Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb

HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb


Plagegeister aller Art und deren Bekämpfung: HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.07.2010, 12:42   #1
MoepMoep
 
HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb - Standard

HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb


Hi,

die tägliche Suche von Antivir hat auf meinen Rechner eben wegen HTML/silly.sys Alarm geschlagen. Ich habe auf "Reparieren" geklickt und wie von Antivir sehr aufdringlich geraten meinen Computer neugestartet, dass Windows diese Datei raparieren kann. Leider findet Antivir den Bösewicht immer noch und CCleaner und Spybot haben scheinbar auch nix gebracht.

Die suche hier im Forum konnte mir auch nicht weiter helfen. Da habe ich nur gefunden wie man das Teil los wird wenn es in der Systemwiederherrstellung sitzt.

AntiVir:
Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 16. Juli 2010  13:28

Es wird nach 2349993 Virenstämmen gesucht.

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : *******
Computername   : *******

Versionsinformationen:
BUILD.DAT      : 9.0.0.422           Bytes  09.03.2010 10:23:00
AVSCAN.EXE     : 9.0.3.10     466689 Bytes  09.12.2009 12:48:57
AVSCAN.DLL     : 9.0.3.0       49409 Bytes  13.02.2009 11:04:10
LUKE.DLL       : 9.0.3.2      209665 Bytes  20.02.2009 10:35:44
LUKERES.DLL    : 9.0.2.0       13569 Bytes  26.01.2009 09:41:59
VBASE000.VDF   : 7.10.0.0   19875328 Bytes  06.11.2009 16:48:56
VBASE001.VDF   : 7.10.1.0    1372672 Bytes  19.11.2009 16:48:46
VBASE002.VDF   : 7.10.3.1    3143680 Bytes  20.01.2010 04:38:48
VBASE003.VDF   : 7.10.3.75    996864 Bytes  26.01.2010 09:12:50
VBASE004.VDF   : 7.10.4.203   1579008 Bytes  05.03.2010 16:06:01
VBASE005.VDF   : 7.10.6.82   2494464 Bytes  15.04.2010 19:47:29
VBASE006.VDF   : 7.10.7.218   2294784 Bytes  02.06.2010 13:51:04
VBASE007.VDF   : 7.10.7.219      2048 Bytes  02.06.2010 13:51:04
VBASE008.VDF   : 7.10.7.220      2048 Bytes  02.06.2010 13:51:04
VBASE009.VDF   : 7.10.7.221      2048 Bytes  02.06.2010 13:51:04
VBASE010.VDF   : 7.10.7.222      2048 Bytes  02.06.2010 13:51:04
VBASE011.VDF   : 7.10.7.223      2048 Bytes  02.06.2010 13:51:04
VBASE012.VDF   : 7.10.7.224      2048 Bytes  02.06.2010 13:51:04
VBASE013.VDF   : 7.10.8.37    270336 Bytes  10.06.2010 17:20:11
VBASE014.VDF   : 7.10.8.69    138752 Bytes  14.06.2010 18:55:35
VBASE015.VDF   : 7.10.8.102    130560 Bytes  16.06.2010 07:21:17
VBASE016.VDF   : 7.10.8.135    152064 Bytes  21.06.2010 07:21:19
VBASE017.VDF   : 7.10.8.163    432128 Bytes  23.06.2010 07:21:23
VBASE018.VDF   : 7.10.8.194    133632 Bytes  27.06.2010 18:55:50
VBASE019.VDF   : 7.10.8.220    134656 Bytes  29.06.2010 18:55:55
VBASE020.VDF   : 7.10.8.252    171520 Bytes  04.07.2010 18:56:04
VBASE021.VDF   : 7.10.9.19    131072 Bytes  06.07.2010 00:23:06
VBASE022.VDF   : 7.10.9.36    297472 Bytes  07.07.2010 00:22:24
VBASE023.VDF   : 7.10.9.60    150016 Bytes  11.07.2010 16:20:07
VBASE024.VDF   : 7.10.9.79    113152 Bytes  13.07.2010 18:07:55
VBASE025.VDF   : 7.10.9.80      2048 Bytes  13.07.2010 18:07:55
VBASE026.VDF   : 7.10.9.81      2048 Bytes  13.07.2010 18:07:55
VBASE027.VDF   : 7.10.9.82      2048 Bytes  13.07.2010 18:07:55
VBASE028.VDF   : 7.10.9.83      2048 Bytes  13.07.2010 18:07:56
VBASE029.VDF   : 7.10.9.84      2048 Bytes  13.07.2010 18:07:56
VBASE030.VDF   : 7.10.9.85      2048 Bytes  13.07.2010 18:07:56
VBASE031.VDF   : 7.10.9.95    152064 Bytes  15.07.2010 18:08:01
Engineversion  : 8.2.4.12 
AEVDF.DLL      : 8.1.2.0      106868 Bytes  24.04.2010 05:57:19
AESCRIPT.DLL   : 8.1.3.40    1360250 Bytes  15.07.2010 18:08:03
AESCN.DLL      : 8.1.6.1      127347 Bytes  12.05.2010 19:24:43
AESBX.DLL      : 8.1.3.1      254324 Bytes  24.04.2010 05:57:19
AERDL.DLL      : 8.1.4.6      541043 Bytes  15.04.2010 19:47:43
AEPACK.DLL     : 8.2.2.6      430452 Bytes  15.07.2010 18:08:02
AEOFFICE.DLL   : 8.1.1.6      201081 Bytes  06.07.2010 18:56:06
AEHEUR.DLL     : 8.1.1.38    2724214 Bytes  24.06.2010 07:21:25
AEHELP.DLL     : 8.1.11.6     242038 Bytes  24.06.2010 07:21:24
AEGEN.DLL      : 8.1.3.14     381299 Bytes  15.07.2010 18:08:02
AEEMU.DLL      : 8.1.2.0      393588 Bytes  24.04.2010 05:57:19
AECORE.DLL     : 8.1.15.4     192886 Bytes  15.07.2010 18:08:01
AEBB.DLL       : 8.1.1.0       53618 Bytes  24.04.2010 05:57:19
AVWINLL.DLL    : 9.0.0.3       18177 Bytes  12.12.2008 07:47:56
AVPREF.DLL     : 9.0.3.0       44289 Bytes  09.12.2009 12:48:57
AVREP.DLL      : 8.0.0.7      159784 Bytes  19.02.2010 04:46:16
AVREG.DLL      : 9.0.0.0       36609 Bytes  07.11.2008 14:25:04
AVARKT.DLL     : 9.0.0.3      292609 Bytes  24.03.2009 14:05:37
AVEVTLOG.DLL   : 9.0.0.7      167169 Bytes  30.01.2009 09:37:04
SQLITE3.DLL    : 3.6.1.0      326401 Bytes  28.01.2009 14:03:49
SMTPLIB.DLL    : 9.2.0.25      28417 Bytes  02.02.2009 07:21:28
NETNT.DLL      : 9.0.0.0       11521 Bytes  07.11.2008 14:41:21
RCIMAGE.DLL    : 9.0.0.25    2438913 Bytes  15.05.2009 14:35:17
RCTEXT.DLL     : 9.0.73.0      87297 Bytes  09.12.2009 12:48:57

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\JabBba\AppData\Local\Temp\de0d1429.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: aus
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO, 
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Freitag, 16. Juli 2010  13:28

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb'
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Silly.Gen

Beginne mit der Desinfektion:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Silly.Gen
    [WARNUNG]   Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
    [WARNUNG]   Die Quelldatei konnte nicht gefunden werden.
    [HINWEIS]   Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
    [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cb042ca.qua' verschoben!


Ende des Suchlaufs: Freitag, 16. Juli 2010  13:28
Benötigte Zeit: 00:01 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
      2 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
      1 Dateien ohne Befall
      0 Archive wurden durchsucht
      1 Warnungen
      1 Hinweise
Hijack:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:22, on 16.07.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\JabBba\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h*tp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h*tp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h*tp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h*tp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h*tp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h*tp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {B70A1A54-6DFB-4AD8-9A62-2C00A3CC5BB4} - C:\PROGRA~1\FreeVPN\fads.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Startup: CurseClientStartup.ccip
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h*tp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20FCBADE-7D4A-4C11-BF4B-3BC244653B67}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{20FCBADE-7D4A-4C11-BF4B-3BC244653B67}: NameServer = 195.50.140.114 195.50.140.252
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5087 bytes
Ich hoffe ich habe das richtige Forum erwischt und es kann mir Jemand weiter helfen

Alt 16.07.2010, 17:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb - Standard

HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb


Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 17.07.2010, 01:35   #3
MoepMoep
 
HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb - Standard

HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb


Danke, hier die Logs:

OTL.Txt
Code:
ATTFilter
 
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\JabBba\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,95 Gb Total Space | 24,97 Gb Free Space | 46,28% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 30,34 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 86,18 Gb Free Space | 88,24% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 37,08 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JABBBALOL
Current User Name: JabBba
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.17 02:08:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\JabBba\Desktop\OTL.exe
[2010.07.16 14:16:34 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Roaming\Malwarebytes
[2010.07.16 14:16:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.16 14:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.16 14:16:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.16 14:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.16 14:16:00 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\JabBba\Desktop\mbam-setup.exe
[2010.07.16 13:04:15 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\JabBba\Desktop\HiJackThis.exe
[2010.07.16 00:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.07.16 00:26:30 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.07.16 00:26:30 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.07.16 00:26:30 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.07.16 00:26:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.07.16 00:26:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.07.09 19:32:04 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Roaming\Mumble
[2010.07.09 19:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2010.07.09 19:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.07.09 19:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2010.07.06 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\JabBba\Desktop\MemTest4
[2010.07.01 23:28:48 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Local\FlatOut Ultimate Carnage
[2010.06.25 00:04:07 | 000,000,000 | ---D | C] -- C:\Users\JabBba\.worldoflogs
[2010.06.23 22:46:44 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.23 22:46:44 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.23 22:46:44 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.18 08:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Game Cam V2
[2010.06.17 17:31:36 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Local\YouTubeAssistant
[2010.06.17 17:31:36 | 000,000,000 | ---D | C] -- C:\Users\JabBba\Documents\My YouTube
[2010.06.17 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.17 02:15:04 | 006,291,456 | -HS- | M] () -- C:\Users\JabBba\NTUSER.DAT
[2010.07.17 02:08:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\JabBba\Desktop\OTL.exe
[2010.07.16 18:53:42 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.16 18:53:42 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.16 18:48:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.16 18:48:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.16 18:48:32 | 2616,496,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.16 16:10:40 | 002,804,064 | -H-- | M] () -- C:\Users\JabBba\AppData\Local\IconCache.db
[2010.07.16 14:16:28 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.16 14:16:03 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\JabBba\Desktop\mbam-setup.exe
[2010.07.16 13:04:17 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\JabBba\Desktop\HiJackThis.exe
[2010.07.16 00:28:51 | 001,511,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.16 00:28:51 | 000,651,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.16 00:28:51 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.16 00:28:51 | 000,129,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.16 00:28:51 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.15 20:07:33 | 000,137,256 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.15 20:07:24 | 000,218,808 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.15 04:03:21 | 000,419,865 | ---- | M] () -- C:\Users\JabBba\Desktop\Hhm.jpg
[2010.07.09 19:33:31 | 000,002,385 | ---- | M] () -- C:\Users\JabBba\Documents\MumbleAutomaticCertificateBackup.p12
[2010.07.09 19:32:03 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Mumble (Abwärtskompatibel).lnk
[2010.07.09 19:32:03 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.07.06 18:45:08 | 000,013,507 | ---- | M] () -- C:\Users\JabBba\Desktop\MemTest4.zip
[2010.07.03 04:21:24 | 000,169,406 | ---- | M] () -- C:\Users\JabBba\Desktop\deathwing.jpg
[2010.07.01 14:14:42 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.01 01:17:42 | 000,000,201 | ---- | M] () -- C:\Users\JabBba\Desktop\FlatOut Ultimate Carnage.url
[2010.06.27 00:31:32 | 000,000,200 | ---- | M] () -- C:\Users\JabBba\Desktop\Killing Floor SDK.url
[2010.06.25 13:39:36 | 000,000,200 | ---- | M] () -- C:\Users\JabBba\Desktop\Killing Floor.url
[2010.06.25 12:40:51 | 000,000,201 | ---- | M] () -- C:\Users\JabBba\Desktop\OpFla.url
[2010.06.25 00:03:48 | 000,001,138 | ---- | M] () -- C:\Users\JabBba\Desktop\launch.jnlp
[2010.06.18 08:40:55 | 000,000,987 | ---- | M] () -- C:\Users\JabBba\Desktop\Game Cam V2.lnk
 
========== Files Created - No Company Name ==========
 
[2010.07.16 14:16:28 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.15 04:03:21 | 000,419,865 | ---- | C] () -- C:\Users\JabBba\Desktop\Hhm.jpg
[2010.07.09 19:33:31 | 000,002,385 | ---- | C] () -- C:\Users\JabBba\Documents\MumbleAutomaticCertificateBackup.p12
[2010.07.09 19:32:03 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Mumble (Abwärtskompatibel).lnk
[2010.07.09 19:32:03 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.07.06 18:45:07 | 000,013,507 | ---- | C] () -- C:\Users\JabBba\Desktop\MemTest4.zip
[2010.07.03 04:21:21 | 000,169,406 | ---- | C] () -- C:\Users\JabBba\Desktop\deathwing.jpg
[2010.07.01 01:17:42 | 000,000,201 | ---- | C] () -- C:\Users\JabBba\Desktop\FlatOut Ultimate Carnage.url
[2010.06.27 00:31:31 | 000,000,200 | ---- | C] () -- C:\Users\JabBba\Desktop\Killing Floor SDK.url
[2010.06.25 13:39:36 | 000,000,200 | ---- | C] () -- C:\Users\JabBba\Desktop\Killing Floor.url
[2010.06.25 12:40:51 | 000,000,201 | ---- | C] () -- C:\Users\JabBba\Desktop\OpFla.url
[2010.06.25 00:03:44 | 000,001,138 | ---- | C] () -- C:\Users\JabBba\Desktop\launch.jnlp
[2010.06.18 08:40:55 | 000,000,987 | ---- | C] () -- C:\Users\JabBba\Desktop\Game Cam V2.lnk
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.15 01:57:08 | 000,025,262 | ---- | C] () -- C:\Windows\System32\xfisk.ini
[2010.01.15 04:55:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010.01.15 04:55:28 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.01.15 04:50:47 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010.01.13 04:52:52 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.01.12 15:11:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.12.16 13:48:18 | 000,000,052 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.10.27 01:12:26 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.23 00:12:31 | 000,001,634 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.19 01:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008.09.19 01:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2007.12.06 09:53:48 | 000,001,209 | R--- | C] () -- C:\Windows\xfiskcfg.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
Zweite OLT.Txt: (Überall Haken in SafeList und Quick Scan)
Code:
ATTFilter
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\JabBba\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,95 Gb Total Space | 24,97 Gb Free Space | 46,28% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 30,34 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 86,18 Gb Free Space | 88,24% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 37,08 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JABBBALOL
Current User Name: JabBba
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JabBba\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\JabBba\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (skfiltv) -- C:\Windows\System32\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.8.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.10
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.01 03:04:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.01 14:14:42 | 000,000,000 | ---D | M]
 
[2009.10.22 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Mozilla\Extensions
[2010.07.16 21:46:40 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Mozilla\Firefox\Profiles\9ipr42dx.default\extensions
[2010.07.16 12:14:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\JabBba\AppData\Roaming\Mozilla\Firefox\Profiles\9ipr42dx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.06.17 17:39:28 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\JabBba\AppData\Roaming\Mozilla\Firefox\Profiles\9ipr42dx.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010.06.17 17:39:26 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Mozilla\Firefox\Profiles\9ipr42dx.default\extensions\firebug@software.joehewitt.com
[2009.11.16 17:38:12 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Mozilla\Firefox\Profiles\9ipr42dx.default\extensions\moveplayer@movenetworks.com
[2010.01.14 05:10:32 | 000,002,235 | ---- | M] () -- C:\Users\JabBba\AppData\Roaming\Mozilla\Firefox\Profiles\9ipr42dx.default\searchplugins\askcom.xml
[2010.03.22 06:09:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.18 00:01:49 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.18 00:01:49 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.18 00:01:49 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.18 00:01:49 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.18 00:01:49 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.24 19:01:18 | 000,395,382 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 13651 more lines...
O2 - BHO: () - {B70A1A54-6DFB-4AD8-9A62-2C00A3CC5BB4} - C:\Program Files\FreeVPN\fads.dll ()
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\JabBba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{695c3951-c285-11de-bbfb-002215fb35ce}\Shell - "" = AutoRun
O33 - MountPoints2\{695c3951-c285-11de-bbfb-002215fb35ce}\Shell\AutoRun\command - "" = I:\start.exe -- File not found
O33 - MountPoints2\{72b80f7e-c5bf-11de-9a1a-002215fb35ce}\Shell - "" = AutoRun
O33 - MountPoints2\{72b80f7e-c5bf-11de-9a1a-002215fb35ce}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.17 02:08:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\JabBba\Desktop\OTL.exe
[2010.07.16 14:16:34 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Roaming\Malwarebytes
[2010.07.16 14:16:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.16 14:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.16 14:16:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.16 14:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.16 14:16:00 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\JabBba\Desktop\mbam-setup.exe
[2010.07.16 13:04:15 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\JabBba\Desktop\HiJackThis.exe
[2010.07.16 00:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.07.09 19:32:04 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Roaming\Mumble
[2010.07.09 19:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2010.07.09 19:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.07.09 19:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2010.07.06 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\JabBba\Desktop\MemTest4
[2010.07.01 23:28:48 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Local\FlatOut Ultimate Carnage
[2010.06.25 00:04:07 | 000,000,000 | ---D | C] -- C:\Users\JabBba\.worldoflogs
[2010.06.18 08:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Game Cam V2
[2010.06.17 17:31:36 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Local\YouTubeAssistant
[2010.06.17 17:31:36 | 000,000,000 | ---D | C] -- C:\Users\JabBba\Documents\My YouTube
[2010.06.17 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Eurekr.com
[2010.06.10 01:38:56 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Local\Cadenza
[2010.06.10 01:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2010.05.22 02:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.05.21 23:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.05.16 06:34:31 | 000,000,000 | ---D | C] -- C:\Users\JabBba\Documents\Rockstar Games
[2010.05.16 06:32:10 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Local\Rockstar Games
[2010.05.16 06:30:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.05.15 02:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010.05.15 02:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.05.15 02:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010.05.14 00:31:43 | 000,000,000 | ---D | C] -- C:\Users\JabBba\Documents\Battlefield Heroes
[2010.05.13 02:44:42 | 000,000,000 | ---D | C] -- C:\Users\JabBba\Documents\Ubisoft
[2010.05.05 16:23:22 | 000,000,000 | ---D | C] -- C:\Users\JabBba\Documents\StarCraft II Beta
[2010.05.05 13:39:38 | 000,000,000 | ---D | C] -- C:\Users\JabBba\New folder
[2010.04.30 13:41:29 | 000,000,000 | ---D | C] -- C:\Users\JabBba\AppData\Roaming\mIRC
[2010.04.30 13:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010.04.22 14:18:08 | 000,000,000 | ---D | C] -- C:\Users\JabBba\Desktop\Blizzard
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.17 02:37:07 | 006,291,456 | -HS- | M] () -- C:\Users\JabBba\NTUSER.DAT
[2010.07.17 02:08:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\JabBba\Desktop\OTL.exe
[2010.07.16 18:53:42 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.16 18:53:42 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.16 18:48:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.16 18:48:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.16 18:48:32 | 2616,496,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.16 16:10:40 | 002,804,064 | -H-- | M] () -- C:\Users\JabBba\AppData\Local\IconCache.db
[2010.07.16 14:16:28 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.16 14:16:03 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\JabBba\Desktop\mbam-setup.exe
[2010.07.16 13:04:17 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\JabBba\Desktop\HiJackThis.exe
[2010.07.16 00:28:51 | 001,511,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.16 00:28:51 | 000,651,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.16 00:28:51 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.16 00:28:51 | 000,129,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.16 00:28:51 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.15 20:07:33 | 000,137,256 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.15 20:07:24 | 000,218,808 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.15 04:03:21 | 000,419,865 | ---- | M] () -- C:\Users\JabBba\Desktop\Hhm.jpg
[2010.07.09 19:33:31 | 000,002,385 | ---- | M] () -- C:\Users\JabBba\Documents\MumbleAutomaticCertificateBackup.p12
[2010.07.09 19:32:03 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Mumble (Abwärtskompatibel).lnk
[2010.07.09 19:32:03 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.07.06 18:45:08 | 000,013,507 | ---- | M] () -- C:\Users\JabBba\Desktop\MemTest4.zip
[2010.07.03 04:21:24 | 000,169,406 | ---- | M] () -- C:\Users\JabBba\Desktop\deathwing.jpg
[2010.07.01 14:14:42 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.01 01:17:42 | 000,000,201 | ---- | M] () -- C:\Users\JabBba\Desktop\FlatOut Ultimate Carnage.url
[2010.06.27 00:31:32 | 000,000,200 | ---- | M] () -- C:\Users\JabBba\Desktop\Killing Floor SDK.url
[2010.06.25 13:39:36 | 000,000,200 | ---- | M] () -- C:\Users\JabBba\Desktop\Killing Floor.url
[2010.06.25 12:40:51 | 000,000,201 | ---- | M] () -- C:\Users\JabBba\Desktop\OpFla.url
[2010.06.25 00:03:48 | 000,001,138 | ---- | M] () -- C:\Users\JabBba\Desktop\launch.jnlp
[2010.06.18 08:40:55 | 000,000,987 | ---- | M] () -- C:\Users\JabBba\Desktop\Game Cam V2.lnk
[2010.06.13 04:18:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010.06.12 00:02:00 | 000,001,791 | ---- | M] () -- C:\Users\JabBba\Desktop\CCleaner.lnk
[2010.06.10 02:09:02 | 000,000,201 | ---- | M] () -- C:\Users\JabBba\Desktop\Sol Survivor.url
[2010.06.09 16:44:24 | 000,285,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.24 19:01:18 | 000,395,382 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.16 06:40:50 | 000,000,378 | ---- | M] () -- C:\Users\JabBba\Desktop\GTA LnD.lnk
[2010.05.15 02:51:18 | 000,002,293 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.05.14 00:31:16 | 000,138,056 | ---- | M] () -- C:\Users\JabBba\AppData\Roaming\PnkBstrK.sys
[2010.05.14 00:30:55 | 002,427,248 | ---- | M] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.05.09 00:17:47 | 000,000,812 | ---- | M] () -- C:\Users\JabBba\Desktop\Steam.exe - Shortcut.lnk
[2010.05.05 16:25:21 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010.04.30 13:41:29 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.07.16 14:16:28 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.15 04:03:21 | 000,419,865 | ---- | C] () -- C:\Users\JabBba\Desktop\Hhm.jpg
[2010.07.09 19:33:31 | 000,002,385 | ---- | C] () -- C:\Users\JabBba\Documents\MumbleAutomaticCertificateBackup.p12
[2010.07.09 19:32:03 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Mumble (Abwärtskompatibel).lnk
[2010.07.09 19:32:03 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.07.06 18:45:07 | 000,013,507 | ---- | C] () -- C:\Users\JabBba\Desktop\MemTest4.zip
[2010.07.03 04:21:21 | 000,169,406 | ---- | C] () -- C:\Users\JabBba\Desktop\deathwing.jpg
[2010.07.01 01:17:42 | 000,000,201 | ---- | C] () -- C:\Users\JabBba\Desktop\FlatOut Ultimate Carnage.url
[2010.06.27 00:31:31 | 000,000,200 | ---- | C] () -- C:\Users\JabBba\Desktop\Killing Floor SDK.url
[2010.06.25 13:39:36 | 000,000,200 | ---- | C] () -- C:\Users\JabBba\Desktop\Killing Floor.url
[2010.06.25 12:40:51 | 000,000,201 | ---- | C] () -- C:\Users\JabBba\Desktop\OpFla.url
[2010.06.25 00:03:44 | 000,001,138 | ---- | C] () -- C:\Users\JabBba\Desktop\launch.jnlp
[2010.06.18 08:40:55 | 000,000,987 | ---- | C] () -- C:\Users\JabBba\Desktop\Game Cam V2.lnk
[2010.06.10 02:09:02 | 000,000,201 | ---- | C] () -- C:\Users\JabBba\Desktop\Sol Survivor.url
[2010.05.16 06:40:50 | 000,000,378 | ---- | C] () -- C:\Users\JabBba\Desktop\GTA LnD.lnk
[2010.05.15 02:51:18 | 000,002,293 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.05.14 00:30:55 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.05.09 00:17:47 | 000,000,812 | ---- | C] () -- C:\Users\JabBba\Desktop\Steam.exe - Shortcut.lnk
[2010.05.05 16:23:22 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010.04.30 13:41:29 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.15 01:57:08 | 000,025,262 | ---- | C] () -- C:\Windows\System32\xfisk.ini
[2010.01.15 04:55:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010.01.15 04:55:28 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.01.15 04:50:47 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010.01.13 04:52:52 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.01.12 15:11:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.12.16 13:48:18 | 000,000,052 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.10.27 01:12:26 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.23 00:12:31 | 000,001,634 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009.09.28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.19 01:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008.09.19 01:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2007.12.06 09:53:48 | 000,001,209 | R--- | C] () -- C:\Windows\xfiskcfg.ini
 
========== LOP Check ==========
 
[2010.01.21 18:21:21 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Blender Foundation
[2010.02.14 05:18:00 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Blitware
[2010.01.12 20:57:00 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Crayon Physics Deluxe
[2009.10.27 01:24:36 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\DAEMON Tools Lite
[2010.07.08 02:33:20 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\FileZilla
[2009.11.01 21:08:12 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\GConvert
[2010.05.02 01:14:52 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\ICQ
[2010.01.15 13:04:56 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\IrfanView
[2009.12.08 12:45:00 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Likno
[2009.11.11 00:24:19 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.07.17 00:17:33 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Mumble
[2009.12.15 17:16:32 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\OpenOffice.org
[2009.10.23 03:30:40 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Panda Security
[2009.11.02 15:00:56 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Publish Providers
[2009.11.02 15:02:25 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Sony
[2010.01.14 05:08:05 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Trillian
[2010.06.30 19:48:06 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\TS3Client
[2009.11.02 01:13:35 | 000,000,000 | ---D | M] -- C:\Users\JabBba\AppData\Roaming\Tunngle
[2010.06.13 04:18:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2010.05.16 06:42:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >

Extras.Txt:
Code:
ATTFilter
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\JabBba\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,95 Gb Total Space | 24,97 Gb Free Space | 46,28% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 30,34 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 86,18 Gb Free Space | 88,24% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 37,08 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JABBBALOL
Current User Name: JabBba
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Dreamweaver\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{12FD058C-304E-1CEF-EE6A-C9EC49D00AC2}" = Catalyst Control Center Graphics Full New
"{14E640FF-CE46-7966-036E-B82260CF29CF}" = Catalyst Control Center Graphics Light
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C9D9AF3-EF01-E760-94A6-AE41CA277983}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2E72D554-09BC-C87B-AE7B-5ED2E54DDA57}" = CCC Help Polish
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEAB819-BF2D-4F43-85DE-66B7D6FC2F56}" = 1-Click YouTubeAssistant
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56ED137A-8DFC-0682-057A-3FBCC3E8E05D}" = ATI Problem Report Wizard
"{573F1931-08F7-9222-704E-841C391794C5}" = ATI Catalyst Install Manager
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A44139B-9C3D-6D55-87A3-B22085DB6428}" = CCC Help German
"{6BD9C17B-21A4-C8AA-9B8C-AB18304D103D}" = CCC Help Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72992853-E12F-6F78-E466-C8ADF60AB2F3}" = CCC Help Hungarian
"{824B6611-48C9-C785-CD73-D7CB82E19A7E}" = Catalyst Control Center Graphics Full Existing
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{936B48FE-32C0-BD05-D655-790B8587D4CF}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABA45BF5-39C9-1D1F-0467-C716E4E62336}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B160D3AC-D8E3-F949-C905-229FFF4C8C16}" = CCC Help French
"{B1B943CB-55A4-8E85-3392-2FF13980826E}" = CCC Help Greek
"{B327B5BD-F3EC-889D-9770-2D40A14A4356}" = Catalyst Control Center Graphics Previews Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B681FEA0-03C4-A96C-0D66-5D3D40171DC5}" = CCC Help Portuguese
"{B7D84BAF-7927-42DF-B7A3-0DC35205DAD7}" = GConvert
"{BD796ED2-347E-E822-CA19-EC73E2C941FC}" = ATI AVIVO Codecs
"{BE4F561B-63A9-A47C-9DE1-AF1CF5B1C30F}" = Catalyst Control Center Core Implementation
"{BFC304C4-7220-C8EA-C9F6-01EB256C1675}" = ccc-utility
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C95567EE-BE3F-053F-655B-5FF3340CD08E}" = Catalyst Control Center Graphics Previews Vista
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DA7DF7BB-D3E2-1B19-6099-776A23DAF088}" = ccc-core-static
"{DE872CED-2C0F-F0D0-AFCF-B1D35450796B}" = Catalyst Control Center Localization All
"{E7EE88BF-D287-74E1-EC9C-29746228B0D8}" = HydraVision
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.2.8.1
"Fraps" = Fraps (remove only)
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Game Cam" = Game Cam 2.54.0.47
"GameSpy Arcade" = GameSpy Arcade
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mumble" = Mumble and Murmur
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Sandboxie" = Sandboxie 3.40
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StarCraft" = StarCraft
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10" = Counter-Strike
"Steam App 12360" = FlatOut: Ultimate Carnage
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 12830" = Operation Flashpoint: Dragon Rising
"Steam App 24860" = Battlefield 2
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 45000" = Sol Survivor
"Steam App 70" = Half-Life
"Steam App 8980" = Borderlands
"SysInfo" = Creative Systeminformationen
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"5f48e2ab41c5d005" = RapidShare Manager
"World of Logs Client" = World of Logs Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Malewarebytes

Code:
ATTFilter
Datenbank Version: 4319

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.07.2010 02:56:33
mbam-log-2010-07-17 (02-56-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 299928
Laufzeit: 42 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
F:\Incoming\Tools\Keygen DI 1.5.exe (Trojan.Agent.CK) -> No action taken.
Habe den Keygen vorsichtshalber mal gelöscht auch wenn ich den schon seit immer habe. Da stand dann "-> Quarantined and deleted successfully." hinterher.
__________________
Geändert von MoepMoep (17.07.2010 um 02:00 Uhr) Grund: Malewarebytes Log eingefügt

Alt 17.07.2010, 18:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb - Standard

HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb


Zitat:
F:\Incoming\Tools\Keygen DI 1.5.exe
Sry, aber hier ist der Bereinigungssupport zu Ende...

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb
.dll, 0 bytes, adobe, antivir, antivir guard, ask toolbar, avg, avira, bho, computer, desktop, eudora, explorer, fehler, firefox, hijack, hijackthis, internet, internet explorer, local\temp, microsoft, nicht gefunden, nt.dll, nvidia, object, plug-in, programdata, quelldatei, software, suche, temp, warnung, windows


« probleme mit Ton, Browser etc. | win32.agent.fbx wie bekomme ich den weg? »


Ähnliche Themen: HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb


  1. AntiVir: Trojaner TR/Trash.gen7; C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (2)
  2. Morlin: TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (1)
  3. TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (6)
  4. HTML/Silly.Gen + HTML/Dropper.gen
    Log-Analyse und Auswertung - 18.12.2009 (1)
  5. HTML/Silly.Gen Virenmeldung im Minutentakt
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (5)
  6. Fund eines html-scriptvirus/silly.gen
    Log-Analyse und Auswertung - 23.09.2009 (1)
  7. AntiVir meldet Trojaner TR/Crypt.XPACK.Gen in C:\ProgramData\Microsoft\Search\Data\Ap
    Plagegeister aller Art und deren Bekämpfung - 18.09.2009 (1)
  8. Brauche Hilfe bei HTML/Silly.Gen-Problem
    Log-Analyse und Auswertung - 18.09.2009 (18)
  9. html/silly.gen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2009 (7)
  10. Probleme mit TR/Crypt.ZPACK + TR/Trash.Gen + HTML/Silly.Gen + Trivial-28 (A)
    Log-Analyse und Auswertung - 27.07.2009 (1)
  11. TR/Crypt.ZPACK + TR/Trash.Gen + HTML/Silly.Gen + Trivial-28 (A) Teil 1
    Log-Analyse und Auswertung - 26.07.2009 (2)
  12. Wie entferne ich HTML/Silly.Gen ?
    Plagegeister aller Art und deren Bekämpfung - 20.07.2009 (4)
  13. GANZ neuer Rechner (1Tag) und schon HTML/Silly.Gen
    Log-Analyse und Auswertung - 04.05.2009 (21)
  14. 50% Cpu, Vbs Scriptfile, HTML/Silly.Gen
    Plagegeister aller Art und deren Bekämpfung - 14.03.2009 (17)
  15. html/silly.gen entfernen
    Log-Analyse und Auswertung - 04.02.2009 (0)
  16. HTML/Silly.Gen
    Mülltonne - 20.12.2008 (0)
  17. HTML/Silly.Gen
    Mülltonne - 14.12.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb - Hi, die tägliche Suche von Antivir hat auf meinen Rechner eben wegen HTML/silly.sys Alarm geschlagen. Ich habe auf "Reparieren" geklickt und wie von Antivir sehr aufdringlich geraten meinen Computer neugestartet, - HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb...
Archiv
Du betrachtest: HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129