Hallo ich ahbe ein ziemlich großes Problem, gestern abend ging mein PC quasi in die Brüche. Ich habe mir den System Tool Virus eingefangen seit dem geht nichts mehr.

Vorweg, es gab ein paar anzeichen vorher wie zum Beispiel Trojaner die gelöscht werden mussten (Antivir hat sie erkannt).
Außerdem kam bei Google Bilder die Meldung: "Kann nicht ausgeführt werden, ihr PC sendet automatische Anfragen" (so weit ich weiß kann das auf ein Botnetzwerk hinweisen, habe selbst überhaupt keine ahnung habs nur gegooglet.

Nunja gestern Abend surfte ich im Internet, als sich plötzlich mein Hintergrund änderte und mir System Tools alle 5 Sek. mit seiner "Sie haben 10 000 Viren Meldung" auf die nerven ging.
Wenns nur das wäre hätte ich auch keine Probleme, aber es kamen noch weitere Sachen hinzu die mir das PC Leben dann doch erschwerten.

1. Ich kann nichts mehr ausführen, kein hijack oder antivir ( welches sich, wen wunderts, komplett verkrümmelt hat ).
Ich kann noch das Internet ausführen, jedoch öffnet sich Opera garnicht, Firefox stürzt jede Minute ab ohen Grund und Chrome hat auch keine Lust.
Das einzigste was Problem los lief war Internet Explorer.

2. Task Manager funktioniert nicht mehr ( es kommt eine Meldung mit schwarzem bildschirm)

3. Systemwiederherstellung reagierte nicht mehr.

4. Der PC stürzte 2mal ab und es erschien ein Bluescreen mit der Meldung das ich den PC kaltstarten sollte und mir wenns niochmal passiert sorgen machen sollte (so in etwa ).
Bluescreen kam in beiden fällen, dazu muss ichs agen das der schonmal kam vor einigen Monaten, aber da wars halt das erste Mal und ich hab mir keine Gedanken gemacht.

Das ganze ist im normalen Modus.


Eben habe ich den PC über den abgesicherten Modus angemacht, und bis jetzt läuft alles.
Antivir macht egrade einen Systemcheck.
Ich kann auch System wiederherstellung amchen, sodass System Tools 2011 nicht drauf ist.
Das ist wenigstens mal eine Möglichkeit IRGENDETWAS zu machen...

Meine Frage, wie gehe ich am besten vor um den Virus restlos zu entfernen?

Ich würde erst Antivir zuende checken lassen, dann Systemwiederherstellung und alle Virenprogramme durchlaufen lassen die finden kann.
Allerdings scheint der Virus ja tief zu sitzen wenn sogar Bluescreen erscheint oder irrre ich mich?


Ganz schön langer Text, helft mir bitte trotzdem


DANKE


Edit: hijack file habe ich eben an diesem PC ausgewertet (externe festplatte sei dank) und er hat nichts gefunden.
Edit2: kann das evtl. daran liegen, das ich es im abgesicherten modus hab laufen lassen? kenn mich nicht aus ;D

ich habe jetzt im abgesicherten Modus Spybot durchlaufen lassen und CCleaner.

Spybot hat 106 Fehler behoben und der Virus scheint weg zu sein, wie es im moment scheint. das heißt es funktioniert alles wieder.

da der virus aber bestimmt nicht restlos weg ist, brauch ich immer noch hilfe..
welche logs soll ich posten? ich brauch meinen PC heute noch

Hallo pir4nha und willkommen am Trojaner Board,

je nach noch vorhandenem Befall kann so eine Bereinigung schon mal ein paar Tage dauern und an einem Tag wird das meist nix, das solltest du erstmal im Vorraus wissen (Wir Helfer können auch nicht nonstop online sein)


Vorweg ein paar Hinweise (Bitte beachten!):

• Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.
• Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst.
• Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.
• Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
• Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.
• Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.
• Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.
• Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis

Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:



Poste zuerst einmal die schon erstellten Logs, also von Avira Antivir und das von Spybot. Das Logfile von HijackThis ist nicht nötig.
Erstelle stattdessen mit dem folgenden Tool neue Logfiles und poste sie hierher:



Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Standard-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 30.12.2010 16:13:32 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\...\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 198,35 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: .. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
PRC - [2010.12.19 11:03:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.12.13 17:16:14 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.11.17 12:25:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010.11.05 14:37:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.10.16 00:57:30 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.10.08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
PRC - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.08.09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010.03.27 12:05:35 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.01.11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\nlssrv32.exe -- (nlsX86cc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.09 12:57:08 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.11.17 14:27:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.11.22 13:50:50 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 00 F7 5E 27 DB CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng46 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.19 15:52:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.19 11:03:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2010.12.22 12:11:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins
 
[2010.03.11 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2010.12.29 17:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions
[2010.03.12 16:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.06.25 13:51:36 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.10.30 19:36:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.25 13:51:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.22 17:54:38 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\illimitux@illimitux.net
[2010.06.25 13:51:31 | 000,000,000 | ---D | M] ("Strata40") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au
[2010.06.25 13:51:38 | 000,000,000 | ---D | M] (StrataBuddy) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\StrataBuddy@ReduxTeam
[2010.03.12 16:06:48 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\tabprogressbar@studio17.wordpress.com
[2010.06.25 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2010.03.10 15:56:06 | 000,000,931 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml
[2010.03.18 16:30:50 | 000,002,272 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml
[2010.12.29 17:51:46 | 000,000,950 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml
[2010.12.22 12:11:44 | 000,000,950 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml
[2010.12.17 16:08:25 | 000,001,056 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml
[2010.12.29 17:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.15 18:57:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.03.02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\chrome\mozapps\extensions
[2010.03.27 12:05:35 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.12.17 21:27:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.17 21:27:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.17 21:27:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.17 21:27:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.17 21:27:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.30 13:43:11 | 000,428,463 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14749 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Softonic-Eng46 Toolbar) - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng46 Toolbar) - {86BF3498-8C44-4C3D-BBFB-05BD50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\.\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ctfmions - (C:\Windows\system32\mshtHost.dll) - C:\Windows\SysWow64\mshtHost.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.30 16:08:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe
[2010.12.30 16:07:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part
[2010.12.30 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Malwarebytes
[2010.12.30 14:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.30 14:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.30 14:01:07 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.30 14:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.30 13:33:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe
[2010.12.30 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\backups
[2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.12.30 12:42:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.30 12:40:27 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\.\Desktop\spybotsd162.exe
[2010.12.30 12:40:21 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe
[2010.12.30 01:47:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.30 01:06:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\.\Desktop\HiJackThis204.exe
[2010.12.30 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFfKf09000
[2010.12.30 00:37:42 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Local\Adobe
[2010.12.29 18:01:58 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\Render
[2010.12.29 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\PSDS
[2010.12.29 12:52:05 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Adobe
[2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Opera
[2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Local\Opera
[2010.12.22 12:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010.12.22 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
[2010.12.21 21:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2010.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Avira
[2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.12.18 20:03:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.12.18 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.12.15 11:35:44 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 11:35:44 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 11:35:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 11:35:44 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 11:35:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.15 11:35:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 11:35:44 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.15 11:35:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.15 11:35:43 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 11:35:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 11:35:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 11:35:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 11:35:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.15 11:35:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.15 11:35:35 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.15 11:35:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 11:35:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 11:35:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 11:35:26 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 11:35:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 11:35:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 11:35:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 11:35:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 11:35:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 11:35:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 11:35:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 11:35:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 11:35:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 11:35:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.09 12:57:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2010.12.09 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe
[2010.12.30 16:08:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part
[2010.12.30 15:36:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.30 14:12:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.30 14:12:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.30 14:09:58 | 001,613,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.30 14:09:58 | 000,696,862 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.30 14:09:58 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.30 14:09:58 | 000,148,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.30 14:09:58 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.30 14:07:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.30 14:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.30 14:04:55 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.30 14:01:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 13:53:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.30 13:53:07 | 000,066,999 | ---- | M] () -- C:\Users\.\Desktop\Unbenannt-2.jpg
[2010.12.30 13:43:11 | 000,428,463 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.12.30 13:33:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe
[2010.12.30 12:47:18 | 000,001,262 | ---- | M] () -- C:\Users\.\Desktop\Spybot - Search & Destroy.lnk
[2010.12.30 12:38:28 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\.\Desktop\spybotsd162.exe
[2010.12.30 12:31:12 | 002,976,440 | ---- | M] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe
[2010.12.30 02:19:33 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2010.12.30 01:00:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\.\Desktop\HiJackThis204.exe
[2010.12.30 00:52:06 | 000,296,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.29 22:09:45 | 000,061,583 | ---- | M] () -- C:\Users\.\Desktop\nature-signature.jpg
[2010.12.29 20:39:27 | 000,020,268 | ---- | M] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.ttf
[2010.12.29 20:38:58 | 000,160,343 | ---- | M] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.jpg
[2010.12.29 18:10:12 | 000,232,284 | ---- | M] () -- C:\Users\.\Desktop\allianz_arena_2.jpg
[2010.12.29 17:59:48 | 057,914,401 | ---- | M] () -- C:\Users\.\Desktop\Real Render by TribunX.7z
[2010.12.29 17:59:23 | 050,234,709 | ---- | M] () -- C:\Users\.\Desktop\dergruene.rar
[2010.12.29 17:46:04 | 000,049,651 | ---- | M] () -- C:\Users\.\Desktop\W_Solo.jpg
[2010.12.29 14:56:45 | 006,670,715 | ---- | M] () -- C:\Users\.\Desktop\Sui's Psd Pack Nr.1.rar
[2010.12.28 18:56:23 | 000,159,557 | ---- | M] () -- C:\Users\.\Desktop\Unbenannt-1.jpg
[2010.12.28 18:50:28 | 000,121,849 | ---- | M] () -- C:\Users\.\Desktop\Cod Steam Flynt.jpg
[2010.12.28 18:21:39 | 000,373,544 | ---- | M] () -- C:\Users\.\Desktop\INFECTED_Font_by_asianpride7625.zip
[2010.12.28 16:08:15 | 014,163,122 | ---- | M] () -- C:\Users\.\Desktop\COD.psd
[2010.12.28 16:08:06 | 006,221,522 | ---- | M] () -- C:\Users\.\Desktop\kugel.psd
[2010.12.28 15:42:36 | 002,047,499 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-modernwarfare2-1.jpg
[2010.12.28 15:31:38 | 000,001,825 | ---- | M] () -- C:\Users\.\Desktop\mushir_patternset1.pat
[2010.12.28 15:30:27 | 000,002,068 | ---- | M] () -- C:\Users\.\Desktop\attachment.jpg
[2010.12.28 15:09:16 | 001,767,732 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-284412.png
[2010.12.28 14:44:19 | 003,386,135 | ---- | M] () -- C:\Users\.\Desktop\GrungeBrushes3_by_KeReN_R.zip
[2010.12.28 13:20:58 | 000,634,020 | ---- | M] () -- C:\Users\.\Desktop\1293455011_itachisasuke.psd
[2010.12.28 12:08:25 | 000,462,991 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-177338.jpg
[2010.12.27 22:00:05 | 000,507,347 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.jpg
[2010.12.27 20:43:32 | 006,039,469 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.psd
[2010.12.27 20:34:02 | 000,824,683 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.png
[2010.12.21 21:26:24 | 033,554,432 | ---- | M] () -- C:\Users\.\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.18 11:51:10 | 000,102,236 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.12.16 14:08:58 | 184,554,007 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_3.zip
[2010.12.16 14:07:52 | 146,067,426 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_4.zip
[2010.12.16 14:03:00 | 067,044,414 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_2.zip
[2010.12.16 11:39:47 | 113,462,666 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack.zip
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.30 14:01:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 13:53:06 | 000,066,999 | ---- | C] () -- C:\Users\.\Desktop\Unbenannt-2.jpg
[2010.12.30 12:44:13 | 000,001,262 | ---- | C] () -- C:\Users\.\Desktop\Spybot - Search & Destroy.lnk
[2010.12.30 12:42:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.30 01:46:04 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2010.12.29 22:09:44 | 000,061,583 | ---- | C] () -- C:\Users\.\Desktop\nature-signature.jpg
[2010.12.29 20:39:26 | 000,020,268 | ---- | C] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.ttf
[2010.12.29 20:38:58 | 000,160,343 | ---- | C] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.jpg
[2010.12.29 18:10:12 | 000,232,284 | ---- | C] () -- C:\Users.\Desktop\allianz_arena_2.jpg
[2010.12.29 18:02:01 | 000,222,322 | ---- | C] () -- C:\Users\.\Desktop\LIL-Wayne-psd51253.png
[2010.12.29 17:57:28 | 050,234,709 | ---- | C] () -- C:\Users\.\Desktop\dergruene.rar
[2010.12.29 17:56:09 | 057,914,401 | ---- | C] () -- C:\Users\.\Desktop\Real Render by TribunX.7z
[2010.12.29 17:46:04 | 000,049,651 | ---- | C] () -- C:\Users\.\Desktop\W_Solo.jpg
[2010.12.29 14:56:33 | 006,670,715 | ---- | C] () -- C:\Users\.\Desktop\Sui's Psd Pack Nr.1.rar
[2010.12.28 18:56:21 | 000,159,557 | ---- | C] () -- C:\Users\.\Desktop\Unbenannt-1.jpg
[2010.12.28 18:47:42 | 000,121,849 | ---- | C] () -- C:\Users\.\Desktop\Cod Steam Flynt.jpg
[2010.12.28 18:22:06 | 000,076,548 | ---- | C] () -- C:\Users\.\Desktop\INFECTED.ttf
[2010.12.28 18:21:39 | 000,373,544 | ---- | C] () -- C:\Users\.\Desktop\INFECTED_Font_by_asianpride7625.zip
[2010.12.28 16:08:13 | 014,163,122 | ---- | C] () -- C:\Users\.\Desktop\COD.psd
[2010.12.28 16:08:05 | 006,221,522 | ---- | C] () -- C:\Users\.\Desktop\kugel.psd
[2010.12.28 15:42:36 | 002,047,499 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-modernwarfare2-1.jpg
[2010.12.28 15:31:37 | 000,001,825 | ---- | C] () -- C:\Users\.\Desktop\mushir_patternset1.pat
[2010.12.28 15:30:27 | 000,002,068 | ---- | C] () -- C:\Users\.\Desktop\attachment.jpg
[2010.12.28 15:09:16 | 001,767,732 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-284412.png
[2010.12.28 14:48:13 | 004,740,138 | ---- | C] () -- C:\Users\.\Desktop\GrungeBrushes3 by KeReN-R.abr
[2010.12.28 14:44:14 | 003,386,135 | ---- | C] () -- C:\Users\.\Desktop\GrungeBrushes3_by_KeReN_R.zip
[2010.12.28 13:20:56 | 000,634,020 | ---- | C] () -- C:\Users\.\Desktop\1293455011_itachisasuke.psd
[2010.12.27 22:00:04 | 000,507,347 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-297605.jpg
[2010.12.27 20:43:30 | 006,039,469 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-297605.psd
[2010.12.27 20:34:02 | 000,824,683 | ---- | C] () -- C:\Users\..\Desktop\wallpaper-297605.png
[2010.12.27 20:14:16 | 000,462,991 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-177338.jpg
[2010.12.21 21:23:49 | 033,554,432 | ---- | C] () -- C:\Users\.\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64
[2010.12.16 13:59:35 | 146,067,426 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_4.zip
[2010.12.16 13:58:52 | 184,554,007 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_3.zip
[2010.12.16 13:57:51 | 067,044,414 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_2.zip
[2010.12.16 11:36:08 | 113,462,666 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack.zip
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.07.05 17:48:54 | 000,008,704 | ---- | C] () -- C:\Users\.\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.05 17:41:22 | 000,001,226 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.07.05 17:33:06 | 000,000,123 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.06.21 13:13:11 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.06.05 17:10:52 | 000,000,661 | ---- | C] () -- C:\Users\.\AppData\Roaming\clipboard.txt
[2010.05.03 13:42:49 | 001,590,194 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002.10.06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002.10.05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002.10.05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002.10.05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
 
========== LOP Check ==========
 
[2010.10.01 23:35:53 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Alien Skin
[2010.03.18 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Canon
[2010.12.30 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\DNA
[2010.11.22 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\gtk-2.0
[2010.12.17 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Hiku
[2010.12.28 19:21:16 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\ICQ
[2010.05.03 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\iTSfv
[2010.12.17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Ogetv
[2010.03.15 20:26:00 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\OpenOffice.org
[2010.12.22 12:28:48 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Opera
[2010.03.21 20:32:12 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Teeworlds
[2010.10.02 13:16:59 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\TS3Client
[2010.12.16 10:24:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

extra:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 30.12.2010 16:13:32 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 198,35 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
 
Computer Name: -PC | User Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"iTSfv_is1" = iTSfv 5.61.0.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Album Art Downloader XUI" = Album Art Downloader XUI 0.33
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Eye Candy 6" = Alien Skin Eye Candy 6
"Fraps" = Fraps
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Gothic II" = Gothic II
"Guild Wars" = GUILD WARS
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"JDownloader" = JDownloader
"LHTTSGED" = L&H TTS3000 Deutsch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b8 (x86 de)" = Mozilla Firefox 4.0b8 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NAVIGON Fresh" = NAVIGON Fresh 3.0.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Opera 11.00.1156" = Opera 11.00
"paw·ned²" = paw·ned² v1.3
"PunkBusterSvc" = PunkBuster Services
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Softonic-Eng46 Toolbar" = Softonic-Eng46 Toolbar
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 4560" = Company of Heroes
"Steam App 47770" = Medal of Honor Beta
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Steamless Day of Defeat Source Pack" = Steamless Day of Defeat Source Pack
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2010 21:16:51 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 29.12.2010 21:17:42 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 29.12.2010 21:22:13 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 29.12.2010 21:22:14 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 29.12.2010 21:24:36 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 30.12.2010 06:36:15 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 30.12.2010 06:37:18 | Computer Name = -PC | Source = VSS | ID = 8193
Description = 
 
Error - 30.12.2010 06:37:18 | Computer Name = -PC | Source = System Restore | ID = 8193
Description = 
 
Error - 30.12.2010 06:48:32 | Computer Name = -PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cchrome.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cffee6d  Name des fehlerhaften Moduls: chrome.dll, Version: 8.0.552.224, Zeitstempel:
 0x4cffee38  Ausnahmecode: 0x80000003  Fehleroffset: 0x000d1649  ID des fehlerhaften Prozesses:
 0x5a4  Startzeit der fehlerhaften Anwendung: 0x01cba80f0f22ac3e  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Google\Chrome\Application\cchrome.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\chrome.dll
Berichtskennung:
 576b3937-1402-11e0-b727-ad342654e7b7
 
Error - 30.12.2010 08:00:42 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
[ System Events ]
Error - 14.07.2010 06:59:15 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?07.?2010 um 12:57:59 unerwartet heruntergefahren.
 
Error - 15.07.2010 08:32:33 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?07.?2010 um 14:31:21 unerwartet heruntergefahren.
 
Error - 18.07.2010 16:50:07 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?07.?2010 um 22:47:45 unerwartet heruntergefahren.
 
Error - 23.07.2010 03:16:57 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?07.?2010 um 09:15:27 unerwartet heruntergefahren.
 
Error - 28.07.2010 05:53:35 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?07.?2010 um 11:52:21 unerwartet heruntergefahren.
 
Error - 29.07.2010 15:19:55 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?07.?2010 um 21:18:17 unerwartet heruntergefahren.
 
Error - 31.07.2010 13:58:46 | Computer Name = -PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 11.08.2010 06:21:53 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?08.?2010 um 12:20:07 unerwartet heruntergefahren.
 
Error - 12.08.2010 08:59:50 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?08.?2010 um 14:56:10 unerwartet heruntergefahren.
 
Error - 15.08.2010 05:51:20 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?08.?2010 um 11:49:07 unerwartet heruntergefahren.
 
 
< End of report >
         

antivirr hab ich nicht zuende gemacht und spybot find ichd en log nicht.

Schau wegen Spybot mal hier:


1.) Berichte in Spybot Search&Destroy anzeigen lassen

Spybot starten => im Menü Modus => erweiterter Modus einstellen => links auf Werkzeuge klicken => Berichte anzeigen => Bericht anzeigen => Bericht kopieren und hier einfügen. Ältere Berichte kannst Du über "Frühere Berichte ansehen" anzeigen lassen.



Und falls Avira Funde gemacht hat:


2.) Avira Antivir - Was wurde gefunden?

Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:

• Starte Avira Antivir
• Unter dem Reiter Übersicht auf Ereignisse klicken
• Dort bitte überprüfen, dass oben Alle angehakt sind und unter Filter nur das Kästchen Fund, die anderen bitte auslassen.
• Alle Funde markieren (Sofern vorhanden)
• Oben auf den runden Pfeil klicken (Ausgewählte Ereignisse exportieren)
• Unter dem vorgegebenen Namen abspeichern und den Inhalt dieser .txt-Datei hier ebenfalls posten.

okay antivir hat nichts gefunden


spybotlog:

Code: Alles auswählenAufklappen

ATTFilter

--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-12-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi
2010-11-30 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2010-12-14 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2010-11-30 Includes\Hijackers.sbi
2010-11-30 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2010-12-14 Includes\Keyloggers.sbi
2010-12-14 Includes\KeyloggersC.sbi
2010-12-14 Includes\Malware.sbi
2010-12-28 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-12-14 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-12-14 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-12-28 Includes\Spyware.sbi
2010-12-28 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi
2010-12-17 Includes\TrojansC-02.sbi
2010-12-16 Includes\TrojansC-03.sbi
2010-12-16 Includes\TrojansC-04.sbi
2010-12-28 Includes\TrojansC-05.sbi
2010-12-28 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
   file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
   size: 932288
    MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
   file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
   size: 35760
    MD5: 466CE40EAA865752F4930A472563E4E1

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
   file: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
   size: 47904
    MD5: 5ECB6C431E7F4F4BF3113B5145F6EF41

Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
   file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
   size: 281768
    MD5: 61941D4566C3B09F377E0E1A97BD0D9A

Located: HK_LM:Run, DivXUpdate
command: "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
   file: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
   size: 1226608
    MD5: A58E05767687E1E636D160ECEA9BC8ED

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
   file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
   size: 421160
    MD5: E5B82EA4B98828D50C61137BFA8793F1

Located: HK_LM:Run, LogMeIn Hamachi Ui
command: "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
   file: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
   size: 1910152
    MD5: 9099462DE4CB8AFA9FD66832B8EFE00F

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
   file: C:\Program Files (x86)\QuickTime\QTTask.exe
   size: 421888
    MD5: 0AEE5668EB59912F32FF245BFA72465F

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
   file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   size: 246504
    MD5: E0D6538B62C79FCBF0B27F95FAF3208B

Located: HK_CU:Run, Sidebar
  where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
   file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
   size: 1173504
    MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin
  where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
   file: C:\Windows\System32\mctadmin.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
  where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
   file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
   size: 1173504
    MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin
  where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
   file: C:\Windows\System32\mctadmin.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, Pando Media Booster
  where: S-1-5-21-1130963293-2590934308-1779700388-1001...
command: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
   file: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
   size: 2937528
    MD5: 7C6FCBAF1BE7513C5BC5B90519EE59DF

Located: Startup (allgemein), GamersFirst LIVE!.lnk
  where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
   file: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
   size: 2845552
    MD5: 2A7C1ED70988284E5C11D8BD1AB9F9FA

Located: Startup (Benutzer), OpenOffice.org 3.2.lnk
  where: C:\Users\Hauke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
   file: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
   size: 384000
    MD5: 28675E96E9CC2A81C0B0E182674E03C7



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: AcroIEHelperStub
        CLSID name: Adobe PDF Link Helper
              Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
         Long name: AcroIEHelperShim.dll
        Short name:       ACROIE~2.DLL
    Date (created): 21.12.2009 17:27:44
Date (last access): 16.05.2010 18:33:24
 Date (last write): 21.12.2009 17:27:44
          Filesize:              75200
        Attributes:           archive 
               MD5: DC1E56092CC57FB4605B088D3DCCBF7A
             CRC32:           FF82C62B
           Version:          9.3.0.148

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} (Canon Easy-WebPrint EX BHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: Canon Easy-WebPrint EX BHO
        CLSID name: Canon Easy-WebPrint EX BHO
              Path: C:\Program Files (x86)\Canon\Easy-WebPrint EX\
         Long name:       ewpexbho.dll
        Short name:                   
    Date (created): 15.03.2010 22:10:16
Date (last access): 15.03.2010 22:10:16
 Date (last write): 25.11.2009 11:16:22
          Filesize:             202080
        Attributes:           archive 
               MD5: 6A37CDFFE611498A0AA90B6FC6A2A1B5
             CRC32:           964CC614
           Version:            1.1.0.0

{86bf3498-8c44-4c3d-bbfb-05bd50858039} (Softonic-Eng46 Toolbar)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Softonic-Eng46 Toolbar
              Path: C:\Program Files (x86)\Softonic-Eng46\
         Long name:         tbSoft.dll
        Short name:                   
    Date (created): 09.05.2010 13:00:18
Date (last access): 09.05.2010 13:00:18
 Date (last write): 22.02.2010 11:05:02
          Filesize:            2353176
        Attributes:           archive 
               MD5: 1FECF655218FDF7329BEA67F519C8642
             CRC32:           EEFAFA9D
           Version:            5.3.5.4

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID-Anmelde-Hilfsprogramm)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Windows Live ID-Anmelde-Hilfsprogramm
              Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
         Long name: WindowsLiveLogin.dll
        Short name:       WINDOW~1.DLL
    Date (created): 21.09.2010 14:08:38
Date (last access): 06.11.2010 15:32:14
 Date (last write): 21.09.2010 14:08:38
          Filesize:             439168
        Attributes:           archive 
               MD5: 6BF01E200063D7274F3AF06D226671F5
             CRC32:           C8953126
           Version:       7.250.4225.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Java(tm) Plug-In 2 SSV Helper
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:         jp2ssv.dll
        Short name:                   
    Date (created): 15.03.2010 20:20:48
Date (last access): 15.03.2010 20:20:48
 Date (last write): 15.03.2010 20:20:48
          Filesize:              41760
        Attributes:           archive 
               MD5: 883EF2DD3C9F68691CE02DAAC7267D41
             CRC32:           C0FCD56C
           Version:          6.0.180.7



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_18
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                   
    Date (created): 15.03.2010 20:20:48
Date (last access): 15.03.2010 20:20:48
 Date (last write): 15.03.2010 20:20:48
          Filesize:             108320
        Attributes:           archive 
               MD5: AD9E4059789D2389B746C58421194722
             CRC32:           64C51ACB
           Version:          6.0.180.7

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_18
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                   
    Date (created): 15.03.2010 20:20:48
Date (last access): 15.03.2010 20:20:48
 Date (last write): 15.03.2010 20:20:48
          Filesize:             108320
        Attributes:           archive 
               MD5: AD9E4059789D2389B746C58421194722
             CRC32:           64C51ACB
           Version:          6.0.180.7

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_18
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
       description: 
    classification: Legitimate
    known filename: npjpi150_06.dll
         info link: 
       info source: Safer Networking Ltd.
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:    npjpi160_18.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 15.03.2010 20:20:50
Date (last access): 15.03.2010 20:20:50
 Date (last write): 15.03.2010 20:20:50
          Filesize:             136992
        Attributes:           archive 
               MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF
             CRC32:           23BC9EDD
           Version:          6.0.180.7

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
          DPF name: 
        CLSID name: Shockwave Flash Object
         Installer: C:\Windows\Downloaded Program Files\swflash.inf
          Codebase: hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
       description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename: 
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Windows\SysWow64\Macromed\Flash\
         Long name:       Flash10e.ocx
        Short name:                   
    Date (created): 27.01.2010 01:58:36
Date (last access): 15.03.2010 17:42:30
 Date (last write): 27.01.2010 01:58:36
          Filesize:            3981080
        Attributes:  readonly archive 
               MD5: C06E6E160F34CE092301BD2B29067F3F
             CRC32:           D922F8F5
           Version:          10.0.45.2



--- Process list ---
PID:    0 (   0) [System]
PID: 2904 (2656) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
 size: 2937528
  MD5: 7C6FCBAF1BE7513C5BC5B90519EE59DF
PID: 2960 (2656) C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
 size: 2845552
  MD5: 2A7C1ED70988284E5C11D8BD1AB9F9FA
PID:  744 (3024) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
 size: 7424000
  MD5: ABC2C67DFD48930F846934B907C3D606
PID: 1876 ( 744) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
 size: 7418368
  MD5: 15D982E21248E9BE337D9B40247AF30E
PID: 2896 (2964) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 size: 281768
  MD5: 61941D4566C3B09F377E0E1A97BD0D9A
PID: 3004 (2964) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 size: 246504
  MD5: E0D6538B62C79FCBF0B27F95FAF3208B
PID:  964 (2964) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
 size: 1910152
  MD5: 9099462DE4CB8AFA9FD66832B8EFE00F
PID: 2732 (2964) C:\Program Files (x86)\iTunes\iTunesHelper.exe
 size: 421160
  MD5: E5B82EA4B98828D50C61137BFA8793F1
PID: 2312 (2964) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 size: 1226608
  MD5: A58E05767687E1E636D160ECEA9BC8ED
PID: 3780 (3488) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
 size: 13088
  MD5: 0933539E330EDBDEB81277AE5F84E7DF
PID:  660 (3004) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 size: 490216
  MD5: E9638B0CBB5DAE86F6E9DA843C19399D
PID: 3024 (2656) C:\Program Files (x86)\iTunes\iTunes.exe
 size: 9777448
  MD5: B52E84B0CB3A58CE93A7FBA19ADAC2ED
PID: 3944 (3024) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
 size: 37664
  MD5: 3C029253D99D17D76D0BD78F5134D7F6
PID: 1268 (2656) C:\Program Files (x86)\Steam\Steam.exe
 size: 1242448
  MD5: 3DD25048297A24AB4B3BFC17ABA5D0DB
PID: 2948 (2656) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 size: 912344
  MD5: 0E20A3213ED010FC4997D1EF48082ABC
PID: 3044 (2948) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
 size: 16856
  MD5: BA9A09CF1B9503C363617F3748F6D791
PID: 1488 (2656) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 size: 5365592
  MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID:    4 (   0) System
PID:  260 (   4) smss.exe
PID:  340 ( 332) csrss.exe
PID:  400 ( 332) wininit.exe
 size: 96256
PID:  428 ( 392) csrss.exe
PID:  460 ( 400) services.exe
PID:  476 ( 400) lsass.exe
PID:  484 ( 400) lsm.exe
PID:  540 ( 392) winlogon.exe
PID:  624 ( 460) svchost.exe
 size: 20992
PID:  708 ( 460) nvvsvc.exe
PID:  748 ( 460) svchost.exe
 size: 20992
PID:  844 ( 460) svchost.exe
 size: 20992
PID:  876 ( 460) svchost.exe
 size: 20992
PID:  904 ( 460) svchost.exe
 size: 20992
PID:  984 ( 844) audiodg.exe
PID:  352 ( 460) svchost.exe
 size: 20992
PID:  588 ( 460) svchost.exe
 size: 20992
PID: 1136 ( 708) nvvsvc.exe
PID: 1184 ( 460) spoolsv.exe
PID: 1212 ( 460) sched.exe
PID: 1252 ( 460) svchost.exe
 size: 20992
PID: 1380 ( 460) svchost.exe
 size: 20992
PID: 1400 ( 460) avguard.exe
PID: 1428 ( 460) AppleMobileDeviceService.exe
PID: 1504 ( 460) mDNSResponder.exe
PID: 1548 ( 460) svchost.exe
 size: 20992
PID: 1580 ( 460) hamachi-2.exe
PID: 1604 ( 460) ICQ Service.exe
PID: 1664 (1400) avshadow.exe
PID: 1672 ( 340) conhost.exe
PID: 1736 ( 460) nlssrv32.exe
 size: 57344
PID: 1804 ( 460) PnkBstrA.exe
 size: 75064
PID: 1828 ( 460) nvSCPAPISvr.exe
PID: 1888 ( 460) WLIDSVC.EXE
PID: 1980 (1888) WLIDSVCM.EXE
PID: 2352 ( 460) svchost.exe
 size: 20992
PID: 3060 ( 460) svchost.exe
 size: 20992
PID: 2436 ( 460) wmpnetwk.exe
PID: 2172 ( 460) SearchIndexer.exe
 size: 428032
PID: 2484 ( 460) C:\Windows\System32\taskhost.exe
PID: 2300 ( 876) C:\Windows\System32\dwm.exe
PID: 2656 (2272) C:\Windows\explorer.exe
 size: 2870272
  MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
PID: 2908 (2656) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
 size: 2184520
  MD5: BA636F9E95FA09C1F7A0F394B75AC85B
PID: 3380 ( 460) iPodService.exe
PID: 4024 ( 460) svchost.exe
 size: 20992
PID: 3808 ( 428) C:\Windows\System32\conhost.exe
PID: 3136 ( 428) C:\Windows\System32\conhost.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 30.12.2010 17:09:24

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  hxxp://www.google.de/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  hxxp://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol  0: MSAFD-Tcpip [TCP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  1: MSAFD-Tcpip [UDP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  2: MSAFD-Tcpip [RAW/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  3: MSAFD-Tcpip [TCP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  4: MSAFD-Tcpip [UDP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  5: MSAFD-Tcpip [RAW/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  6: RSVP-TCPv6-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  7: RSVP-TCP-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  8: RSVP-UDPv6-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  9: RSVP-UDP-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Namespace Provider  0: NLA (Network Location Awareness, NLAv1)-Namespace
        GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: 
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: NLA-Namespace

Namespace Provider  1: TCP/IP
        GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: 
 Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: TCP/IP

Namespace Provider  2: NTDS
        GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\winrnr.dll
 DB protocol: NTDS

Namespace Provider  3: E-Mail-Namenshimanbieter
        GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename: 

Namespace Provider  4: PNRP-Wolken-Namespaceanbieter
        GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename: 

Namespace Provider  5: PNRP-Namen-Namespaceanbieter
        GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename: 

Namespace Provider  6: mdnsNSP
        GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
 Description: Apple Rendezvous protocol
 DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
 DB protocol: mdnsNSP

Namespace Provider  7: WindowsLive NSP
        GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
    Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider  8: WindowsLive Local NSP
        GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
    Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
         

Soweit erstmal nichts ernstes zu sehen.


1.) Deinstallation von Software

• -> Start
• -> Systemsteuerung
• -> Programme und Funktionen
• -> Programm deinstallieren
• Wähle nun jeweils eine Software aus:
  
  Code: Alles auswählenAufklappen

  ATTFilter

  Skype Toolbars
  Google Update Helper
  ICQ Toolbar
  softonic-de3 Toolbar
  Softonic-Eng46 Toolbar
           

• -> ändern/entfernen und deinstallieren.

Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist.





2.) Fixen mit OTL

• Starte bitte die OTL.exe.
  Vista-&Win7-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.
  
  Denke daran den "." wieder in deinen Benutzernamen zu ändern!
  
  
  Code: Alles auswählenAufklappen

  ATTFilter

  :OTL
  SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
  IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
  IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O36 - AppCertDlls: ctfmions - (C:\Windows\system32\mshtHost.dll) - C:\Windows\SysWow64\mshtHost.dll File not found
  [2010.12.30 16:07:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part
  [2010.12.30 13:33:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe
  [2010.12.30 12:40:21 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe
  :Commands
  [PURITY]
  [EMPTYTEMP]
  [CREATERESTOREPOINT]
           

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• Klick auf OK.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.) Malwarebytes Antimalware
Downloade Malwarebytes Anti-Malware von einem dieser Downloadspiegel:

Malwarebytes - MajorGeeks.com - BestTechie

• Anwendbar auf Windows 2000, XP, Vista und Win7.
• Installiere das Programm in den vorgegebenen Pfad.
• Denke daran, bei Vista & Win 7 das Programm als Admin zu starten, ansonsten per Doppelklick starten.
• Lasse es online updaten (Reiter Aktualisierung), wenn das nicht automatisch passiert.
• Aktiviere "Vollständigen Suchlauf durchführen" => Scan.
• Wähle alle verfügbaren Laufwerke aus und starte den Scan.
• Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
• Versichere Dich, dass alle Funde markiert sind.
• Achtung: Bitte alle Funde, die im Ordner "C:\System Volume Information" gemacht werden sollten, vorerst noch nicht markieren sie sollen noch bestehen bleiben und können nichts anrichten.
• Drücke auf "Löschen"
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
• Berichte, wie der Rechner nun läuft.

4.) Eset Online Scan
ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

• Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
  
  Button (<< klick) drücken.
  
  • Firefox-User:
    Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User:
    müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Scan archives".
• Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

• Klicke Finish.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.

Bitte poste in deiner nächsten Antwort:

• Das Logfile vom OTL-Fix (Schritt 2)
• Das Logfile von Malwarebytes Antimalware (Schritt 3)
• Das Logfile vom Eset Onlinescan (Schritt 4)