Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen und TR/Agent.450561.B

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.12.2010, 16:21   #1
T04ST3R
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Hallo zusammen,

seit einigen Tagen geistern zwei seltsame Dateien auf meinem Pc herum TR/Crypt.ZPACK.Gen bzw. TR/Agent.450561.B (laut Avira Antivir).

Deshalb gliedere ich hier gleich mal in zwei Teile:

1. TR/Crypt.ZPACK.Gen:

Antivir hat mir Meldungen über den Fund gemacht, worauf ich "dickschädel" natürlich sofort einen Hacken in das Kästchen "automatisch löschen" gemacht habe. Nun hab ich gelesen dass dies das Ganze System zerschießen kann.

Deshalb gleich meine erste Frage: Wie kann ich die Automatische Löschfunktion rückgängig machen ? (Avira Antivir Free Personal)

Da aber immer wieder dieser Trojaner unter Ergeinisse auftaucht, wird dieses Problem noch nicht behoben sein. Bitte um Hilfe !

2. TR/Agent.450561.B:

Dieser Virus wird nun auch seit einigen Tagen unter Ereignisse gezeigt, hier hab ich aber "Zugriff verweigern" gewählt.


Zu TR/Crypt.ZPACK.Gen habe ich hier im Forum schon mehrere Beiträge gefunden, da aber nun bei einem Beitrag dabei stand dass man die folgenden Schritte nicht aus eigener Hand, also wenn sie nicht von einem "Profi" empfehlt wurden, durch führen sollte, habe ich hier ein neues Thema für mein Problem erstellt.

Hier mal dass HijackThis Log file (ich glaube dass ist immer der erste Schritt )

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:12, on 13.12.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Tobias\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{E496B8DB-273D-4341-8708-7188838CC520}: NameServer = 212.185.249.116,194.25.2.129
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10900 bytes
         
MFG Tobi

Alt 14.12.2010, 10:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Zitat:
1. TR/Crypt.ZPACK.Gen
2. TR/Agent.450561.B:
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.
__________________

__________________

Alt 14.12.2010, 13:28   #3
T04ST3R
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Ok, tut mir leid, hier die Pfade:
1. TR/Crypt.ZPACK.Gen
C:\Users\Tobias\AppData\Local\Temp\QvgbQcmsAS.dll

2. TR/Agent.450561.B
C:\Users\Tobias\AppData\Local\Temp\IGwqNKmplw.exe

Logs:
MBAM
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5310

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.12.2010 14:53:58
mbam-log-2010-12-14 (14-53-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158431
Laufzeit: 1 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

OTL
Code:
ATTFilter
OTL logfile created on: 14.12.2010 14:58:31 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Public\Desktop\MFtools
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,83 Gb Total Space | 798,96 Gb Free Space | 86,67% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-DELL | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.14 14:33:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.12.10 08:36:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.10.24 14:57:07 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.10.02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.09.18 23:10:26 | 000,335,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009.09.17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.17 16:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009.06.24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.06.09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.14 14:33:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.03.08 14:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009.09.19 07:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.27 16:59:20 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.10.24 14:57:07 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.08 17:11:53 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.09.17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007.11.21 12:16:02 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\RxFilter.sys -- (RxFilter)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.09.10 16:03:15 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.05.06 12:59:08 | 000,162,304 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJMidi.sys -- (HDJMidi)
DRV:64bit: - [2010.05.06 12:59:02 | 000,163,328 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2010.05.06 12:58:58 | 000,226,304 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV:64bit: - [2009.11.25 11:19:02 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.20 19:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.26 16:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.09.21 14:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.09.19 09:32:38 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.23 19:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.06 13:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 17:47:38 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.02.21 02:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov550ivx.sys -- (OV550I)
DRV:64bit: - [2007.02.16 09:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2006.11.01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.06.26 10:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 08:36:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.13 17:53:42 | 000,000,000 | ---D | M]
 
[2010.01.27 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions
[2010.12.14 13:42:15 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\aj4glnmh.default\extensions
[2010.06.25 18:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\aj4glnmh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.13 17:54:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.07.26 12:46:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.26 12:46:50 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.26 12:46:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.26 12:46:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.26 12:46:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\system32\EptMon64.DLL File not found
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\THXCfg64.DLL File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe ()
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Tobias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk - C:\PROGRA~2\Xfire\Xfire.exe - (Xfire Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
MsConfig:64bit - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: Hercules DJ Series - hkey= - key= - C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.I420 -  File not found
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.14 14:48:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.12.14 14:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010.12.14 14:34:28 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Malwarebytes
[2010.12.14 14:34:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.14 14:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.14 14:34:19 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.14 14:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.14 14:33:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.13 17:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.12.13 17:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.12.13 17:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.12.13 17:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010.12.13 16:31:37 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tobias\Desktop\HiJackThis.exe
[2010.12.13 16:00:56 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\Games
[2010.12.11 16:55:54 | 000,000,000 | ---D | C] -- C:\Windows\Uninstall
[2010.11.21 02:23:57 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\Virtual Dj
[2010.11.18 15:28:48 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.11.18 15:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.11.18 15:28:48 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.11.18 15:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.11.18 15:26:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.11.17 21:18:16 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\Native Instruments
[2010.11.17 21:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traktor DJ 3
[2010.11.15 20:08:08 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Roxio
[2010.01.27 20:48:57 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Tobias\AppData\Roaming\DataSafeDotNet.exe
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.14 15:00:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.14 15:00:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.14 15:00:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.14 15:00:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.14 15:00:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.14 14:54:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.14 14:54:43 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.14 14:50:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.14 14:50:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.14 14:46:17 | 000,000,911 | ---- | M] () -- C:\Users\Tobias\Desktop\ERUNT.lnk
[2010.12.14 14:34:58 | 000,000,082 | ---- | M] () -- C:\Users\Tobias\Desktop\Load.exe by Larusso - Trojaner-Board.URL
[2010.12.14 14:32:49 | 000,471,560 | ---- | M] () -- C:\Users\Tobias\Desktop\Load.exe
[2010.12.13 20:21:19 | 000,003,694 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\wklnhst.dat
[2010.12.13 17:49:57 | 000,001,940 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.12.13 17:27:44 | 000,000,117 | ---- | M] () -- C:\Users\Tobias\Desktop\TRCrypt.ZPACK.Gen und TRAgent.450561.B - Trojaner-Board.URL
[2010.12.13 17:26:37 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.12.13 16:47:00 | 000,000,084 | ---- | M] () -- C:\Users\Tobias\Desktop\TRCrypt.ZPACK.Gen - Trojaner-Board.URL
[2010.12.13 16:31:38 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tobias\Desktop\HiJackThis.exe
[2010.12.04 19:22:29 | 000,000,078 | ---- | M] () -- C:\Users\Tobias\Desktop\djsfrommars - Djs From Mars on SoundCloud - Create, record and share your sounds for free.URL
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.21 02:24:30 | 000,003,269 | ---- | M] () -- C:\Users\Tobias\Desktop\Virtual DJ - Verknüpfung.lnk
[2010.11.18 15:27:35 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.11.15 20:08:09 | 000,000,000 | ---- | M] () -- C:\Users\Tobias\AppData\Local\rx_image32.Cache
 
========== Files Created - No Company Name ==========
 
[2010.12.14 14:46:17 | 000,000,911 | ---- | C] () -- C:\Users\Tobias\Desktop\ERUNT.lnk
[2010.12.14 14:34:58 | 000,000,082 | ---- | C] () -- C:\Users\Tobias\Desktop\Load.exe by Larusso - Trojaner-Board.URL
[2010.12.14 14:32:48 | 000,471,560 | ---- | C] () -- C:\Users\Tobias\Desktop\Load.exe
[2010.12.13 17:49:57 | 000,001,940 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.12.13 17:27:44 | 000,000,117 | ---- | C] () -- C:\Users\Tobias\Desktop\TRCrypt.ZPACK.Gen und TRAgent.450561.B - Trojaner-Board.URL
[2010.12.13 16:47:00 | 000,000,084 | ---- | C] () -- C:\Users\Tobias\Desktop\TRCrypt.ZPACK.Gen - Trojaner-Board.URL
[2010.12.04 19:22:29 | 000,000,078 | ---- | C] () -- C:\Users\Tobias\Desktop\djsfrommars - Djs From Mars on SoundCloud - Create, record and share your sounds for free.URL
[2010.11.21 02:24:30 | 000,003,269 | ---- | C] () -- C:\Users\Tobias\Desktop\Virtual DJ - Verknüpfung.lnk
[2010.11.18 15:29:01 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.11.18 15:27:35 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.11.15 20:08:09 | 000,000,000 | ---- | C] () -- C:\Users\Tobias\AppData\Local\rx_image32.Cache
[2010.08.27 19:02:10 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.07.05 22:57:25 | 000,017,408 | ---- | C] () -- C:\Users\Tobias\AppData\Local\WebpageIcons.db
[2010.05.22 09:47:17 | 000,000,350 | ---- | C] () -- C:\Windows\doom3.ini
[2010.03.26 20:00:50 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.02.09 17:24:15 | 000,003,694 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\wklnhst.dat
[2010.01.08 17:12:28 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010.01.08 17:12:28 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010.01.08 17:12:28 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010.01.08 17:12:27 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.01.08 17:12:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.10.03 17:37:28 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\.minecraft
[2010.05.17 16:14:28 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Ambient Design
[2010.09.10 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DAEMON Tools Lite
[2010.09.26 15:57:13 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DNA
[2010.06.25 18:39:13 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.25 13:46:30 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Escepia WarFinder
[2010.06.14 18:00:52 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\gtk-2.0
[2010.08.18 01:05:40 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\HLSW
[2010.12.13 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ICQ
[2010.06.26 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\LolClient
[2010.11.14 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Need for Speed World
[2010.08.20 16:25:35 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\pokerth
[2010.02.12 23:51:39 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Publish Providers
[2010.02.12 23:51:37 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Sony
[2010.10.17 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\streamripper
[2010.02.09 17:24:34 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Template
[2010.02.04 15:20:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\TS3Client
[2010.01.30 12:03:58 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Ubisoft
[2010.06.10 13:36:24 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Unigraphics Solutions
[2010.11.13 22:22:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.01.09 01:45:45 | 000,004,916 | RH-- | M] () -- C:\dell.sdr
[2010.09.10 15:20:28 | 000,000,748 | ---- | M] () -- C:\deltaStartup.log
[2010.12.14 14:54:43 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.12 16:01:42 | 000,158,213 | ---- | M] () -- C:\ituneslib.itl
[2006.12.01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010.12.14 14:54:50 | 4151,394,304 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2009.07.10 13:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.01.09 01:44:09 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.01.09 01:44:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.01.09 01:44:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.01.09 01:44:09 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         

Extras
Code:
ATTFilter
OTL Extras logfile created on: 14.12.2010 14:58:31 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Public\Desktop\MFtools
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,83 Gb Total Space | 798,96 Gb Free Space | 86,67% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-DELL | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A70B027-4813-B42B-FF66-04E58417028A}" = ccc-utility64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.7.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{065FD621-FE29-F086-8B68-26C40F2568F6}" = CCC Help Spanish
"{0710A0C4-05D9-412D-AC50-5136B11A95B7}" = ArtRage 2 Starter Edition
"{07B0A8BD-DC56-9391-029D-901B537C0EE5}" = CCC Help Finnish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A4DBC25-3DD9-9503-24D9-268112B62076}" = CCC Help Hungarian
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1518157C-607B-2B60-B121-EAB7042C75AB}" = Skins
"{157AB353-60BB-E1A7-4E79-15C35655C694}" = CCC Help English
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B70920B-70FC-C906-623C-F366B0F7DB53}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E76329-0ED8-E755-2C14-07C80621DF7E}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{27427D07-F798-0398-997C-525E982BF0BE}" = Catalyst Control Center Core Implementation
"{28A25B98-A2E9-89A5-FCF3-DF93B9564775}" = CCC Help Italian
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{33B436A1-64C1-1726-2209-E69BF2DFE138}" = CCC Help Czech
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44047051-85A6-83A1-0B76-0A4EF34F82B2}" = Catalyst Control Center Localization All
"{482A6D85-E279-9B0F-8D36-091F3B64B787}" = Catalyst Control Center Graphics Previews Common
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FB805E5-9716-C5D0-9114-65C78E3098DD}" = CCC Help Swedish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3B69A7-C63E-7F9B-55DD-CD65F7440FED}" = CCC Help Danish
"{5B1EF562-C533-9035-D6BB-7BD5C6D9DC3F}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{63892687-346C-6868-029C-A1BCCCACC4C0}" = CCC Help Chinese Traditional
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C3BF763-2CC5-2E20-4491-DF399C05C547}" = CCC Help Greek
"{6F4ED9D9-0854-C415-7BD6-908380D81518}" = Catalyst Control Center Graphics Full New
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): DAS SPIEL
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{877335C1-A573-6B0B-9635-DFD043E4445A}" = CCC Help Norwegian
"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EBA7A74-9CB9-1336-8F32-2E503E6D530F}" = CCC Help French
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90F1906E-C084-9499-DFC3-E8A191B1E259}" = Catalyst Control Center Graphics Light
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{934328D5-F05A-8749-2915-EDCBE9DBBC61}" = CCC Help Polish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995C73F0-2853-45DF-030F-DFEEB000BC10}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{A2767DE2-385F-2A50-592F-FB7B041926DE}" = CCC Help Chinese Standard
"{A4601B40-79E2-4E67-EB56-8A77B9D03839}" = CCC Help Dutch
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AACCF0A0-B426-9DA1-7900-7CDA55C674BE}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AE09704D-9051-4C25-B940-77F889F0C93F}" = OVTScanner_Vista64
"{B1AFAA4E-AE88-3B08-E40A-FB1D64F0F880}" = CCC Help Thai
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6C07454-A9BC-D101-1DA7-B41E95008200}" = CCC Help Turkish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2B9D3E1-B7FB-00FB-A14C-664B13174ED4}" = CCC Help Russian
"{C3006EEA-E54F-4CF4-A966-F7BB9FBD7EB8}_is1" = Escepia WarFinder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E41E6CB8-AD30-A818-EA5D-0C6A92E51D0C}" = CCC Help Japanese
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA8F8D1C-0565-BD71-BFC3-57A21E8AA6FD}" = Catalyst Control Center Graphics Previews Vista
"{EC409A8A-525C-3F44-5266-13FAE4E5BF7B}" = ccc-core-static
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blender" = Blender (remove only)
"Counter-Strike: Source" = Counter-Strike: Source
"CSStrat" = CSStrat
"DotAzilla" = DotAzilla
"Electronic Sports League GUI2.10.5" = Electronic Sports League GUI
"ERUNT_is1" = ERUNT 1.1j
"FL Studio 9" = FL Studio 9
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"GeoGebra" = GeoGebra
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"Hardcore" = Hardcore
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"hon" = Heroes of Newerth
"IL Download Manager" = IL Download Manager
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Sawer" = Sawer
"Steam App 10" = Counter-Strike
"Steam App 11020" = TrackMania Nations Forever
"Steam App 12910" = Audiosurf Demo
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Streamripper" = Streamripper (Remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Xfire" = Xfire (remove only)
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.12.2010 17:53:23 | Computer Name = Tobias-Dell | Source = Bonjour Service | ID = 100
Description = 
 
Error - 08.12.2010 17:53:23 | Computer Name = Tobias-Dell | Source = Bonjour Service | ID = 100
Description = 
 
Error - 08.12.2010 17:53:24 | Computer Name = Tobias-Dell | Source = Bonjour Service | ID = 100
Description = 
 
Error - 08.12.2010 17:53:24 | Computer Name = Tobias-Dell | Source = Bonjour Service | ID = 100
Description = 
 
Error - 08.12.2010 17:53:24 | Computer Name = Tobias-Dell | Source = Bonjour Service | ID = 100
Description = 
 
Error - 09.12.2010 08:28:20 | Computer Name = Tobias-Dell | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.12.2010 08:28:20 | Computer Name = Tobias-Dell | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.12.2010 08:28:31 | Computer Name = Tobias-Dell | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.12.2010 10:05:30 | Computer Name = Tobias-Dell | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 09.12.2010 14:44:05 | Computer Name = Tobias-Dell | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 31.07.2010 19:10:47 | Computer Name = Tobias-Dell | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 02.08.2010 04:23:05 | Computer Name = Tobias-Dell | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 02.08.2010 04:23:12 | Computer Name = Tobias-Dell | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 03.08.2010 07:28:19 | Computer Name = Tobias-Dell | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 03.08.2010 07:28:26 | Computer Name = Tobias-Dell | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 03.08.2010 08:55:17 | Computer Name = Tobias-Dell | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?08.?2010 um 14:48:39 unerwartet heruntergefahren.
 
Error - 03.08.2010 08:55:18 | Computer Name = Tobias-Dell | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 03.08.2010 08:55:28 | Computer Name = Tobias-Dell | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 03.08.2010 11:30:52 | Computer Name = Tobias-Dell | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 03.08.2010 11:30:56 | Computer Name = Tobias-Dell | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
 
< End of report >
         

MFG Tobi
Ps: falls Irgendetwas jetzt noch fehlt, sagts mir bitte, danke : )
__________________

Geändert von T04ST3R (14.12.2010 um 14:12 Uhr)

Alt 14.12.2010, 14:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Alt 14.12.2010, 15:45   #5
T04ST3R
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Was meinst du mit routinemäßig? Jeden Tag einmal scannen und dann hier Log posten ?
MFG Tobi


Alt 14.12.2010, 15:47   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Nein! Wenn ich meinte du sollst jeden Tag einen Vollscan mahcen, hätte ich das geschrieben! Mach einen Vollscan! (das ist mit routinemäßig gemeint)
__________________
--> TR/Crypt.ZPACK.Gen und TR/Agent.450561.B

Alt 14.12.2010, 16:39   #7
T04ST3R
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



MBAM Vollscan:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5311

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.12.2010 17:37:41
mbam-log-2010-12-14 (17-37-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 389839
Laufzeit: 53 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
MFG Tobi

Alt 14.12.2010, 18:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Mehr hat Malwarebytes wirklich nicht gefunden als diese paar Sachen über den Quickscan?

Alt 14.12.2010, 18:23   #9
T04ST3R
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Nein, TR/Agent.450561.B wurde aber vorhin wieder von antivir gefunden.

Alt 14.12.2010, 18:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alt 14.12.2010, 18:59   #11
T04ST3R
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Soll ich nach der Aktualisierung von Combofix die internet verbindung kappen ?

Alt 15.12.2010, 10:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Nein lass die mal an.

Alt 15.12.2010, 13:37   #13
T04ST3R
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



So Combofix ausgeführt.
Hier der Log:
Code:
ATTFilter
ComboFix 10-12-14.05 - Tobias 15.12.2010  14:27:55.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3959.2577 [GMT 1:00]
ausgeführt von:: c:\users\Tobias\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog
c:\windows\system32\Ijl11.dll
c:\windows\SysWow64\Ijl11.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-11-15 bis 2010-12-15  ))))))))))))))))))))))))))))))
.

2010-12-15 13:32 . 2010-12-15 13:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-15 13:14 . 2010-12-15 13:14	--------	d-----w-	c:\program files\CCleaner
2010-12-14 13:46 . 2010-12-14 13:47	--------	d-----w-	c:\program files (x86)\ERUNT
2010-12-14 13:34 . 2010-12-14 13:34	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Malwarebytes
2010-12-14 13:34 . 2010-12-14 13:34	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-14 13:34 . 2010-11-29 16:42	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-14 13:34 . 2010-12-14 13:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-14 13:34 . 2010-11-29 16:42	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-14 12:26 . 2010-11-10 05:35	8199504	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A61411BB-767E-43D0-898F-1A3324AFE882}\mpengine.dll
2010-12-13 16:53 . 2010-12-13 16:53	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2010-12-13 16:49 . 2010-12-13 16:49	--------	d-----w-	c:\programdata\McAfee Security Scan
2010-12-13 16:49 . 2010-12-13 16:49	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2010-12-11 16:04 . 2010-12-11 16:04	451072	----a-w-	c:\windows\uninstall\FAKEFACTORY_Cinematic\uninstall.exe
2010-12-11 15:55 . 2010-12-11 16:04	--------	d-----w-	c:\windows\Uninstall
2010-11-24 11:52 . 2010-10-19 08:47	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-11-24 11:52 . 2010-10-19 08:10	7680	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-18 14:28 . 2010-11-18 14:29	--------	d-----w-	c:\program files\iTunes
2010-11-18 14:28 . 2010-11-18 14:28	--------	d-----w-	c:\program files (x86)\iTunes
2010-11-18 14:28 . 2010-11-18 14:28	--------	d-----w-	c:\program files\iPod
2010-11-17 20:16 . 2010-11-17 20:16	--------	d-----w-	c:\program files (x86)\Traktor DJ 3
2010-11-15 19:08 . 2010-11-15 19:08	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Roxio

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 12:51 . 2010-10-25 12:51	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2010-10-24 13:57 . 2010-03-06 15:40	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2010-10-24 13:57 . 2010-03-06 15:40	66872	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2010-10-24 13:57 . 2010-10-24 13:57	669184	----a-w-	c:\windows\SysWow64\pbsvc.exe
2010-10-19 09:41 . 2010-01-27 20:34	270720	------w-	c:\windows\system32\MpSigStub.exe
2010-10-16 16:49 . 2010-03-06 15:46	215128	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2010-10-07 11:36 . 2010-10-07 11:36	119584	----a-w-	c:\windows\system32\dns-sd.exe
2010-09-28 14:44 . 2010-09-28 14:44	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2010-09-28 14:44 . 2010-09-28 14:44	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2009-09-17 120048]

c:\users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi4"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 163328]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 226304]
R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 162304]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys [2008-02-21 196992]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 X6va003;X6va003;c:\users\Tobias\AppData\Local\Temp\0031FB.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-10 834544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-19 202752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-08 6245744]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-05-28 33160]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 2314120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {E496B8DB-273D-4341-8708-7188838CC520} = 212.185.249.116,194.25.2.129
FF - ProfilePath - c:\users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\aj4glnmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Tobias\AppData\Local\Temp\0031FB.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1837355618-2121490773-1049443472-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:af,66,ac,b6,70,0e,a8,5c,4a,57,07,d5,ba,17,fc,f8,24,f3,69,10,63,90,66,
   8c,18,87,c7,19,60,e9,64,8a,8a,f8,76,76,a2,72,87,fb,8f,30,fe,dc,9d,47,cc,b0,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

[HKEY_USERS\S-1-5-21-1837355618-2121490773-1049443472-1000\Software\SecuROM\License information*]
"datasecu"=hex:57,d1,59,92,f9,9b,f4,7a,f7,ef,f3,25,9c,bf,45,f3,49,6b,3d,66,b1,
   3d,ed,9a,7e,c2,09,63,8a,21,61,c9,46,75,50,47,ce,29,fe,e9,e0,34,20,f7,17,33,\
"rkeysecu"=hex:83,28,1d,3c,d6,51,75,ff,74,0c,d1,88,3f,b7,e2,58

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-12-15  14:32:47
ComboFix-quarantined-files.txt  2010-12-15 13:32

Vor Suchlauf: 14 Verzeichnis(se), 857.655.500.800 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 857.531.011.072 Bytes frei

- - End Of File - - 1DA7558D0DF625AF607D969E41E67D30
         
MFG Tobi

Alt 15.12.2010, 14:09   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]

File::
c:\users\Tobias\AppData\Local\Temp\0031FB.tmp

Driver::
X6va003
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alt 15.12.2010, 14:56   #15
T04ST3R
 
TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Standard

TR/Crypt.ZPACK.Gen und TR/Agent.450561.B



Hi, als der Pc neugestarted hat, hat sich automatisch der Antivir Guard wieder gemeldent (TR/Agent.450561.B)

Hier der Log:
Code:
ATTFilter
ComboFix 10-12-14.07 - Tobias 15.12.2010  15:40:20.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3959.2619 [GMT 1:00]
ausgeführt von:: c:\users\Tobias\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Tobias\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\Tobias\AppData\Local\Temp\0031FB.tmp"
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_X6VA003
-------\Service_X6va003


(((((((((((((((((((((((   Dateien erstellt von 2010-11-15 bis 2010-12-15  ))))))))))))))))))))))))))))))
.

2010-12-15 14:43 . 2010-12-15 14:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-15 13:14 . 2010-12-15 13:14	--------	d-----w-	c:\program files\CCleaner
2010-12-14 13:46 . 2010-12-14 13:47	--------	d-----w-	c:\program files (x86)\ERUNT
2010-12-14 13:34 . 2010-12-14 13:34	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Malwarebytes
2010-12-14 13:34 . 2010-12-14 13:34	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-14 13:34 . 2010-11-29 16:42	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-14 13:34 . 2010-12-14 13:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-14 13:34 . 2010-11-29 16:42	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-14 12:26 . 2010-11-10 05:35	8199504	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A61411BB-767E-43D0-898F-1A3324AFE882}\mpengine.dll
2010-12-13 16:53 . 2010-12-13 16:53	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2010-12-13 16:49 . 2010-12-13 16:49	--------	d-----w-	c:\programdata\McAfee Security Scan
2010-12-13 16:49 . 2010-12-13 16:49	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2010-12-11 16:04 . 2010-12-11 16:04	451072	----a-w-	c:\windows\uninstall\FAKEFACTORY_Cinematic\uninstall.exe
2010-12-11 15:55 . 2010-12-11 16:04	--------	d-----w-	c:\windows\Uninstall
2010-11-24 11:52 . 2010-10-19 08:47	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-11-24 11:52 . 2010-10-19 08:10	7680	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-18 14:28 . 2010-11-18 14:29	--------	d-----w-	c:\program files\iTunes
2010-11-18 14:28 . 2010-11-18 14:28	--------	d-----w-	c:\program files (x86)\iTunes
2010-11-18 14:28 . 2010-11-18 14:28	--------	d-----w-	c:\program files\iPod
2010-11-17 20:16 . 2010-11-17 20:16	--------	d-----w-	c:\program files (x86)\Traktor DJ 3
2010-11-15 19:08 . 2010-11-15 19:08	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Roxio

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 12:51 . 2010-10-25 12:51	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2010-10-24 13:57 . 2010-03-06 15:40	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2010-10-24 13:57 . 2010-03-06 15:40	66872	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2010-10-24 13:57 . 2010-10-24 13:57	669184	----a-w-	c:\windows\SysWow64\pbsvc.exe
2010-10-19 09:41 . 2010-01-27 20:34	270720	------w-	c:\windows\system32\MpSigStub.exe
2010-10-16 16:49 . 2010-03-06 15:46	215128	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2010-10-07 11:36 . 2010-10-07 11:36	119584	----a-w-	c:\windows\system32\dns-sd.exe
2010-09-28 14:44 . 2010-09-28 14:44	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2010-09-28 14:44 . 2010-09-28 14:44	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-12-15_13.32.04   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2010-12-15 12:20	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-15 14:24	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-15 14:24	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-15 12:20	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-15 14:24	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-15 12:20	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-15 14:44 . 2010-12-15 14:44	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-15 12:18 . 2010-12-15 12:18	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi4"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 163328]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 226304]
R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 162304]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys [2008-02-21 196992]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-10 834544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-19 202752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-08 6245744]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-05-28 33160]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF27228.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 2314120]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {E496B8DB-273D-4341-8708-7188838CC520} = 212.185.249.116,194.25.2.129
FF - ProfilePath - c:\users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\aj4glnmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1837355618-2121490773-1049443472-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:af,66,ac,b6,70,0e,a8,5c,4a,57,07,d5,ba,17,fc,f8,24,f3,69,10,63,90,66,
   8c,18,87,c7,19,60,e9,64,8a,8a,f8,76,76,a2,72,87,fb,8f,30,fe,dc,9d,47,cc,b0,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

[HKEY_USERS\S-1-5-21-1837355618-2121490773-1049443472-1000\Software\SecuROM\License information*]
"datasecu"=hex:57,d1,59,92,f9,9b,f4,7a,f7,ef,f3,25,9c,bf,45,f3,49,6b,3d,66,b1,
   3d,ed,9a,7e,c2,09,63,8a,21,61,c9,46,75,50,47,ce,29,fe,e9,e0,34,20,f7,17,33,\
"rkeysecu"=hex:83,28,1d,3c,d6,51,75,ff,74,0c,d1,88,3f,b7,e2,58

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-15  15:51:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-12-15 14:51
ComboFix2.txt  2010-12-15 13:32

Vor Suchlauf: 15 Verzeichnis(se), 858.059.116.544 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 857.592.270.848 Bytes frei

- - End Of File - - 841A2C38894A82E926FE9571CBF3A6F1
         
Hier noch die Quaratined-Filse Combofix:
Code:
ATTFilter
2010-12-15 14:43:13 . 2010-12-15 14:43:13               74 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_X6va003.reg.dat
2010-12-15 14:43:13 . 2010-12-15 14:43:13            1,034 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Legacy_X6VA003.reg.dat
2010-12-15 14:40:12 . 2010-12-15 14:40:12                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2010-12-15 13:32:37 . 2010-12-15 13:32:37            2,908 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-PunkBusterSvc.reg.dat
2010-12-15 13:32:31 . 2010-12-15 13:32:31               92 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2010-12-15 13:32:28 . 2010-12-15 13:32:28              534 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-MCODS.reg.dat
2010-12-15 13:32:28 . 2010-12-15 13:32:28              546 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-mcmscsvc.reg.dat
2010-12-15 13:32:23 . 2010-12-15 14:51:29              104 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2010-12-15 13:31:00 . 2010-12-15 14:42:56            3,198 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-12-15 13:26:58 . 2010-12-15 14:39:22              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
1999-08-18 17:54:00 . 1999-08-18 17:54:00          180,224 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\ijl11.dll.vir
         
MFG Tobi

Geändert von T04ST3R (15.12.2010 um 15:10 Uhr)

Antwort

Themen zu TR/Crypt.ZPACK.Gen und TR/Agent.450561.B
antivir, antivir guard, avira, bho, converter, desktop, firefox, frage, hacken, helper, hijack, hijackthis, internet, internet explorer, jusched.exe, log file, logfile, mozilla, mp3, plug-in, problem, rückgängig, software, system, syswow64, trojaner, virus, windows



Ähnliche Themen: TR/Crypt.ZPACK.Gen und TR/Agent.450561.B


  1. TR/Crypt.Zpack.96184 und TR/Crypt.Zpack.96450 entgültig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2014 (13)
  2. Vermute TR/Crypt.ZPACK.47328 und TR/Crypt.ZPACK.56424 auf dem Rechner
    Log-Analyse und Auswertung - 12.05.2014 (10)
  3. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  4. Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'
    Log-Analyse und Auswertung - 23.10.2012 (9)
  5. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  6. TR/Agent.379392.F, TR/Drop.Agent.dil, TR/Crypt.ZPACK.Gen2 bei AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (43)
  7. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  8. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  9. Befall TR/Crypt.ZPACK.Gen sowie Agent.AO.205 und Agent.AO.223
    Log-Analyse und Auswertung - 26.12.2010 (6)
  10. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  11. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  12. RKIT/agent.biiu, TR/agent.ruo, TR/Crypt.ZPACK.Gen alle guten Dinge sind drei hahahaha
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (25)
  13. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  14. TR/Crypt.ZPACK.gen und TR/Dldr.Agent.dnrt gehen nicht zu löschen
    Log-Analyse und Auswertung - 05.06.2010 (14)
  15. 'TR/Agent.155648.BU' und 'TR/Crypt.ZPACK.Gen' von AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.05.2010 (3)
  16. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
  17. TR/Crypt.ZPACK.Gen / TR AGENT variante /eventuell Rootkit laut GMER
    Plagegeister aller Art und deren Bekämpfung - 19.07.2009 (3)

Zum Thema TR/Crypt.ZPACK.Gen und TR/Agent.450561.B - Hallo zusammen, seit einigen Tagen geistern zwei seltsame Dateien auf meinem Pc herum TR/Crypt.ZPACK.Gen bzw. TR/Agent.450561.B (laut Avira Antivir). Deshalb gliedere ich hier gleich mal in zwei Teile: 1. TR/Crypt.ZPACK.Gen: - TR/Crypt.ZPACK.Gen und TR/Agent.450561.B...
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen und TR/Agent.450561.B auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.