Kann jmd mein Hijacklog ansehen

#1 Also wie Titel sagt: kann jmd über mein hijacklock rüberschaun??
Ich hab da so ein Verdacht das ich mir da etwas Eingefangen habe ...
Unwar hat es mit dem dns client und hostprozess zu tun.
Wenn ich mit dem Browser unterwegs bin lagt es ziemlich also harckt,
zum Beispiel gebe ich was bei Google ein und die Buchstaben kommen erst Sekunden später.
Und die Seiten brauchen sehr lange zum Laden.
Ich bekomme auch Fehlermeldungen:
Hostprozess für windows-Dienste wurde beendet und geschlossen.Die Anwendung wird aufgrund eines Problems nicht mehr richtig ausgeführt.Sie erhalten Nachricht, wenn eine Lösung verfügbar ist.

Hijack logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:49:43, on 20.04.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Users\Niko\Bluebirds\BlueBirds.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Gaming Mouse\Gaming Mouse.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\ICQ7.5\ICQ.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Gaming Mouse] "C:\Gaming Mouse\Gaming Mouse.exe" /hide
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [bluebirds] C:\Users\Niko\Bluebirds\BlueBirds.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12666 bytes

#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu


Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

#3 OTL logfile created on: 23.04.2011 13:40:44 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Niko\Desktop\VS Viren und treiber\Viren
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,80 Gb Total Space | 121,27 Gb Free Space | 35,48% Space Free | Partition Type: NTFS
Drive D: | 356,83 Gb Total Space | 232,72 Gb Free Space | 65,22% Space Free | Partition Type: NTFS
Drive E: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NIKOS-PC | User Name: Niko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.04.23 13:11:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Niko\Desktop\VS Viren und treiber\Viren\OTL.exe
PRC - [2011.04.10 14:51:04 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.18 14:44:12 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.07 13:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.07.07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011.04.23 13:11:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Niko\Desktop\VS Viren und treiber\Viren\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011.04.18 16:18:25 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.10 14:51:04 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.30 22:25:04 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011.03.18 14:44:12 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.08 16:57:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010.11.08 16:52:08 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.11.06 23:33:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.09.08 21:46:00 | 003,852,792 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.08.02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011.03.25 22:58:06 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.25 22:08:35 | 000,867,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.03.04 15:36:34 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.03.04 15:36:34 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.16 14:40:22 | 000,030,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Gun64.sys -- (Gun)
DRV:64bit: - [2010.11.12 01:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.10.25 19:04:46 | 000,384,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010.08.03 17:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tapoas.sys -- (tapoas)
DRV:64bit: - [2010.07.07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010.07.07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.07.07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.07.07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.07.07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.07.07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.07.07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.07.07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.07.07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.07.07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2010.07.07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2010.07.07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2010.07.07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2010.07.07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2000.03.29 16:17:42 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS -- (Asushwio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.11 23:40:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.18 23:17:08 | 000,000,000 | ---D | M]

[2011.02.13 17:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niko\AppData\Roaming\mozilla\Extensions
[2011.02.13 17:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niko\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2011.04.18 20:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niko\AppData\Roaming\mozilla\Firefox\Profiles\5npgl0e8.default\extensions
[2011.02.20 23:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niko\AppData\Roaming\mozilla\Firefox\Profiles\5npgl0e8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash
[2011.03.13 01:19:08 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Niko\AppData\Roaming\mozilla\Firefox\Profiles\5npgl0e8.default\extensions\personas@christopher.beard
[2011.01.21 23:04:46 | 000,000,950 | ---- | M] () -- C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\5npgl0e8.default\searchplugins\icqplugin-1.xml
[2011.04.18 23:06:14 | 000,000,950 | ---- | M] () -- C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\5npgl0e8.default\searchplugins\icqplugin-2.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\5npgl0e8.default\searchplugins\icqplugin.xml
[2011.04.18 21:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.09 22:46:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.10 14:58:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.18 21:58:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010.11.07 23:24:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.18 21:58:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.24 23:01:13 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.04.08 19:35:56 | 000,432,311 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14882 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Gaming Mouse] C:\Gaming Mouse\Gaming Mouse.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [bluebirds] C:\Users\Niko\Bluebirds\BlueBirds.exe (LG Electronics)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Niko\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Niko\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.29 11:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.04.23 13:18:02 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\Malwarebytes
[2011.04.23 13:17:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.23 13:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.23 13:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 13:17:39 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.23 13:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.23 13:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011.04.23 13:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.23 13:03:45 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.23 13:03:43 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.23 13:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.04.23 13:01:57 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.23 13:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.04.23 12:59:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.20 15:39:40 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.04.20 15:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.04.19 10:38:19 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2011.04.19 10:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2011.04.18 21:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.04.18 21:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.04.18 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\Niko\Desktop\VS Viren und treiber
[2011.04.18 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Niko\Documents\ICQ
[2011.04.18 20:36:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011.04.18 10:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.04.18 10:55:28 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\ICQ
[2011.04.18 10:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011.04.14 23:36:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011.04.14 17:06:06 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\IObit
[2011.04.12 18:47:56 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Local\Microsoft Games
[2011.04.11 23:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2011.04.11 23:36:01 | 000,068,096 | R--- | C] (AVM Berlin) -- C:\Windows\avmadd32.dll
[2011.04.11 23:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick
[2011.04.11 23:34:19 | 000,000,000 | ---D | C] -- C:\Users\Niko\AVM_Driver
[2011.04.11 23:30:49 | 000,480,632 | ---- | C] (AVM Berlin) -- C:\Windows\instwcli.dex
[2011.04.09 15:00:28 | 000,000,000 | ---D | C] -- C:\Users\Niko\Documents\CAPCOM
[2011.04.09 15:00:28 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Local\CAPCOM
[2011.04.09 14:59:33 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.04.08 19:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.04.08 19:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.08 19:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.04.06 18:50:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.04.06 18:30:29 | 000,000,000 | ---D | C] -- C:\Users\Niko\Documents\Bioshock2
[2011.04.06 18:30:29 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\Bioshock2
[2011.04.06 15:44:33 | 000,000,000 | ---D | C] -- C:\Users\Niko\Desktop\lida modeillustration
[2011.04.03 21:46:11 | 000,000,000 | ---D | C] -- C:\Users\Niko\Documents\BioWare
[2011.04.03 21:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age 2
[2011.04.03 21:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011.04.01 15:58:00 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.04.01 15:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.31 17:12:46 | 000,000,000 | ---D | C] -- C:\Users\Niko\Documents\MeinSpore-Kreationen
[2011.03.31 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\SPORE
[2011.03.30 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iColorFolder
[2011.03.30 16:39:26 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Local\119614890734003444
[2011.03.30 16:39:21 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Local\119611678098466036
[2011.03.29 16:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.03.29 16:46:26 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.03.28 18:29:02 | 000,000,000 | ---D | C] -- C:\Users\Niko\Documents\My Games
[2011.03.28 18:29:02 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Local\FalloutNV
[2011.03.28 18:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011.03.27 23:28:38 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011.03.27 23:26:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011.03.27 23:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011.03.27 23:15:06 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Local\Windows Live
[2011.03.27 23:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011.03.26 17:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.03.26 16:35:14 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\PunkBuster
[2011.03.26 16:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011.03.26 11:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War Shogun 2
[2011.03.25 22:58:06 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.03.25 22:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.03.25 22:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.03.25 22:57:25 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\DAEMON Tools Lite
[2011.03.25 22:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.03.25 22:47:27 | 000,000,000 | ---D | C] -- C:\Users\Niko\AppData\Roaming\DAEMON Tools Pro
[2011.03.25 22:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2011.03.24 23:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.03.24 23:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.07.07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.07.07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.04.23 13:38:22 | 003,777,176 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.23 13:38:22 | 001,526,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.23 13:38:22 | 001,133,326 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.23 13:38:22 | 000,990,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.23 13:38:22 | 000,005,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.23 13:32:38 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.23 13:32:14 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 13:32:14 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 13:32:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.23 13:24:49 | 000,062,020 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.04.23 13:24:49 | 000,062,020 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.04.23 13:24:49 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.04.23 13:20:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.23 13:05:52 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.04.23 13:04:17 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.22 14:16:15 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.21 23:51:51 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.04.21 23:51:51 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.04.21 23:04:24 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.04.21 12:20:11 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011.04.21 12:20:11 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011.04.21 12:20:11 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011.04.21 12:20:11 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011.04.21 12:19:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.04.21 12:19:54 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011.04.20 15:40:11 | 000,002,557 | ---- | M] () -- C:\Users\Niko\Desktop\HiJackThis.lnk
[2011.04.18 23:27:28 | 000,001,460 | ---- | M] () -- C:\Users\Niko\AppData\Local\d3d9caps64.dat
[2011.04.18 16:21:45 | 000,040,448 | ---- | M] () -- C:\Users\Niko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 10:59:57 | 000,001,663 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.04.15 11:45:34 | 004,960,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.10 14:51:04 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.04.09 14:59:33 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.04.08 19:35:56 | 000,432,311 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.04.03 02:22:27 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2011.04.03 02:22:27 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2011.03.25 22:58:06 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.03.25 22:58:03 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.03.25 22:08:35 | 000,867,064 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.04.23 13:05:52 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.04.23 13:05:52 | 000,001,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011.04.23 13:04:17 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.21 12:29:35 | 000,000,979 | ---- | C] () -- C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.04.21 12:19:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.04.21 12:19:54 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.04.20 15:39:40 | 000,002,557 | ---- | C] () -- C:\Users\Niko\Desktop\HiJackThis.lnk
[2011.04.19 11:03:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.04.18 20:53:00 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.04.18 10:59:57 | 000,001,663 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.04.11 23:40:18 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.11 23:36:01 | 000,007,045 | R--- | C] () -- C:\Windows\instwcli.inf
[2011.03.27 23:25:01 | 000,001,212 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.03.27 23:22:44 | 000,001,281 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.03.27 23:21:33 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.03.25 22:58:03 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.03.25 22:08:34 | 000,867,064 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.03.11 00:29:56 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.11 00:29:55 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.03.11 00:29:55 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.18 18:54:26 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.02.18 18:54:26 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011.01.14 16:23:45 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2011.01.13 14:34:35 | 000,000,964 | ---- | C] () -- C:\Windows\cm106.ini
[2010.11.28 11:41:56 | 000,000,092 | ---- | C] () -- C:\Users\Niko\AppData\Local\fusioncache.dat
[2010.11.28 11:40:21 | 001,502,086 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.07 13:25:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.11.07 13:24:40 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.11.07 13:24:24 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.11.06 23:43:58 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.11.06 23:43:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.11.06 23:42:31 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2010.11.06 23:20:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.06 22:17:31 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.11.06 17:15:06 | 000,040,448 | ---- | C] () -- C:\Users\Niko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.06 16:55:37 | 000,001,460 | ---- | C] () -- C:\Users\Niko\AppData\Local\d3d9caps64.dat
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.07.07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.07.07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.07.07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.07.07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009.07.14 02:14:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.07.14 01:12:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009.07.09 03:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009.05.26 13:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2000.03.29 16:17:42 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[color=#E56717]========== LOP Check ==========[/color]

[2011.04.19 14:52:25 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Bioshock2
[2011.02.18 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\BugTrap Console Test108
[2011.03.25 22:59:42 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\DAEMON Tools Lite
[2011.03.25 22:47:34 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\DAEMON Tools Pro
[2011.02.06 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\DVDVideoSoft
[2011.04.22 22:43:46 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\ICQ
[2011.04.14 17:06:06 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\IObit
[2010.11.06 23:18:22 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Leadertech
[2010.11.18 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\LolClient
[2010.11.19 21:32:47 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Need for Speed World
[2011.02.09 22:48:41 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\OpenOffice.org
[2011.02.13 17:14:48 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\OpenVPN Technologies
[2011.01.14 23:23:59 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Publish Providers
[2011.03.26 16:35:14 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\PunkBuster
[2010.11.20 19:30:06 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Screaming Bee
[2011.01.14 23:23:55 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Sony
[2011.03.31 17:12:51 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\SPORE
[2011.01.12 17:24:53 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\TeamViewer
[2010.11.20 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\Teeworlds
[2011.03.29 16:50:05 | 000,000,000 | ---D | M] -- C:\Users\Niko\AppData\Roaming\TS3Client
[2011.04.23 13:24:44 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010.11.06 16:35:07 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011.04.23 13:32:03 | 312,795,134 | -HS- | M] () -- C:\pagefile.sys

[color=#A23BEC]< %systemroot%\system32\*.wt >[/color]

[color=#A23BEC]< %systemroot%\system32\*.ruy >[/color]

[color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]
[2006.11.02 17:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 17:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 17:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.11.08 15:31:42 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]

[color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color]
[2006.09.18 23:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

[color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color]

[color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]

[color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color]

[color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color]

[color=#A23BEC]< %systemroot%\system32\*.jpg >[/color]

[color=#A23BEC]< %systemroot%\*.scr >[/color]
[2010.11.10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#A23BEC]< %systemroot%\*._sy >[/color]

[color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]

[color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2008.01.21 05:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[color=#A23BEC]< %APPDATA%\Update\*.* >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2010.09.13 17:46:13 | 010,627,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
[2008.01.21 04:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

[color=#A23BEC]< %systemroot%\system32\ws2help.dll /md5 >[/color]
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll


[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >

den OTL.txt wusste ich jetzt nicht wo ich den finde ...

#4 Wo bleibt das Log aus Schritt 1?

#5 da wurde nichts gefunden

#6 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

• BleepingComputer
• ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

#7 Hallo n3oz!
ist es auch manchmal so, dass plötzlich ein IE-Fenster mit Werbung erscheint? Hab nämlich letzte woche ein ziemlich ähnliches log, hab den PC dann aber gescant:
BrowserModifier:Win32/Zwangi
würde alles erklären...
beende beimm surfen alle prozesse außer:
csrss.exe
dwm.exe
explorer.exe
(taskeng.exe)

und:

scanne mit deinem virenschutzprogramm mal "rundll32.exe"!!!
(Hostprozess)
LG und frohe Ostern

#8 Nee ein pop-up oder werbung erscheint nicht
Im mom funktioniert es auch will nur nochmal sicher gehen weil beim letzten mal hat es auch 2-3 tage funktioniert und dann kam das problem wieder ...

#9 ComboFix 11-04-23.01 - Niko 23.04.2011 21:02:37.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.8190.6277 [GMT 2:00]
ausgeführt von:: c:\users\Niko\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Startup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-23 bis 2011-04-23 ))))))))))))))))))))))))))))))
.
.
2011-04-23 19:09 . 2011-04-23 19:09 -------- d-----w- c:\users\Niko\AppData\Local\temp
2011-04-23 19:09 . 2011-04-23 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-23 11:18 . 2011-04-23 11:18 -------- d-----w- c:\users\Niko\AppData\Roaming\Malwarebytes
2011-04-23 11:17 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-23 11:17 . 2011-04-23 11:17 -------- d-----w- c:\programdata\Malwarebytes
2011-04-23 11:17 . 2011-04-23 11:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-23 11:17 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-23 11:05 . 2011-04-23 11:05 -------- d-----w- c:\program files (x86)\Safari
2011-04-23 11:03 . 2011-04-23 11:03 -------- d-----w- c:\program files\iPod
2011-04-23 11:03 . 2011-04-23 11:04 -------- d-----w- c:\program files\iTunes
2011-04-23 11:03 . 2011-04-23 11:04 -------- d-----w- c:\program files (x86)\iTunes
2011-04-23 11:01 . 2011-04-23 11:01 -------- d-----w- c:\program files (x86)\Bonjour
2011-04-23 11:01 . 2011-04-23 11:01 -------- d-----w- c:\program files\Bonjour
2011-04-22 11:02 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{050FAEDD-2AD0-4018-8B48-5045942E9D7D}\mpengine.dll
2011-04-20 13:39 . 2011-04-20 13:39 388096 ----a-r- c:\users\Niko\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-20 13:39 . 2011-04-20 13:39 -------- d-----w- c:\program files (x86)\Trend Micro
2011-04-19 08:32 . 2011-04-19 03:58 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2011-04-18 21:31 . 2011-02-23 06:28 20473960 ----a-w- c:\windows\system32\nvoglv64.dll
2011-04-18 21:31 . 2011-02-23 06:28 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-04-18 21:31 . 2011-02-23 06:28 12862568 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-04-18 21:31 . 2011-02-23 06:28 10079336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-18 19:59 . 2011-04-18 19:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-18 19:57 . 2011-04-18 19:57 -------- d-----w- c:\program files (x86)\Java
2011-04-18 18:36 . 2011-04-18 18:36 -------- d-----w- c:\windows\SysWow64\Adobe
2011-04-18 08:55 . 2011-04-23 19:00 -------- d-----w- c:\users\Niko\AppData\Roaming\ICQ
2011-04-18 08:55 . 2011-04-18 09:05 -------- d-----w- c:\program files (x86)\ICQ7.5
2011-04-14 21:36 . 2011-04-14 21:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-04-14 15:34 . 2011-02-18 14:18 450560 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 15:34 . 2011-02-18 14:17 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 15:34 . 2011-02-18 14:17 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 15:34 . 2011-02-24 16:38 991104 ----a-w- c:\windows\system32\winresume.efi
2011-04-14 15:34 . 2011-02-24 16:38 979840 ----a-w- c:\windows\system32\winresume.exe
2011-04-14 15:34 . 2011-02-24 16:37 1076608 ----a-w- c:\windows\system32\winload.efi
2011-04-14 15:34 . 2011-02-24 16:37 1063296 ----a-w- c:\windows\system32\winload.exe
2011-04-14 15:34 . 2011-02-24 16:37 20864 ----a-w- c:\windows\system32\kdusb.dll
2011-04-14 15:34 . 2011-02-24 16:37 18816 ----a-w- c:\windows\system32\kd1394.dll
2011-04-14 15:34 . 2011-02-24 16:37 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-04-14 15:06 . 2011-04-14 15:06 -------- d-----w- c:\users\Niko\AppData\Roaming\IObit
2011-04-12 16:47 . 2011-04-12 16:49 -------- d-----w- c:\users\Niko\AppData\Local\Microsoft Games
2011-04-11 21:36 . 2006-12-27 23:00 68096 ----a-r- c:\windows\avmadd32.dll
2011-04-11 21:35 . 2011-04-11 21:36 -------- d-----w- c:\program files (x86)\avmwlanstick
2011-04-11 21:34 . 2011-04-11 21:34 -------- d-----w- c:\users\Niko\AVM_Driver
2011-04-11 21:30 . 2010-10-22 01:00 480632 ------w- c:\windows\instwcli.dex
2011-04-09 13:00 . 2011-04-09 13:00 -------- d-----w- c:\users\Niko\AppData\Local\CAPCOM
2011-04-09 12:59 . 2011-04-09 12:59 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-04-08 17:09 . 2011-04-18 23:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-08 17:09 . 2011-04-08 17:11 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-04-06 16:50 . 2011-04-06 16:50 -------- d-sh--w- c:\programdata\SecuROM
2011-04-06 16:30 . 2011-04-19 12:52 -------- d-----w- c:\users\Niko\AppData\Roaming\Bioshock2
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-04-03 19:25 . 2011-04-03 19:34 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2011-04-03 19:25 . 2011-04-03 19:34 -------- d-----w- c:\program files (x86)\Dragon Age 2
2011-03-31 15:12 . 2011-03-31 15:12 -------- d-----w- c:\users\Niko\AppData\Roaming\SPORE
2011-03-30 15:37 . 2011-03-30 15:37 -------- d-----w- c:\users\AppData
2011-03-30 14:39 . 2011-03-30 14:39 -------- d-----w- c:\users\Niko\AppData\Local\119614890734003444
2011-03-30 14:39 . 2011-03-30 14:39 -------- d-----w- c:\users\Niko\AppData\Local\119611678098466036
2011-03-29 14:46 . 2011-03-29 14:46 -------- d-----w- c:\program files\CCleaner
2011-03-28 16:29 . 2011-03-28 16:29 -------- d-----w- c:\users\Niko\AppData\Local\FalloutNV
2011-03-27 21:28 . 2011-03-27 21:28 -------- d-----w- c:\windows\de
2011-03-27 21:19 . 2011-03-27 21:25 -------- d-----w- c:\program files (x86)\Windows Live
2011-03-27 21:19 . 2011-03-27 21:19 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-27 21:15 . 2011-03-27 21:15 -------- d-----w- c:\users\Niko\AppData\Local\Windows Live
2011-03-27 21:15 . 2011-03-27 21:15 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-03-27 21:13 . 2009-08-04 08:12 1103872 ----a-w- c:\windows\system32\webservices.dll
2011-03-27 21:13 . 2009-08-04 08:02 754688 ----a-w- c:\windows\SysWow64\webservices.dll
2011-03-26 15:10 . 2011-03-26 15:10 -------- d-----w- c:\programdata\Ubisoft
2011-03-26 14:35 . 2011-03-26 14:35 -------- d-----w- c:\users\Niko\AppData\Roaming\PunkBuster
2011-03-26 14:34 . 2011-03-26 14:34 -------- d-----w- c:\program files (x86)\Ubisoft
2011-03-25 20:58 . 2011-03-25 20:58 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-25 20:58 . 2011-03-25 20:58 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-03-25 20:57 . 2011-03-25 20:59 -------- d-----w- c:\users\Niko\AppData\Roaming\DAEMON Tools Lite
2011-03-25 20:57 . 2011-03-25 20:57 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-03-25 20:47 . 2011-03-25 20:47 -------- d-----w- c:\users\Niko\AppData\Roaming\DAEMON Tools Pro
2011-03-25 20:40 . 2011-03-25 20:52 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2011-03-25 20:08 . 2011-03-25 20:08 867064 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-24 21:01 . 2011-03-24 21:12 -------- d-----w- c:\program files (x86)\JDownloader
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-21 21:51 . 2011-03-11 13:47 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-21 21:51 . 2011-03-10 22:29 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-21 21:04 . 2011-03-10 22:29 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-04-18 19:58 . 2011-02-09 20:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-10 12:51 . 2011-03-10 22:29 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-03-16 19:00 . 2011-03-16 19:00 53248 ----a-w- c:\windows\system32\NlsLfxicons0007.dll
2011-03-10 22:29 . 2011-03-10 22:29 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-03-04 13:36 . 2010-11-06 15:17 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-04 13:36 . 2010-11-06 15:17 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-23 06:28 . 2011-02-27 11:59 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-02-23 06:28 . 2011-02-27 11:59 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-02-23 06:28 . 2011-02-23 06:28 7732328 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-02-23 06:28 . 2011-02-23 06:28 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28 6606440 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28 5654120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-02-23 06:28 . 2011-02-23 06:28 4942952 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-02-23 06:28 . 2011-02-23 06:28 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-02-23 06:28 . 2011-02-23 06:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28 12962792 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-22 14:47 . 2011-03-23 12:49 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 14:13 . 2011-03-23 12:49 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53 . 2011-03-23 12:49 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:53 . 2011-03-23 12:49 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:33 . 2011-03-23 12:49 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-18 15:36 . 2011-02-18 15:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 14:43 . 2011-02-03 14:43 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2011-02-03 14:43 . 2011-02-03 14:43 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll
2011-02-02 16:11 . 2010-11-06 16:43 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 13:35 . 2011-02-01 13:35 40960 ----a-r- c:\users\Niko\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-02-01 13:35 . 2011-02-01 13:35 40960 ----a-r- c:\users\Niko\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\users\Niko\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Gaming Mouse"="c:\gaming mouse\Gaming Mouse.exe" [2009-07-16 1175552]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2006-12-27 1454080]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 136176]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-06 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-11-08 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dump_wmimmc;dump_wmimmc;d:\cabal online\GameGuard\dump_wmimmc.sys [x]
R3 Gun;Gun;c:\windows\system32\Gun64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 X6va003;X6va003;c:\users\Niko\AppData\Local\Temp\003D231.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 20:10]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 20:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
FF - ProfilePath - c:\users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\5npgl0e8.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va003]
"ImagePath"="\??\c:\users\Niko\AppData\Local\Temp\003D231.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2010554402-108537555-1319519944-1000\Software\SecuROM\License information*]
"datasecu"=hex:48,3c,ad,8c,03,45,65,02,9b,70,fb,18,25,0a,42,59,93,e3,07,c2,78,
3a,90,31,6e,fb,1f,e3,a4,76,e5,94,6e,56,6f,06,4c,67,08,ff,9e,0f,73,7c,5f,31,\
"rkeysecu"=hex:14,a7,78,55,fe,b2,3d,9c,af,51,89,7b,03,c0,39,b0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Zeit der Fertigstellung: 2011-04-23 21:12:00
ComboFix-quarantined-files.txt 2011-04-23 19:12
.
Vor Suchlauf: 10 Verzeichnis(se), 128.289.337.344 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 128.234.790.912 Bytes frei
.
- - End Of File - - 34DA1490EDA5305810B63373900273F7

#10 ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.

#11 ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=1496b740c3aed34d9d71d7e32abdee08
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-24 02:31:36
# local_time=2011-04-24 04:31:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 338100 338100 0 0
# compatibility_mode=1797 16775165 100 94 615275 40178100 387540 0
# compatibility_mode=5892 16776573 100 56 174759 141168785 0 0
# compatibility_mode=8192 67108863 100 0 308 308 0 0
# scanned=304563
# found=1
# cleaned=1
# scan_time=10616
C:\Users\Niko\Desktop\spiele\Assassin's Creed 2\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 00000000000000000000000000000000 C

#12 Ich sehe sonst keine Infektionen mehr.

#13 Alles klar dankeschön

#14 Nachsorge


Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra .

Erstelle einen neuen Systemwiederherstellungspunkt

Das ist ein guter Zeitpunkt, die Systemwiederherstellung zu leeren und einen neuen sauberen Wiederherstellungspunkt zu erstellen (Anleitung für Vista-User).
• Start => Alle Programme => Zubehör => Systemprogramme => Systemwiederherstellung
• Wähle "Einen Wiederherstellungspunkt erstellen" => Weiter
• Gebe als Beschreibung z. B. "Nach_Bereinigung" ein => Erstellen => Schließen.
• Nun Start => Ausführen => cleanmgr (reinschreiben) => OK => Reiter Weitere Optionen
• Klicke unter Systemwiederherstellung auf Bereinigen und bestätige das Löschen mit Ja => OK.
Das wird alle Wiederherstellungspunkte bis auf den letzten neu erstellten löschen.

Diesen Punkt kannst Du weglassen, falls Du das System gerade neu aufgesetzt hast oder Combofix benutzt und ordentlich deinstalliert wurde, da Combofix das schon erledigt.

Massnahmen:

Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra .

Falls bei Dir noch nicht installiert, solltest Du Dir die folgenden Programme installieren. Spybot Search&Destroy ist ein gutes Tool, welches bösartige Software sucht und unschädlich macht. Bei der Installation darauf achten, dass der TeaTimer nicht aktiviert wird. Lasse das Tool in regelmäßige Abständen (z. B. einmal pro Woche) laufen und lasse vor der Überprüfung immer nach Updates suchen, Details siehe ausführliche Anleitung. Um Dein System frei von temporären Dateien zu halten, empfehle ich [url="http://www.CCleaner.de"]CCleaner[/url], (Toolbar nicht mitinstallieren) eine Freeware-Software zur Optimierung und zum Aufräumen von Windows, Einzelheiten siehe die Anleitung von Hijackthis-Forum.de. Bei Java (Sun) immer nur die aktuellste Version auf dem Rechner haben, alle anderen deinstallieren.

Verwende einen alternativen Browser, ich empfehle Firefox. Es gibt eine große Anzahl von Erweiterungen, wie z. B. Adblock Plus und NoScript. Mit der Erweiterung IE Tab ist sogar das Windows- und Office-Upate über Firefox möglich. Die Erweiterung QuickJava sorgt dafür, dass Du Java und Java-Skript nur bei Bedarf einschalten kannst. Eine alternatives E-Mail-Programm ist Thunderbird. Auch dafür gibt es viele sehr gute Erweiterungen.

Als Alternative für die ganzen Messenger kommen Miranda-IM oder Trillian infrage. Miranda ist ein malwarefreier OpenSource Instant-Messenger, der mit Protokollen von AOL, ICQ, IRC, MSN und Yahoo zusammen arbeitet. Mit dem ebenfalls malwarefreien Trillian kannst du mit Nutzern von ICQ, AIM, Yahoo Messenger, MSN und IRC chatten.

"Wie konnte die Malware auf meinen Rechner kommen?", ist die wohl am häufigsten gestellte Frage. Malware gelangt in erster Linie über sogenannte Browser Exploits auf einen Rechner, also über Sicherheitslücken im Browser selbst. Weitere Schleusen sind E-Mail-Anhänge, Lecks im Betriebssystem oder Dateidownloads aus unsicheren Quellen.

Durch Einsatz Deines Köpfchens und folgende simple Maßnahmen kannst Du den Schutz optimieren:

• System immer auf aktuellem Stand halten (Windows Update regelmäßig machen und Software aktualisieren).
• Programme wenn möglich "benutzerdefiniert" installieren und Toolbars und Sponsoren abwählen.
• Internet Explorer sicher konfigurieren.
• Nur Original-Software nutzen und auf Programme aus dubiosen Quellen konsequent verzichten.
• Programme, die Du nicht mehr nutzt, über Systemsteuerung => Software entfernen/deinstallieren.
• Nicht alles anklicken, wo klickmich draufsteht!
• Gesunden Menschenverstand und Vorsicht walten lassen,
• insbesondere bei Dateien, die Du Dir auf den PC holst, also E-Mails, Downloads etc.,
• am besten auf Filesharing über P2P-Programme ganz verzichten.
• Router durch Vergabe eines Kennwortes vor Änderungen von außen schützen.
• Nicht benötigte Dienste und Programme gar nicht erst starten.
Bezüglich der Dienste ist es allerdings nötig, sich damit ausführlich zu beschäftigen, ansonsten die Dienste lieber lassen, wie sie sind.
• Nicht benötigte "Ports" (am eventuell vorhandenen DSL-Router), Freigaben u. ä. schließen.
• Port-Scan-Test.
• WLAN absichern.
• Sichere Passwörter vergeben.
• Nicht mehr als einen Virenscanner mit Hintergrundwächter installieren.
• Nicht mehr als ein Antispyware-Programm mit Hintergrundwächter ständig laufen lassen.
• Das System hin und wieder zusätzlich mit einem dieser kostenlosen Online Scanner überprüfen.
• Datensicherung nicht vergessen!
Immer eine saubere Datensicherung als zurückspielbares Image auf Lager haben.


Freiwillige Spende

#15 danke nochmal