Home » Spyware & Browser Hijacker Support Forum » Virus, Angebliche Computer sperrung durch Polizei. » Themenansicht

Virus, Angebliche Computer sperrung durch Polizei.
#0
03.03.2012, 11:37
Dasmo
Member

Beiträge: 104
#1 Hallo,

Ich komme direkt zum problem.

Ich war am surfen im web als sich auf einmal der Bildschirm mit einer Meldung von der Polizei füllte.
Angeblich wurden illegale inhalte auf meinem PC gefunden und wenn ich einen bestimmten Betrag überweisen würde, würde mein Pc wieder freigeschaltet werden.Mein Chef hatte letztens auf seinem Arbeits Laptop was ähnliches und er hat es bei einem Computerservic machen lassen. ihm wurde gesagt das es ein Virus sei.

Ich habe mit hilfe der systemwiederherstellung den pc auf einen vorherigen stand gebracht und alles ging wieder.Aber ich befürchte das das ding noch auf meinem Rechner ist.Habe auch seit dem immer nach dem Windows start eine Fehlermeldung.

" Problem beim starten von C:\User\CHUCKN~1\AppData\Local\Temp\iope0.6762062887055887.exe Das angegebene Modul wurde nicht gefunden "

Hier kommen mal die Logs

MALEWAREBYTE

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.03.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
ChuckNorris :: CHUCKNORRIS-PC [Administrator]

03.03.2012 10:48:12
mbam-log-2012-03-03 (10-48-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 171084
Laufzeit: 2 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5GVA2ZXE9F9HUU3HAELBXZ (Trojan.VUPX.PSG1) -> Daten: C:\x64drvsys\56B02FD46DF.exe /q -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\x64drvsys (Trojan.SpyEyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\x64drvsys\56B02FD46DF.exe (Trojan.VUPX.PSG1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\x64drvsys\186677B9ECC88A9 (Trojan.SpyEyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-03 11:21:26
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD7502AAEX-00Y9A0 rev.05.01D05
Running: 946g1j1v.exe; Driver: C:\Users\CHUCKN~1\AppData\Local\Temp\pxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT 93C68506 ZwCreateSection
SSDT 93C6850B ZwSetContextThread
SSDT 93C684A7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A87579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AABF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82AB3840 4 Bytes [06, 85, C6, 93] {PUSH ES; TEST ESI, EAX; XCHG EBX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82AB3BE0 4 Bytes [0B, 85, C6, 93]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82AB3CB8 4 Bytes [A7, 84, C6, 93] {CMPSD ; TEST DH, AL; XCHG EBX, EAX}
? System32\drivers\radsxbb.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93E06000, 0x349D76, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3208] ntdll.dll!LdrLoadDll 7739F585 5 Bytes JMP 002D1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 645

---- EOF - GMER 1.0.15 ----

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:11, on 03.03.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Users\ChuckNorris\Downloads\Neuer Ordner (2)\HTJ.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Spiele\SEGA\Empire Total War\Steam.exe" -silent
O4 - Startup: iope0.6762062887055887.exe.lnk = C:\Windows\System32\rundll32.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ChuckNorris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD44FAD-390E-4731-8C65-3A4BA4A9201F}: NameServer = 213.191.92.87 62.109.123.6
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5201 bytes


UNINSTALLLIST

3DMark05
Acoustica Effects Pack
Acoustica Mixcraft 3.1
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
ArcSoft Panorama Maker 5
Ashampoo Burning Studio 7
ATI AVIVO Codecs
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Battlefield 2(TM)
BitTorrent
Call of Duty(R) 4 - Modern Warfare(TM)
Catalyst Control Center - Branding
CCleaner
DAEMON Tools Lite
DAEMON Tools Toolbar
Doom 3
Empire: Total War
Eufloria v2.07
Free Video to DVD Converter version 1.6.22.804
Free YouTube to MP3 Converter version 3.10.6.727
Futuremark SystemInfo
Google Earth
Google Update Helper
ICQ7.5
IL-2 Sturmovik 1946
IsoBuster 2.8.5
Java(TM) 6 Update 24
Malwarebytes Anti-Malware Version 1.60.1.1000
McAfee Security Scan Plus
Medieval II Total War
Microsoft Picture It! Foto 7.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 5.0.1 (x86 de)
MSVCRT Redists
Mumble(PR edition) and Murmur(PR edition)
NVIDIA PhysX v8.04.25
Oxin's Style! 3D Sexvilla 2.058.002
Photomatix Pro version 3.2.9
Project Reality: BF2
PTGui Pro Trial 9.0.4
PunkBuster Services
Realtek Ethernet Controller Driver For Windows Vista and Later
Silent Hunter 4 Wolves of the Pacific
Skype™ 5.5
Steam
Vegas Pro 10.0
VIA Plattform-Geräte-Manager
WavePad Sound Editor
WinRAR 4.01 (32-Bit)
WinZip 15.0
Seitenanfang Seitenende
04.03.2012, 17:36
gangren
Member

Beiträge: 420
#2 Hi

1. OTL
http://oldtimer.geekstogo.com/OTL.exe
Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein:

Zitat

msconfig
safebootminimal
netsvcs
und klicke auf Scan. Poste bittedie OTL.txt und Extras.txt
Seitenanfang Seitenende
08.03.2012, 19:24
Dasmo
Member

Themenstarter

Beiträge: 104
#3 OTL.TXT

OTL logfile created on: 08.03.2012 19:13:33 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\ChuckNorris\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,83% Memory free
6,50 Gb Paging File | 5,41 Gb Available in Paging File | 83,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,54 Gb Total Space | 544,57 Gb Free Space | 77,96% Space Free | Partition Type: NTFS
Drive D: | 4,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: CHUCKNORRIS-PC | User Name: ChuckNorris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.03.08 19:11:57 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\ChuckNorris\Downloads\OTL.exe
PRC - [2011.08.15 14:35:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.08 08:31:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.17 11:36:54 | 000,581,288 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\update.exe
PRC - [2011.04.21 06:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.09.28 14:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.07.08 08:31:38 | 001,850,328 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012.02.24 19:31:41 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.17 05:19:26 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\ChuckNorris\AppData\Local\Temp\7zS04C4\hpslpsvc32.dll -- (HPSLPSVC)
SRV - [2011.08.15 14:35:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.28 14:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FXDrv32)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz130)
DRV - [2011.08.15 14:35:54 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.08.15 14:35:54 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.07.26 19:42:44 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.09.28 15:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.28 14:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.08.15 23:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.08 21:11:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.09.17 12:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 D0 6A 2B 42 45 CB 01 [binary data]
IE - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.26 18:30:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010.08.26 18:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChuckNorris\AppData\Roaming\mozilla\Extensions
[2011.10.08 19:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChuckNorris\AppData\Roaming\mozilla\Firefox\Profiles\kcc2accf.default\extensions
[2011.08.07 18:17:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ChuckNorris\AppData\Roaming\mozilla\Firefox\Profiles\kcc2accf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.26 19:42:42 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\ChuckNorris\AppData\Roaming\mozilla\Firefox\Profiles\kcc2accf.default\extensions\DTToolbar@toolbarnet.com
[2011.07.26 19:42:38 | 000,002,055 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\Mozilla\Firefox\Profiles\kcc2accf.default\searchplugins\daemon-search.xml
[2011.08.16 19:01:40 | 000,002,342 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\Mozilla\Firefox\Profiles\kcc2accf.default\searchplugins\icq-search.xml
[2011.09.25 16:27:46 | 000,000,168 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\Mozilla\Firefox\Profiles\kcc2accf.default\searchplugins\icqplugin.gif
[2011.09.25 16:27:46 | 000,000,618 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\Mozilla\Firefox\Profiles\kcc2accf.default\searchplugins\icqplugin.src
[2011.08.05 17:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.05 17:00:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.05 17:00:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.08 08:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.08.19 17:27:46 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1615267906-4240276161-370195877-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1615267906-4240276161-370195877-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1615267906-4240276161-370195877-1000..\Run: [Steam] C:\Spiele\SEGA\Empire Total War\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ChuckNorris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD44FAD-390E-4731-8C65-3A4BA4A9201F}: NameServer = 62.109.123.7 213.191.92.86
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{126edd98-b133-11df-bd8b-d027883e92b0}\Shell - "" = AutoRun
O33 - MountPoints2\{126edd98-b133-11df-bd8b-d027883e92b0}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{126edd98-b133-11df-bd8b-d027883e92b0}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.02.19 17:33:31 | 000,000,000 | ---D | C] -- C:\Users\ChuckNorris\Desktop\Karneval 2012
[2012.02.17 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\ChuckNorris\Desktop\Altweiber2012

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.03.08 19:12:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.08 19:10:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.08 19:09:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.08 19:09:52 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.06 20:36:36 | 000,001,057 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.120151747744071.exe.lnk
[2012.03.06 19:28:59 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 19:28:59 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 19:25:53 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.06 19:25:53 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.06 19:25:53 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.06 19:25:53 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.03 12:36:06 | 006,174,715 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6581.JPG
[2012.03.03 12:35:57 | 006,859,394 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6577.JPG
[2012.03.03 12:35:39 | 006,385,282 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6596.JPG
[2012.03.03 12:35:11 | 006,415,906 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6587.JPG
[2012.03.02 16:39:28 | 004,838,098 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6589.JPG
[2012.03.02 16:39:24 | 006,253,106 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6588.JPG
[2012.03.02 15:51:30 | 006,846,554 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6586.JPG
[2012.03.02 14:42:20 | 006,837,824 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6585.JPG
[2012.02.27 17:04:48 | 006,031,477 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6584.JPG
[2012.02.27 17:04:40 | 006,135,632 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6583.JPG
[2012.02.27 17:04:16 | 006,517,112 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6582.JPG
[2012.02.27 17:04:02 | 006,865,564 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6580.JPG
[2012.02.27 17:02:48 | 005,790,054 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6579.JPG
[2012.02.27 17:02:26 | 006,827,523 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6576.JPG
[2012.02.27 17:02:06 | 021,751,600 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6575.AVI
[2012.02.27 17:01:40 | 006,164,049 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6574.JPG
[2012.02.27 14:28:24 | 006,278,228 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6573.JPG
[2012.02.27 14:28:16 | 006,889,835 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6572.JPG
[2012.02.27 14:28:04 | 006,560,869 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6571.JPG
[2012.02.27 14:27:50 | 005,498,716 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6570.JPG
[2012.02.27 14:27:46 | 005,249,901 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6569.JPG
[2012.02.27 14:27:22 | 003,548,140 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6568.JPG
[2012.02.27 14:27:14 | 004,840,715 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6567.JPG
[2012.02.27 14:27:04 | 005,105,555 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6566.JPG
[2012.02.27 14:26:50 | 006,054,827 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6565.JPG
[2012.02.25 13:30:32 | 000,008,328 | ---- | M] () -- C:\Users\Public\Documents\cc_20120225_133029.reg
[2012.02.22 16:16:42 | 006,432,592 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6564.JPG
[2012.02.22 16:16:28 | 006,025,544 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6563.JPG
[2012.02.22 16:16:20 | 006,313,911 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6562.JPG
[2012.02.22 11:52:10 | 006,522,356 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG6561.JPG
[2012.02.20 18:22:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.20 18:18:30 | 000,001,059 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iope0.6762062887055887.exe.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.03.06 20:36:36 | 000,001,057 | ---- | C] () -- C:\Users\ChuckNorris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.120151747744071.exe.lnk
[2012.03.03 12:34:14 | 004,838,098 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6589.JPG
[2012.03.03 12:34:07 | 006,253,106 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6588.JPG
[2012.03.03 12:34:00 | 006,415,906 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6587.JPG
[2012.03.03 12:33:53 | 006,846,554 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6586.JPG
[2012.03.03 12:33:46 | 006,837,824 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6585.JPG
[2012.03.03 12:33:39 | 006,031,477 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6584.JPG
[2012.03.03 12:33:33 | 006,135,632 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6583.JPG
[2012.03.03 12:33:26 | 006,517,112 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6582.JPG
[2012.03.03 12:33:19 | 006,174,715 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6581.JPG
[2012.03.03 12:33:12 | 006,865,564 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6580.JPG
[2012.03.03 12:33:06 | 005,790,054 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6579.JPG
[2012.03.03 12:32:53 | 006,859,394 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6577.JPG
[2012.03.03 12:32:45 | 006,827,523 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6576.JPG
[2012.03.03 12:32:22 | 021,751,600 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6575.AVI
[2012.03.03 12:32:15 | 006,164,049 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6574.JPG
[2012.03.03 12:32:09 | 006,278,228 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6573.JPG
[2012.03.03 12:32:01 | 006,889,835 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6572.JPG
[2012.03.03 12:31:54 | 006,560,869 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6571.JPG
[2012.03.03 12:31:48 | 005,498,716 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6570.JPG
[2012.03.03 12:31:43 | 005,249,901 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6569.JPG
[2012.03.03 12:31:39 | 003,548,140 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6568.JPG
[2012.03.03 12:31:34 | 004,840,715 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6567.JPG
[2012.03.03 12:31:29 | 005,105,555 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6566.JPG
[2012.03.03 12:31:22 | 006,054,827 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6565.JPG
[2012.03.03 12:31:15 | 006,432,592 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6564.JPG
[2012.03.03 12:31:13 | 006,025,544 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6563.JPG
[2012.03.03 12:31:12 | 006,522,356 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6561.JPG
[2012.03.03 12:31:12 | 006,313,911 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6562.JPG
[2012.03.03 12:31:02 | 006,385,282 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG6596.JPG
[2012.02.25 13:30:31 | 000,008,328 | ---- | C] () -- C:\Users\Public\Documents\cc_20120225_133029.reg
[2012.02.20 18:22:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.20 18:18:30 | 000,001,059 | ---- | C] () -- C:\Users\ChuckNorris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iope0.6762062887055887.exe.lnk
[2011.09.12 19:43:06 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2011.07.31 19:35:35 | 000,139,152 | ---- | C] () -- C:\Users\ChuckNorris\AppData\Roaming\PnkBstrK.sys
[2011.07.31 19:35:35 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.07.31 19:35:16 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.07.31 19:35:15 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.07.31 19:35:15 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.07.28 20:58:55 | 000,000,317 | ---- | C] () -- C:\Windows\doom3.ini
[2010.08.19 17:23:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.19 17:21:59 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.08.19 17:16:57 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.08.11 02:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011.08.30 19:51:11 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Acoustica
[2011.10.07 16:13:42 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Ashampoo
[2012.03.03 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\BitTorrent
[2011.10.08 19:18:11 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\DAEMON Tools Lite
[2011.10.07 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\DVDVideoSoft
[2011.08.07 18:17:22 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.04 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\HDRsoft
[2012.02.26 11:10:19 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\ICQ
[2011.10.30 14:51:20 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Micrografx
[2011.09.25 17:56:57 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\NCH Swift Sound
[2012.02.04 21:09:07 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Nyogma
[2011.08.21 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\PTGui
[2011.09.25 17:56:14 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Sony
[2012.01.12 20:31:35 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\The Creative Assembly
[2011.12.09 12:05:42 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

EXTRA.TXT

OTL Extras logfile created on: 08.03.2012 19:13:33 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\ChuckNorris\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,83% Memory free
6,50 Gb Paging File | 5,41 Gb Available in Paging File | 83,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,54 Gb Total Space | 544,57 Gb Free Space | 77,96% Space Free | Partition Type: NTFS
Drive D: | 4,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: CHUCKNORRIS-PC | User Name: ChuckNorris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1615267906-4240276161-370195877-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A003AD-7DEF-D28F-0E61-18D5F1D53CF5}" = Catalyst Control Center Localization All
"{03DDA3C7-8D88-5D41-9BE4-210988CF65C3}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = Oxin's Style! 3D Sexvilla 2.058.002
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22E05721-B122-F1A6-7EB2-3A61CA382464}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B9C7C4F-A1CB-11E0-9E40-0013D3D69929}" = Vegas Pro 10.0
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{62FB969D-0AF7-3AA1-A901-5C33DC921356}" = ATI AVIVO Codecs
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{66CB0FCD-3BF4-F5C5-77AA-37316109072E}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{865F8014-4DED-B63D-832A-3FB08FC38479}" = ATI Catalyst Install Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{97D2408A-AC76-4ACA-F047-42180975A250}" = ccc-core-static
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B76E1251-5ACA-AAB7-518D-17DC63282D23}" = Catalyst Control Center InstallProxy
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 3.1" = Acoustica Mixcraft 3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 7_is1" = Ashampoo Burning Studio 7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Eufloria_is1" = Eufloria v2.07
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.22.804
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IsoBuster_is1" = IsoBuster 2.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"Mumble(PR Edition)" = Mumble(PR edition) and Murmur(PR edition)
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.9
"Project Reality: BF2 (pr)_is1" = Project Reality: BF2
"PTGui" = PTGui Pro Trial 9.0.4
"PunkBusterSvc" = PunkBuster Services
"Steam App 10500" = Empire: Total War
"WavePad" = WavePad Sound Editor
"WinRAR archiver" = WinRAR 4.01 (32-Bit)

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 28.01.2012 12:50:14 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfpmp.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bcb63 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00c1a8ed ID des fehlerhaften
Prozesses: 0x3ac Startzeit der fehlerhaften Anwendung: 0x01ccdddce82abc5f Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfpmp.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 25e0ccec-49d0-11e1-bd86-d027883e92b0

Error - 28.01.2012 12:50:23 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfpmp.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bcb63 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0205a8ed ID des fehlerhaften
Prozesses: 0x40c Startzeit der fehlerhaften Anwendung: 0x01ccdddced83fc3c Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfpmp.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 2b3b1e3d-49d0-11e1-bd86-d027883e92b0

Error - 28.01.2012 12:50:26 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfpmp.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bcb63 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00d7a8ed ID des fehlerhaften
Prozesses: 0x83c Startzeit der fehlerhaften Anwendung: 0x01ccdddcef1c5577 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfpmp.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 2cde4d10-49d0-11e1-bd86-d027883e92b0

Error - 28.01.2012 12:50:31 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfpmp.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bcb63 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0198a8ed ID des fehlerhaften
Prozesses: 0x824 Startzeit der fehlerhaften Anwendung: 0x01ccdddcf25ac3bf Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfpmp.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 30136c66-49d0-11e1-bd86-d027883e92b0

Error - 28.01.2012 17:27:23 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire.exe, Version: 1.5.0.0, Zeitstempel:
0x4b74239d Name des fehlerhaften Moduls: Empire.exe, Version: 1.5.0.0, Zeitstempel:
0x4b74239d Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a54e8 ID des fehlerhaften Prozesses:
0xff8 Startzeit der fehlerhaften Anwendung: 0x01ccdde15391096d Pfad der fehlerhaften
Anwendung: c:\spiele\sega\empire total war\steamapps\common\empire total war\Empire.exe
Pfad
des fehlerhaften Moduls: c:\spiele\sega\empire total war\steamapps\common\empire
total war\Empire.exe Berichtskennung: dd46ee51-49f6-11e1-bd86-d027883e92b0

Error - 12.02.2012 13:31:11 | Computer Name = ChuckNorris-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 5.0.1.4205 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d70 Startzeit:
01cce9ab7aa5345b Endzeit: 52 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
53171a96-559f-11e1-a44b-d027883e92b0

Error - 19.02.2012 19:17:03 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire.exe, Version: 1.5.0.0, Zeitstempel:
0x4b74239d Name des fehlerhaften Moduls: Empire.exe, Version: 1.5.0.0, Zeitstempel:
0x4b74239d Ausnahmecode: 0xc0000005 Fehleroffset: 0x009f06b0 ID des fehlerhaften Prozesses:
0x664 Startzeit der fehlerhaften Anwendung: 0x01ccef47deb3646f Pfad der fehlerhaften
Anwendung: c:\spiele\sega\empire total war\steamapps\common\empire total war\Empire.exe
Pfad
des fehlerhaften Moduls: c:\spiele\sega\empire total war\steamapps\common\empire
total war\Empire.exe Berichtskennung: d47a07aa-5b4f-11e1-9091-d027883e92b0

Error - 20.02.2012 13:18:50 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: notepad.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc60f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0x0eedfade Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0x5e0 Startzeit der fehlerhaften Anwendung: 0x01cceff3ace07f0c Pfad der
fehlerhaften Anwendung: C:\Windows\system32\notepad.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\KERNELBASE.dll Berichtskennung: f431a7ca-5be6-11e1-96b3-d027883e92b0

Error - 20.02.2012 13:18:50 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: notepad.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc60f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0x0eedfade Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0x3b0 Startzeit der fehlerhaften Anwendung: 0x01cceff3aeb5e22c Pfad der
fehlerhaften Anwendung: C:\Windows\system32\notepad.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\KERNELBASE.dll Berichtskennung: f43180ba-5be6-11e1-96b3-d027883e92b0

Error - 06.03.2012 15:38:00 | Computer Name = ChuckNorris-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 5.0.1.4205 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9b8 Startzeit:
01ccfbc77ebf7d06 Endzeit: 51 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:


[ System Events ]
Error - 10.02.2012 15:24:22 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 10.02.2012 15:24:22 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 11.02.2012 04:16:26 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 11.02.2012 04:16:26 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 18.02.2012 07:15:05 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 18.02.2012 07:15:05 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 24.02.2012 14:31:45 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 24.02.2012 14:31:45 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 25.02.2012 05:47:35 | Computer Name = ChuckNorris-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?02.?2012 um 01:32:48 unerwartet heruntergefahren.


< End of report >
Seitenanfang Seitenende
08.03.2012, 19:57
gangren
Member

Beiträge: 420
#4 1. Starte OTL, kopiere unten in das Skript-Feld rein:

Zitat


:OTL
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{126edd98-b133-11df-bd8b-d027883e92b0}\Shell - "" = AutoRun
O33 - MountPoints2\{126edd98-b133-11df-bd8b-d027883e92b0}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{126edd98-b133-11df-bd8b-d027883e92b0}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe


:Commands
[emptytemp]
[emptyflash]

und klicke auf Fix. Poste bitte das Fix-Log.

2. DeFogger http://www.jpshortstuff.247fixes.com/Defogger.exe
Starte das Programm und klicke auf "Disable"
Bestätige mit "Yes"
Nach der "Finished!" Nachricht klicke auf "OK"
Es wird nach einem Neustartt gefragt, bestätige mit "OK"

3. Lade aswmbr von avast! herunter
http://public.avast.com/~gmerek/aswMBR.exe
Starte das Programm
wähle "Ja" bei der Frage nach avast-Engine.
Klicke auf Scan
Klicke nach dem Scan auf Save Log, speichere es ab und poste es bitte hier (nichts "Fixen")
Seitenanfang Seitenende
09.03.2012, 18:33
Dasmo
Member

Themenstarter

Beiträge: 104
#5 FIXLOG

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{126edd98-b133-11df-bd8b-d027883e92b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{126edd98-b133-11df-bd8b-d027883e92b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{126edd98-b133-11df-bd8b-d027883e92b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{126edd98-b133-11df-bd8b-d027883e92b0}\ not found.
File E:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{126edd98-b133-11df-bd8b-d027883e92b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{126edd98-b133-11df-bd8b-d027883e92b0}\ not found.
File E:\Directx\dxsetup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ChuckNorris
->Temp folder emptied: 1094671 bytes
->Temporary Internet Files folder emptied: 4018614 bytes
->Java cache emptied: 2994434 bytes
->FireFox cache emptied: 88836559 bytes
->Flash cache emptied: 15144 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63209 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 93,00 mb


[EMPTYFLASH]

User: All Users

User: ChuckNorris
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.36.1 log created on 03092012_155857

Files\Folders moved on Reboot...
C:\Users\ChuckNorris\AppData\Local\Temp\7zS04C4\HPSLPSVC32.DLL moved successfully.
File\Folder C:\Users\ChuckNorris\AppData\Local\Temp\2011-10-27-1196744767_04-RG-1.PDF not found!
File\Folder C:\Users\ChuckNorris\AppData\Local\Temp\2011-10-27-1196744767_04-RG-2.PDF not found!
File\Folder C:\Users\ChuckNorris\AppData\Local\Temp\2011-10-27-1196744767_04-RG.PDF not found!

Registry entries deleted on Reboot...
Seitenanfang Seitenende
09.03.2012, 19:46
Dasmo
Member

Themenstarter

Beiträge: 104
#6 aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 18:35:19
-----------------------------
18:35:19.783 OS Version: Windows 6.1.7600
18:35:19.783 Number of processors: 4 586 0x403
18:35:19.784 ComputerName: CHUCKNORRIS-PC UserName: ChuckNorris
18:35:24.882 Initialize success
18:36:43.039 AVAST engine defs: 12030900
18:52:54.141 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:52:54.142 Disk 0 Vendor: WDC_WD7502AAEX-00Y9A0 05.01D05 Size: 715404MB BusType: 3
18:52:54.157 Disk 0 MBR read successfully
18:52:54.159 Disk 0 MBR scan
18:52:54.168 Disk 0 Windows 7 default MBR code
18:52:54.181 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:52:54.187 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
18:52:54.191 Disk 0 scanning sectors +1465145344
18:52:54.245 Disk 0 scanning C:\Windows\system32\drivers
18:52:59.315 Service scanning
18:53:09.767 Modules scanning
18:53:14.855 Disk 0 trace - called modules:
18:53:14.873 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:53:14.877 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fa4030]
18:53:14.878 3 CLASSPNP.SYS[8b9ab59e] -> nt!IofCallDriver -> [0x85f66408]
18:53:14.879 5 ACPI.sys[8b6363b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85f67030]
18:53:16.738 AVAST engine scan C:\Windows
18:53:19.185 AVAST engine scan C:\Windows\system32
18:55:01.314 AVAST engine scan C:\Windows\system32\drivers
18:55:08.568 AVAST engine scan C:\Users\ChuckNorris
18:56:11.358 AVAST engine scan C:\ProgramData
18:56:22.711 Scan finished successfully
19:45:48.698 Disk 0 MBR has been saved successfully to "C:\Users\ChuckNorris\Desktop\MBR.dat"
19:45:48.698 The log file has been saved successfully to "C:\Users\ChuckNorris\Desktop\aswMBR.txt"
Seitenanfang Seitenende
09.03.2012, 19:50
gangren
Member

Beiträge: 420
#7 So weit so gut.

1. Folge bitte nun dieser Anleitung
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
und poste das Log.
Seitenanfang Seitenende
10.03.2012, 11:55
Dasmo
Member

Themenstarter

Beiträge: 104
#8 COMBOFIXLOG

ComboFix 12-03-10.01 - ChuckNorris 10.03.2012 11:46:01.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3327.2516 [GMT 1:00]
ausgeführt von:: c:\users\ChuckNorris\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\aimandloebx.dat
c:\programdata\E8D0DD5AC6A878E1777F65A44D05CC.exe
c:\programdata\F39E6EF111E04422D815C6F4021B69B.exe
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\users\ChuckNorris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iope0.6762062887055887.exe.lnk
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\rnaph.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-10 bis 2012-03-10 ))))))))))))))))))))))))))))))
.
.
2012-03-10 10:52 . 2012-03-10 10:52 -------- d-----w- c:\users\ChuckNorris\AppData\Local\temp
2012-03-10 10:52 . 2012-03-10 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 14:58 . 2012-03-09 14:58 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 07:31 . 2010-08-26 17:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\spiele\SEGA\Empire Total War\Steam.exe" [2012-01-11 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-11-05 1698304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 136176]
R3 cpuz130;cpuz130;c:\users\CHUCKN~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 FXDrv32;FXDrv32;D:\FXDrv32.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-26 218688]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-28 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-28 6472192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-28 228352]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-15 101904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-02 189440]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1086976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 12:52]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 12:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\users\ChuckNorris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{DBD44FAD-390E-4731-8C65-3A4BA4A9201F}: NameServer = 213.191.74.19 62.109.123.197
FF - ProfilePath - c:\users\ChuckNorris\AppData\Roaming\Mozilla\Firefox\Profiles\kcc2accf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-ctfmon.exe - c:\progra~2\aimandloebx.dat
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1615267906-4240276161-370195877-1000\Software\SecuROM\License information*]
"datasecu"=hex:42,29,51,de,ba,30,19,ad,cd,9d,e0,11,02,fa,9f,7b,e3,2f,e3,89,cc,
4e,2c,e0,fd,60,e1,57,3a,37,d3,34,16,a3,78,61,d1,f0,a4,6c,df,05,ad,6f,cc,20,\
"rkeysecu"=hex:c5,9d,b7,77,43,26,57,2c,a6,b8,ae,3a,7b,7f,cc,c8
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-10 11:53:11
ComboFix-quarantined-files.txt 2012-03-10 10:53
.
Vor Suchlauf: 7 Verzeichnis(se), 586.399.330.304 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 586.409.439.232 Bytes frei
.
- - End Of File - - 8554E800B89180E098FE9CA6FBCBC9EA
Seitenanfang Seitenende
10.03.2012, 12:21
gangren
Member

Beiträge: 420
#9 Ok

Zitat

" Problem beim starten von C:\User\CHUCKN~1\AppData\Local\Temp\iope0.6762062887055887.exe Das angegebene Modul wurde nicht gefunden "
Kommt diese Meldung immer noch?
Seitenanfang Seitenende
10.03.2012, 13:22
Dasmo
Member

Themenstarter

Beiträge: 104
#10 Nein die Meldung ist weg ;) vielen Dank

Was ist mit diesem Polizei sperrungs zeug?
Seitenanfang Seitenende
10.03.2012, 13:38
gangren
Member

Beiträge: 420
#11

Zitat

Was ist mit diesem Polizei sperrungs zeug?
Ich sehe nichts aktives mehr in den Logs. Aber einen machen wir noch zum Schluß:

1. Eset Online Scanner
http://www.eset.de/onlinescanner
(hier sollte der Browser mit Rechtsklick als Administrator gestartet werden)
Poste bitte nach Ende des Scans das Log, normalerweise zu finden unter C:\Programme\Eset\EsetOnlineScanner\log.txt
Seitenanfang Seitenende
10.03.2012, 14:30
Dasmo
Member

Themenstarter

Beiträge: 104
#12 ESET

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7fa311013af2a0418ee1999694a7ccd5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-10 01:08:26
# local_time=2012-03-10 02:08:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 114731 67920315 149595 0
# compatibility_mode=5893 16776573 100 94 19507824 83822509 0 0
# compatibility_mode=8192 67108863 100 0 3740 3740 0 0
# scanned=113498
# found=4
# cleaned=4
# scan_time=1140
C:\Program Files\Oxin's Style!\3D SexVilla 2\Binaries\fc3DSexVillaRun.DE.exe Variante von Win32/Inject.NDT Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C
C:\Program Files\Oxin's Style!\3D SexVilla 2\Binaries\fc3DSexVillaRun.EN.exe Variante von Win32/Inject.NDT Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\aimandloebx.dat.vir Variante von Win32/Kryptik.ACHI Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\E8D0DD5AC6A878E1777F65A44D05CC.exe.vir Variante von Win32/Kryptik.ACGD Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C
Seitenanfang Seitenende
10.03.2012, 14:44
gangren
Member

Beiträge: 420
#13 Vorsicht bei Programmen mit fragwürdiger Herkunft.

Gut, wenn der Rechner ansonsten keine Probleme mehr macht, wären wir durch.

1. Starte OTL und klicke bitte auf Bereinigung. OTL entfernt sich daraufhin selbst.

2. Halte Dein System auf dem neuesten Stand. http://secunia.com/vulnerability_scanning/personal/ kann dabei helfen (kostenlos).

4. Lies Dir das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar

Fertig ;)

Gruß,
gangren
Seitenanfang Seitenende
10.03.2012, 15:19
Dasmo
Member

Themenstarter

Beiträge: 104
#14 Ich danke dir viel mals ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1