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 11:49 . 2010-11-10 11:49        1216416              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 11:49 . 2010-11-10 11:49        1289624              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-02-11 08:23 . 2010-12-18 03:27        10201600              c:\windows\SysWOW64\mshtml.dll
+ 2011-02-11 08:23 . 2010-12-18 03:22        12348928              c:\windows\SysWOW64\ieframe.dll
- 2011-02-10 12:11 . 2010-08-31 23:45        12348928              c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 02:34 . 2011-02-10 13:01        10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-02-11 09:33        10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-02-11 08:23 . 2010-12-18 03:51        16625664              c:\windows\system32\mshtml.dll
- 2011-02-10 12:11 . 2010-08-31 23:44        13632512              c:\windows\system32\ieframe.dll
+ 2011-02-11 08:23 . 2010-12-18 03:45        13632512              c:\windows\system32\ieframe.dll
+ 2011-01-30 20:43 . 2011-01-30 20:43        12425728              c:\windows\Installer\3bbe509.msp
+ 2010-11-10 11:49 . 2010-11-10 11:49        23724952              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0000000010\10.0.0\AcroRd32.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-02-02 119608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776]
"WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-08-14 62744]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2010-10-05 549384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-27 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-27 35104]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\DRIVERS\cjusb.sys [2007-06-13 43320]
R3 dvblinkcap;DVBLink Capture B90A12CC6C544A961E7028D3A08A2C632551DE3F;c:\windows\system32\DRIVERS\dvblinkcap.sys [2010-04-12 18608]
R3 dvblinkcap2;DVBLink Capture 5C3B268ADE2E693A42BFBC49F3EBAF0AD3A57BFE25070C30B60F714F;c:\windows\system32\DRIVERS\dvblinkcap2.sys [2010-04-12 18608]
R3 dvblinkcap3;DVBLink Capture 1FC24AFA7DE950B5FDBDA8673412F3883AA61D96F28D057B3111D4B1FDD658C5;c:\windows\system32\DRIVERS\dvblinkcap3.sys [2010-04-12 18608]
R3 dvblinkcap4;DVBLink Capture 7A489C6F335339BF1349A65F6FF08BE465CAF3F7F02FAD0941DA1ED685D1245E228F1C238BF13D9691863A377E0231EA;c:\windows\system32\DRIVERS\dvblinkcap4.sys [2010-04-12 18608]
R3 dvblinktun;DVBLink Tuner 50700D4E15024598D94DCF7F283840B0F5F20935;c:\windows\system32\DRIVERS\dvblinktun.sys [2010-04-12 20784]
R3 dvblinktun2;DVBLink Tuner 6087B55DBA907503F9232E739AD4354E0DF9EA0EFA4808BA55BA79A1;c:\windows\system32\DRIVERS\dvblinktun2.sys [2010-04-12 20784]
R3 dvblinktun3;DVBLink Tuner 9E35F72855E3F9D9A737E369D508E65CAF3CE20DABEE2FD07E6D4D6ACD48B96C;c:\windows\system32\DRIVERS\dvblinktun3.sys [2010-04-12 20784]
R3 dvblinktun4;DVBLink Tuner 79D1057C34BF015640F64477EE6B73DDB692E0012920629BD513FAF19670B43DB91FC3DB70EE9CA15CDD3CCC9CD3D9DF;c:\windows\system32\DRIVERS\dvblinktun4.sys [2010-04-12 20784]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-17 13352]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2009-07-09 24088]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2010-03-27 5435904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 PORTIO64;PORTIO64;c:\users\Fabian\Downloads\JungleFlasher v0.1.76 Beta (166)\JungleFlasher v0.1.76 Beta (166)\portio64.sys [2008-09-10 4096]
R3 sermux;Sierra Wireless Serial MUX;c:\windows\system32\DRIVERS\serialmux.sys [2008-04-22 39168]
R3 SwiProt;Sierra Wireless Protocol Driver;c:\windows\system32\DRIVERS\swiprot.sys [2007-05-02 30720]
R3 SWNC8U55;Sierra Wireless MUX NDIS Driver (UMTS55);c:\windows\system32\DRIVERS\swnc8u55.sys [2010-01-28 283136]
R3 swvspser;MP VSP using Serial MUX;c:\windows\system32\DRIVERS\swvspser.sys [2008-03-04 24064]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2009-08-24 220696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2009-04-15 654640]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-10 20456]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 havasvc;HAVA Service;c:\program files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe [2009-06-16 145408]
S2 inpoutx64;inpoutx64;c:\windows\system32\Drivers\inpoutx64.sys [2010-04-13 15008]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [2010-06-02 380928]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
S3 havabus;HAVA Bus Enumerator;c:\windows\system32\DRIVERS\havabus.sys [2009-06-16 45056]
S3 HAVATV;Hava Video Device;c:\windows\system32\DRIVERS\HAVATV.sys [2009-06-16 343168]
S3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\DRIVERS\HavaTV_10.sys [2009-06-16 343168]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 scrswix64;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswix64.sys [2010-01-19 27648]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-12-17 34032]
S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 23552]
S3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\system32\DRIVERS\swumx55.sys [2009-12-08 206848]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: {757878C0-41A3-417C-B61B-57FFE80F71D0} = 212.23.97.2 212.23.97.3
TCP: {ECED2042-1EAA-4E40-8867-77FB3BEA6477} = 62.134.11.4 195.182.110.132?
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\p85ul6zo.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.mg41.mail.yahoo.com/dc/launch?sysreq=ignore
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-11  11:10:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-11 10:10
ComboFix2.txt  2011-02-10 15:20

Vor Suchlauf: 17 Verzeichnis(se), 420.834.951.168 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 420.362.936.320 Bytes frei

- - End Of File - - B9E29BAAE665EB357E45C947D0D92AAE
--- --- ---



Problem ist leider noch nicht behoben, werde bei den Google Suchergebnissen häufig auf die Seite shopcompare.de weitergeleitet.

cosinus 11.02.2011 12:10
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Deynet 11.02.2011 12:37
Wie gewünscht die Logs:

GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-11 12:31:55
Windows 6.1.7600 
Running: liw4tgh9.exe


---- Services - GMER 1.0.15 ----

Service  system32\DRIVERS\vdrv1000.sys (*** hidden *** )                                                  [SYSTEM] vdrv1000                                                  <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b75dd4                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b75dd4@0015831447c7        0xCE 0x8D 0x4C 0xAA ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b75dd4@0013e0848150        0xDD 0x32 0xFE 0x2A ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary                                    C:\Windows\system32\drivers\VDRV1000.SYS
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group                                            SCSI Miniport
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath                                        system32\DRIVERS\vdrv1000.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag                                              66
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0                                          {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@0                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b75dd4 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b75dd4@0015831447c7            0xCE 0x8D 0x4C 0xAA ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b75dd4@0013e0848150            0xDD 0x32 0xFE 0x2A ...
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary                                        C:\Windows\system32\drivers\VDRV1000.SYS
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group                                                SCSI Miniport
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath                                            system32\DRIVERS\vdrv1000.sys
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl                                        1
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag                                                  66
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)                       
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0                                              {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)                 
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)     
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@0                            1
Reg      HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)                   

---- EOF - GMER 1.0.15 ----
--- --- ---



Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: INSYDE
System Manufacturer: Acer
System Product Name: Aspire 1810T
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 206):
0x03419000 \SystemRoot\system32\ntoskrnl.exe
0x039F6000 \SystemRoot\system32\hal.dll
0x00BD3000 \SystemRoot\system32\kdcom.dll
0x00C4E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C92000 \SystemRoot\system32\PSHED.dll
0x00CA6000 \SystemRoot\system32\CLFS.SYS
0x00D04000 \SystemRoot\system32\CI.dll
0x00EE7000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F8B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F9A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FF1000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E0A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E4A000 \SystemRoot\System32\drivers\partmgr.sys
0x00E5F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E68000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E74000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E89000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DC4000 \SystemRoot\System32\drivers\mountmgr.sys
0x01046000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01162000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0116B000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01195000 \SystemRoot\system32\DRIVERS\msahci.sys
0x011A0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x011B0000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x011BB000 \SystemRoot\system32\drivers\fileinfo.sys
0x0123C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0147B000 \SystemRoot\System32\Drivers\msrpc.sys
0x014D9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014F3000 \SystemRoot\System32\Drivers\cng.sys
0x01566000 \SystemRoot\System32\drivers\pcw.sys
0x01577000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01661000 \SystemRoot\system32\drivers\ndis.sys
0x01753000 \SystemRoot\system32\drivers\NETIO.SYS
0x017B3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0164A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01581000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017DE000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x017E6000 \SystemRoot\System32\Drivers\mup.sys
0x0143A000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01200000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01443000 \SystemRoot\system32\DRIVERS\disk.sys
0x015CD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02D7B000 \SystemRoot\system32\DRIVERS\vdrv1000.sys
0x02DB5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x02C00000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02C31000 \SystemRoot\System32\Drivers\Null.SYS
0x02C3A000 \SystemRoot\System32\Drivers\Beep.SYS
0x02DE4000 \SystemRoot\System32\drivers\vga.sys
0x011CF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01467000 \SystemRoot\System32\drivers\watchdog.sys
0x02DF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C41000 \SystemRoot\system32\drivers\rdpencdd.sys
0x013DF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01000000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01011000 \SystemRoot\system32\DRIVERS\tdx.sys
0x013F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A77000 \SystemRoot\system32\drivers\afd.sys
0x03B01000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B46000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B4F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B75000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B8B000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x03B9F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BAE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03A00000 \SystemRoot\system32\drivers\vpcvmm.sys
0x03A57000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03CA8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03CF9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D10000 \SystemRoot\System32\drivers\discache.sys
0x03D1F000 \SystemRoot\system32\drivers\csc.sys
0x03DA2000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DC0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DD1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03C16000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03EB9000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x048BE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x049B2000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04800000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0480D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04863000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04874000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04ABE000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x0516B000 \SystemRoot\System32\drivers\vwifibus.sys
0x05178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05196000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x051A2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x051B1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x051FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04A00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04A0F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04A18000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04A28000 \SystemRoot\system32\DRIVERS\vcd10bus.sys
0x04A36000 \SystemRoot\system32\DRIVERS\HAVATV.sys
0x04A8A000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x03E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x04A9B000 \SystemRoot\system32\drivers\ksthunk.sys
0x03E43000 \SystemRoot\system32\DRIVERS\HavaTV_10.sys
0x04AA1000 \SystemRoot\System32\Drivers\RootMdm.sys
0x04AA9000 \SystemRoot\system32\drivers\modem.sys
0x04898000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x045C1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x048AE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C1B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045E5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E97000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03C4A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04AB8000 \SystemRoot\system32\DRIVERS\swivspnt.sys
0x03C64000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03C6F000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x051FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03C7B000 \SystemRoot\system32\DRIVERS\havabus.sys
0x03C8B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03BC9000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x03BE6000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x05274000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x052B0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0530A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06E08000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0531F000 \SystemRoot\system32\drivers\portcls.sys
0x0535C000 \SystemRoot\system32\drivers\drmk.sys
0x0537E000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x053A5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x06FE7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x053CF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05200000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0522E000 \SystemRoot\system32\DRIVERS\swumx55.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x06FF4000 \SystemRoot\System32\drivers\Dxapi.sys
0x06E00000 \SystemRoot\system32\DRIVERS\scrswix64.sys
0x05261000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x053EC000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x02C4A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C58000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0102F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x01459000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00540000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x02214000 \SystemRoot\system32\drivers\luafv.sys
0x02237000 \SystemRoot\system32\drivers\WudfPf.sys
0x02258000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0226D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x022C0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x022D3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x022EB000 \SystemRoot\system32\drivers\HTTP.sys
0x023B3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x023D1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03498000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x034C5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03513000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03536000 \??\C:\Windows\system32\drivers\cpuz133_x64.sys
0x0353F000 \SystemRoot\System32\Drivers\inpoutx64.sys
0x03546000 \SystemRoot\system32\drivers\peauth.sys
0x035EC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03400000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0342D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0801F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08086000 \SystemRoot\System32\DRIVERS\srv.sys
0x0818D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x08198000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x081A0000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x77800000 \Windows\System32\ntdll.dll
0x48360000 \Windows\System32\smss.exe
0xFFB20000 \Windows\System32\apisetschema.dll
0xFF0E0000 \Windows\System32\autochk.exe
0xFFA70000 \Windows\System32\clbcatq.dll
0xFFA00000 \Windows\System32\gdi32.dll
0xFF8D0000 \Windows\System32\rpcrt4.dll
0xFF880000 \Windows\System32\Wldap32.dll
0x779D0000 \Windows\System32\normaliz.dll
0xFF670000 \Windows\System32\ole32.dll
0xFF620000 \Windows\System32\ws2_32.dll
0xFF550000 \Windows\System32\usp10.dll
0x776C0000 \Windows\System32\urlmon.dll
0xFF540000 \Windows\System32\lpk.dll
0xFF4A0000 \Windows\System32\comdlg32.dll
0xFF480000 \Windows\System32\imagehlp.dll
0xFF3E0000 \Windows\System32\msvcrt.dll
0x775A0000 \Windows\System32\kernel32.dll
0xFF360000 \Windows\System32\difxapi.dll
0xFF280000 \Windows\System32\advapi32.dll
0x77340000 \Windows\System32\iertutil.dll
0x77240000 \Windows\System32\user32.dll
0xFF270000 \Windows\System32\nsi.dll
0xFF190000 \Windows\System32\oleaut32.dll
0x779C0000 \Windows\System32\psapi.dll
0xFF170000 \Windows\System32\sechost.dll
0xFF060000 \Windows\System32\msctf.dll
0xFEFE0000 \Windows\System32\shlwapi.dll
0xFEFB0000 \Windows\System32\imm32.dll
0x770E0000 \Windows\System32\wininet.dll
0xFE220000 \Windows\System32\shell32.dll
0xFE040000 \Windows\System32\setupapi.dll
0xFDED0000 \Windows\System32\crypt32.dll
0xFDE90000 \Windows\System32\xmllite.dll
0xFDE70000 \Windows\System32\devobj.dll
0xFDE00000 \Windows\System32\KernelBase.dll
0xFDDC0000 \Windows\System32\wintrust.dll

Processes (total 66):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
440 csrss.exe
496 C:\Windows\System32\wininit.exe
504 csrss.exe
560 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\winlogon.exe
844 C:\Windows\System32\svchost.exe
892 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
996 C:\Windows\System32\svchost.exe
320 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\spoolsv.exe
1520 C:\Windows\System32\dwm.exe
1572 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\taskhost.exe
1676 C:\Windows\explorer.exe
1824 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2016 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1160 C:\Windows\SysWOW64\cjpcsc.exe
1588 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1808 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
1948 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
1972 C:\Program Files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe
2132 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2140 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2152 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2164 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2196 C:\Windows\System32\hkcmd.exe
2212 C:\Windows\System32\igfxpers.exe
2228 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2264 C:\Program Files\Microsoft Security Client\msseces.exe
2360 C:\Windows\System32\igfxsrvc.exe
2352 C:\Windows\System32\svchost.exe
2612 C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
2156 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2736 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2744 C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
2796 C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
2684 C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
1148 C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe
1124 C:\Program Files (x86)\iTunes\iTunesHelper.exe
984 C:\Program Files (x86)\Launch Manager\LManager.exe
2856 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1964 C:\Windows\System32\SearchIndexer.exe
3260 C:\Windows\System32\svchost.exe
3772 C:\Program Files\iPod\bin\iPodService.exe
3948 C:\Windows\System32\igfxext.exe
4084 C:\Windows\System32\wbem\unsecapp.exe
3228 WmiPrvSE.exe
2268 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
3648 C:\Program Files\Windows Media Player\wmpnetwk.exe
3000 C:\Windows\System32\svchost.exe
1728 C:\Windows\System32\audiodg.exe
4416 C:\Windows\System32\SearchProtocolHost.exe
4536 MpCmdRun.exe
1188 C:\Windows\System32\SearchFilterHost.exe
4348 C:\Users\Fabian\Desktop\MBRCheck.exe
1952 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002BSM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 11.02.2011 13:45
Zitat:
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966
Wir müssen den MBR fixen. Daten bleiben dabei erhalten. Hast du eine Win7-DVD 64-Bit zur Hand?

Wenn du keine Win7-DVD hast, geht das auch mit einer Vista-Rescue-Disc, schau mal hier => Vista Notfall/Recovery-CD 64-Bit - Dr. Windows

Lad die ISO-Datei herunter, brenn sie zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Wie gesagt, falls Du eine normale Windows-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Windows-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Mach danach neue Logs mit MBRcheck und wenn's geht GMER.

Deynet 11.02.2011 13:51
Hab ein Netbook ohne optisches Laufwerk. Hab auch keine Win7 DVD zur Hand.

Wie soll ich vorgehen, geht das auch per USB Stick?

cosinus 11.02.2011 15:11
Per USB-Stick geht, aber man müsste via WinSetupFromUSB sich einen basteln. Kannst du dir nich ein externen Brenner oder DVD-Laufwerk besorgen, was per USB angeschlossen wird?

Edit: Führ erstmal das Kaspersky-TDSS-Tool bitte aus => http://www.trojaner-board.de/82358-t...entfernen.html
Wenn wir damit nicht den MBR fixen können muss das ext. Laufwerk her.

Deynet 11.02.2011 15:37
Liste der Anhänge anzeigen (Anzahl: 3)
Hallo,

hatte mich eben schnell schlau gemacht und ruck-zuck nen bootfähigen USB-Stick fertig erstellt mit dem DVD Image das du gesagt hast.

Habs mit bootrec.exe exakt so gemacht wie du gesagt hast.

UND JETZT STARTET WINDOWS NICHT MEHR!!! :schrei::schrei::schrei:

Er versucht normal zu starten, dann kommt für den Bruchteil einer Sekunde ein blauer Bildschirm (kann da nix lesen), er startet neu und dann hab ich die Wahl zwischen "Systemstarthilfe" und "normal starten". Bei "normal starten" komm ich wieder zurück an diesen Punkt, bei "Starthilfe" versucht er ne Systemstartreparatur und es kommt nach einiger Zeit "System konnte nicht repariert werden". (genauere Infos Bild 1+2)
Habe dann noch die Möglichkeiten von Bild 3.

WAS NUN?


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:36 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131