Doch ein Schädling?

#0
20.03.2012, 09:44
...neu hier

Beiträge: 10
#1 Hallo zusammen,

ich habe ein ungutes Gefühl, dass ich mir schon wieder etwas eingefangen haben könnte. Außerdem bin ich gestern beim Surfen auf einer Seite gelandet, woraufhin mein Antivirus-Programm gemeldet hat, dass Änderungen am PC durchgeführt wurden im Autostart und Internet Explorer, da hat sich auch Java kurz in der Startleiste neben der Uhr blicken lassen. Ich benutze aber ausschließlich Mozilla FF. Habe die Änderungen wieder rückgängig gemacht, was mir angeboten wurde. Allerdings muss ich sagen, dass ich mich mit meinem Antivirus-Programm (Trend Micro) leider nicht sooo gut auskenne, weil ich es zu unübersichtlich finde... Ich versuche aber mein Bestes. ;)

Ich habe meinen PC vor ca. einem Monat formatiert, da ich oft und gern per OnlineBanking Zahlungen durchführe und ich aufgrund von früheren Erlebnissen mit Schädlingen paranoid geworden bin, aber ich kann ja wohl auch nicht jede Woche formatieren und bitte daher um eure Hilfe. ;)

Ich wollte nach den Info-Threads gehen und habe Malwarebytes installiert, allerdings stehen wiederum in einem anderen Info-Thread andere Anleitungen. Wie soll ich denn nun vorgehen?
Bitte nicht gleich steinigen, ich bin ein wenig von der Flut an Infos überwältigt und bin neu in dem Bereich alternative Schädlings-Bekämpfung.

Liebe Grüße, TxT
Seitenanfang Seitenende
21.03.2012, 13:06
Member

Beiträge: 420
#2 Hi

1. Malwarebytes hast Du ja schon. Aktualisiere das Programmm mache einen Quick-Scan, lasse evtl. Funde entfernen und poste bitte das Log.

2. OTL
http://oldtimer.geekstogo.com/OTL.exe
Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein:

Zitat

msconfig
safebootminimal
netsvcs
und klicke auf Scan. Poste bittedie OTL.txt und Extras.txt
Seitenanfang Seitenende
21.03.2012, 14:57
...neu hier

Themenstarter

Beiträge: 10
#3

Code

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hacer :: HACER-PC [Administrator]

Schutz: Deaktiviert

21.03.2012 14:38:18
mbam-log-2012-03-21 (14-38-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217423
Laufzeit: 2 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Hacer\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hacer\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Das OTL-Programm ist auf Englisch bei mir. Soll ich da "Run Scan" oder "Quick Scan" durchführen?
Seitenanfang Seitenende
21.03.2012, 15:14
...neu hier

Themenstarter

Beiträge: 10
#4 Ich habe mit dem OTL jetzt den Quick Scan durchgeführt. Ich hoffe, dass das passt. ;)

Code

OTL logfile created on: 21.03.2012 15:01:00 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Hacer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,78% Memory free
8,00 Gb Paging File | 6,70 Gb Available in Paging File | 83,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,58 Gb Total Space | 55,54 Gb Free Space | 28,40% Space Free | Partition Type: NTFS
Drive D: | 270,08 Gb Total Space | 250,32 Gb Free Space | 92,68% Space Free | Partition Type: NTFS

Computer Name: HACER-PC | User Name: Hacer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.03.21 14:46:39 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Hacer\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.01.22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.07.29 13:43:48 | 000,258,100 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe
PRC - [2009.05.28 07:58:38 | 000,585,774 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\CDI\cdi.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2006.02.22 15:47:44 | 000,073,728 | R--- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\zlib1.dll
MOD - [2006.02.22 15:47:16 | 000,114,688 | R--- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\libpng13.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012.02.15 04:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2012.02.14 22:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2012.01.10 19:50:45 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:[b]64bit:[/b] - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.03.21 00:17:14 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.10 19:50:45 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Programme\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2012.01.10 19:50:45 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Programme\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.11.08 17:52:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.28 07:58:38 | 000,585,774 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Program Files (x86)\Cherry\CDI\cdi.exe -- (Cherry Device Interface)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012.02.15 04:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012.02.15 03:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012.01.10 19:53:36 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:[b]64bit:[/b] - [2012.01.10 19:53:35 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:[b]64bit:[/b] - [2012.01.10 19:53:30 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:[b]64bit:[/b] - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011.12.05 20:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2011.10.04 22:29:28 | 000,040,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:[b]64bit:[/b] - [2011.10.04 22:29:26 | 000,080,000 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:[b]64bit:[/b] - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:[b]64bit:[/b] - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - [2011.08.17 22:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2011.07.12 11:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:[b]64bit:[/b] - [2011.07.12 11:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:[b]64bit:[/b] - [2011.07.12 11:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:[b]64bit:[/b] - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.01.03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.01.03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3925834581-3721060669-1351815444-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012.01.10 21:41:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.21 22:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.16 22:00:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.10 23:54:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Hacer\AppData\Roaming\11001 [2012.03.19 17:51:16 | 000,000,000 | ---D | M]

[2012.01.10 20:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hacer\AppData\Roaming\mozilla\Extensions
[2012.03.12 07:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hacer\AppData\Roaming\mozilla\Firefox\Profiles\gnc127fm.default\extensions
[2012.02.11 11:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.21 22:34:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.01.10 21:41:29 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX
[2012.03.19 17:51:16 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\HACER\APPDATA\ROAMING\11001
() (No name found) -- C:\USERS\HACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GNC127FM.DEFAULT\EXTENSIONS\ALARM@GUTSCHEINSAMMLER.DE.XPI
[2012.03.16 22:00:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.11 11:55:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.11 11:55:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.11 11:55:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.11 11:55:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.11 11:55:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.11 11:55:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe (MAGIX AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:[b]64bit:[/b] - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.18 195.34.133.19 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F9EF460-3D4A-4716-A167-131E845E270E}: DhcpNameServer = 195.34.133.18 195.34.133.19 195.34.133.21
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:[b]64bit:[/b] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^Users^Hacer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found
MsConfig:64bit - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: [b]APSDaemon[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: [b]BCSSync[/b] - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: [b]Malwarebytes' Anti-Malware[/b] - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.03.21 14:46:38 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Hacer\Desktop\OTL.exe
[2012.03.20 19:05:00 | 000,000,000 | ---D | C] -- C:\Users\Hacer\Documents\MAGIX Downloads
[2012.03.20 19:05:00 | 000,000,000 | ---D | C] -- C:\Users\Hacer\Documents\MAGIX
[2012.03.20 19:04:45 | 000,000,000 | ---D | C] -- C:\Users\Hacer\AppData\Roaming\MAGIX
[2012.03.20 19:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.03.20 19:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.03.20 19:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.03.20 19:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2012.03.20 19:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.03.20 19:00:31 | 212,106,400 | ---- | C] (MAGIX AG) -- C:\Users\Hacer\Desktop\video_deluxe_mx_201mb_d.exe
[2012.03.20 09:20:59 | 000,000,000 | ---D | C] -- C:\Users\Hacer\AppData\Roaming\Malwarebytes
[2012.03.20 09:20:54 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.20 09:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.20 09:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.20 09:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.19 17:51:16 | 000,000,000 | ---D | C] -- C:\Users\Hacer\AppData\Roaming\11001
[2012.03.19 17:50:59 | 000,000,000 | ---D | C] -- C:\Users\Hacer\AppData\Roaming\xmldm
[2012.03.19 17:50:58 | 000,000,000 | ---D | C] -- C:\Users\Hacer\AppData\Roaming\kock
[2012.03.19 09:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.03.19 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.03.19 09:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012.03.19 09:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2012.03.19 09:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.03.19 09:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.03.18 17:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012.03.18 17:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge
[2012.03.09 00:08:19 | 000,000,000 | ---D | C] -- C:\Users\Hacer\AppData\Local\AliensVsPredator
[2012.03.02 16:32:56 | 000,000,000 | ---D | C] -- C:\Users\Hacer\Desktop\Neuer Ordner
[1 C:\Users\Hacer\AppData\Roaming\*.tmp files -> C:\Users\Hacer\AppData\Roaming\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.03.21 14:50:37 | 000,015,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 14:50:37 | 000,015,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 14:46:39 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Hacer\Desktop\OTL.exe
[2012.03.21 14:43:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.21 14:43:21 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.21 14:37:29 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2012.03.21 14:37:29 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2012.03.21 06:54:40 | 000,527,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.20 20:47:23 | 000,000,220 | ---- | M] () -- C:\Users\Hacer\Desktop\The Longest Journey.url
[2012.03.20 19:04:19 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe MX Download-Version.lnk
[2012.03.20 19:01:23 | 212,106,400 | ---- | M] (MAGIX AG) -- C:\Users\Hacer\Desktop\video_deluxe_mx_201mb_d.exe
[2012.03.20 18:29:28 | 000,000,221 | ---- | M] () -- C:\Users\Hacer\Desktop\Mirror's Edge.url
[2012.03.20 09:20:54 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.20 00:06:59 | 000,000,239 | ---- | M] () -- C:\Users\Hacer\AppData\Roaming\urhtps.dat
[2012.03.19 22:19:32 | 000,000,016 | ---- | M] () -- C:\Users\Hacer\AppData\Roaming\blckdom.res
[2012.03.19 17:51:22 | 000,005,624 | ---- | M] () -- C:\Users\Hacer\AppData\Roaming\BAcroIEHelpe.dll
[2012.03.19 15:27:52 | 000,245,833 | ---- | M] () -- C:\Users\Hacer\Desktop\AccountOverview.pdf
[2012.03.19 15:24:28 | 000,109,471 | ---- | M] () -- C:\Users\Hacer\Desktop\AGB.pdf
[2012.03.19 14:48:14 | 001,527,586 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.19 14:48:14 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.19 14:48:14 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.19 14:48:14 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.19 14:48:14 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.19 14:34:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\lame_acm.xml
[2012.03.19 09:26:41 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012.03.18 22:45:58 | 000,000,221 | ---- | M] () -- C:\Users\Hacer\Desktop\DC Universe Online.url
[2012.03.18 17:25:44 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\AION.lnk
[1 C:\Users\Hacer\AppData\Roaming\*.tmp files -> C:\Users\Hacer\AppData\Roaming\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.03.20 20:47:23 | 000,000,220 | ---- | C] () -- C:\Users\Hacer\Desktop\The Longest Journey.url
[2012.03.20 19:04:19 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe MX Download-Version.lnk
[2012.03.20 18:29:28 | 000,000,221 | ---- | C] () -- C:\Users\Hacer\Desktop\Mirror's Edge.url
[2012.03.20 09:20:54 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.19 19:19:45 | 000,000,239 | ---- | C] () -- C:\Users\Hacer\AppData\Roaming\urhtps.dat
[2012.03.19 17:51:22 | 000,005,624 | ---- | C] () -- C:\Users\Hacer\AppData\Roaming\BAcroIEHelpe.dll
[2012.03.19 17:51:12 | 000,000,016 | ---- | C] () -- C:\Users\Hacer\AppData\Roaming\blckdom.res
[2012.03.19 15:27:51 | 000,245,833 | ---- | C] () -- C:\Users\Hacer\Desktop\AccountOverview.pdf
[2012.03.19 15:24:27 | 000,109,471 | ---- | C] () -- C:\Users\Hacer\Desktop\AGB.pdf
[2012.03.19 14:34:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\lame_acm.xml
[2012.03.19 09:26:41 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012.03.18 22:45:58 | 000,000,221 | ---- | C] () -- C:\Users\Hacer\Desktop\DC Universe Online.url
[2012.03.18 17:25:44 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\AION.lnk
[2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 10:54:52 | 004,790,272 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.01.11 00:22:12 | 000,000,000 | ---- | C] () -- C:\Windows\NIVEA-DiamondGloss-Screensaver.ini
[2012.01.10 20:58:34 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.10 20:25:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.12 15:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.01.04 13:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012.03.19 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\11001
[2012.01.10 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\Cherry
[2012.02.01 20:44:35 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\fltk.org
[2012.03.19 17:50:58 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\kock
[2012.01.10 21:28:02 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\Leadertech
[2012.03.20 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\MAGIX
[2012.01.10 21:53:52 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\PhotoFiltre 7
[2012.01.22 23:59:03 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\Shark007
[2012.01.23 00:03:03 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\Win7codecs
[2012.03.21 12:26:42 | 000,000,000 | ---D | M] -- C:\Users\Hacer\AppData\Roaming\xmldm
[2012.03.07 07:22:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

Code

OTL Extras logfile created on: 21.03.2012 15:01:00 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Hacer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,78% Memory free
8,00 Gb Paging File | 6,70 Gb Available in Paging File | 83,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,58 Gb Total Space | 55,54 Gb Free Space | 28,40% Space Free | Partition Type: NTFS
Drive D: | 270,08 Gb Total Space | 250,32 Gb Free Space | 92,68% Space Free | Partition Type: NTFS

Computer Name: HACER-PC | User Name: Hacer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3925834581-3721060669-1351815444-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"x64 Components_is1" = x64 Components v3.4.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{6635B372-E2C5-4C2F-97FB-D1766E017CEE}" = MAGIX Screenshare
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B04D7083-F906-4369-9AA5-DFCC98A05CD9}" = MAGIX Video deluxe MX Download-Version
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
"{BFD631C4-FBB5-4AC5-B807-9137B265628C}" = MAGIX Speed burnR (MSI)
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V4.0 Build 5
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"DivX Setup" = DivX-Setup
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Gadwin PrintScreen" = Gadwin PrintScreen
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mp3tag" = Mp3tag v2.49a
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NIVEA-DiamondGloss-Screensaver_is1" = NIVEA-DiamondGloss-Screensaver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Steam App 10680" = Aliens vs. Predator
"Steam App 17410" = Mirror's Edge
"Steam App 19680" = Alice: Madness Returns
"Steam App 24200" = DC Universe Online
"Steam App 48000" = LIMBO
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6310" = The Longest Journey
"WinGimp-2.0_is1" = GIMP 2.6.11

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3925834581-3721060669-1351815444-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre 7" = PhotoFiltre 7

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 19.03.2012 10:40:30 | Computer Name = Hacer-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 19.03.2012 12:51:06 | Computer Name = Hacer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.300.12, Zeitstempel:
0x4ebba126  Name des fehlerhaften Moduls: RASAPI32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdad7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000d7bb  ID des fehlerhaften
Prozesses: 0x19c0  Startzeit der fehlerhaften Anwendung: 0x01cd05f0723e274c  Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Java\jre6\bin\java.exe  Pfad des fehlerhaften
Moduls: C:\Windows\system32\RASAPI32.dll  Berichtskennung: b7e34776-71e3-11e1-b1d9-00252244b9dc

Error - 20.03.2012 05:10:00 | Computer Name = Hacer-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 20.03.2012 05:15:24 | Computer Name = Hacer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\trend
micro\internet security\component\framework\200\UfNavi.exe".  Die abhängige Assemblierung
"Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 20.03.2012 05:15:24 | Computer Name = Hacer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\trend
micro\internet security\component\framework\200\UfSeAgnt.exe".  Die abhängige Assemblierung
"Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 20.03.2012 05:15:24 | Computer Name = Hacer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\trend
micro\internet security\component\framework\200\UfUpdUi.exe".  Die abhängige Assemblierung
"Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 21.03.2012 02:39:32 | Computer Name = Hacer-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 21.03.2012 07:48:53 | Computer Name = Hacer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\trend
micro\internet security\component\framework\200\UfNavi.exe".  Die abhängige Assemblierung
"Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 21.03.2012 07:48:53 | Computer Name = Hacer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\trend
micro\internet security\component\framework\200\UfSeAgnt.exe".  Die abhängige Assemblierung
"Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 21.03.2012 07:48:53 | Computer Name = Hacer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\trend
micro\internet security\component\framework\200\UfUpdUi.exe".  Die abhängige Assemblierung
"Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

[ System Events ]
Error - 21.03.2012 01:54:44 | Computer Name = Hacer-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 21.03.2012 01:54:46 | Computer Name = Hacer-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 21.03.2012 02:00:43 | Computer Name = Hacer-PC | Source = BROWSER | ID = 8032
Description =

Error - 21.03.2012 07:16:12 | Computer Name = Hacer-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 21.03.2012 07:16:15 | Computer Name = Hacer-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 21.03.2012 07:26:05 | Computer Name = Hacer-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 21.03.2012 07:26:05 | Computer Name = Hacer-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet:   %%1053

Error - 21.03.2012 08:14:04 | Computer Name = Hacer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 21.03.2012 09:33:34 | Computer Name = Hacer-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2

Error - 21.03.2012 09:43:32 | Computer Name = Hacer-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2


< End of report >
Seitenanfang Seitenende
21.03.2012, 16:33
Member

Beiträge: 420
#5 Nun, ist tatsächlich Malware, die Online-Banking Daten stiehlt. Entweder sitzt noch was im MBR, oder Du holst Dir das Ding immer wieder selbst auf die Kiste, z. B. durch Installation unvertrauenswürdiger Programme. Generell empfehle ich für's Online-Banking die Benutzung einer Linux Version, z. B. sowas wie Knoppix: http://www.knoppix.org/

1. Starte OTL, kopiere unten in das Skript-Feld rein:

Zitat


:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Hacer\AppData\Roaming\11001 [2012.03.19 17:51:16 | 000,000,000 | ---D | M]
[2012.03.19 17:51:16 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\HACER\APPDATA\ROAMING\11001
() (No name found) -- C:\USERS\HACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GNC127FM.DEFAULT\EXTENSIONS\ALARM@GUTSCHEINSAMMLER.DE.XPI
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012.03.19 17:51:16 | 000,000,000 | ---D | C] -- C:\Users\Hacer\AppData\Roaming\11001
[2012.03.19 17:50:59 | 000,000,000 | ---D | C] -- C:\Users\Hacer\AppData\Roaming\xmldm
[2012.03.19 17:50:58 | 000,000,000 | ---D | C] -- C:\Users\Hacer\AppData\Roaming\kock

:Commands
[emptytemp]
[emptyflash]

und klicke auf Run Fix. Poste bitte das Fix-Log.

2. Lade aswmbr von avast! herunter
http://public.avast.com/~gmerek/aswMBR.exe
Starte das Programm
wähle "Ja" bei der Frage nach avast-Engine.
Klicke auf Scan
Klicke nach dem Scan auf Save Log, speichere es ab und poste es bitte hier (nichts "Fixen")
Seitenanfang Seitenende
21.03.2012, 17:42
...neu hier

Themenstarter

Beiträge: 10
#6 Also ich weiß nicht, was MBR bedeutet, aber ich achte eigentlich viel genauer als früher drauf, was genau ich mir auf den PC packe. Ich glaube, es kommt von meiner Liebe fürs Rumsurfen und das viele Googlen... Und nein, ich bin auch nicht auf unanständigen Seiten unterwegs. ;)
Danke für den Tipp mit Knoppix, ich werde es mir bei Gelegenheit anschauen.

Code

All processes killed
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Hacer\AppData\Roaming\11001 not found.
C:\USERS\HACER\APPDATA\ROAMING\11001\components folder moved successfully.
C:\USERS\HACER\APPDATA\ROAMING\11001 folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Folder C:\Users\Hacer\AppData\Roaming\11001\ not found.
C:\Users\Hacer\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Hacer\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 148467 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hacer
->Temp folder emptied: 21653114 bytes
->Temporary Internet Files folder emptied: 33930691 bytes
->Java cache emptied: 213420 bytes
->FireFox cache emptied: 67364703 bytes
->Flash cache emptied: 470 bytes

User: Public

User: Testuser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127071402 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 239,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Hacer
->Flash cache emptied: 0 bytes

User: Public

User: Testuser

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03212012_172454

Files\Folders moved on Reboot...
C:\Users\Hacer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Leider hat sich aswmbr beim Scannen aufgehängt mit: "avast Antirootkit! funktioniert nicht mehr [...] Programm schließen".
Ich versuche es gleich nochmal!
Seitenanfang Seitenende
21.03.2012, 17:50
...neu hier

Themenstarter

Beiträge: 10
#7 Leider hängt sich das Programm schon wieder auf, dabei habe ich alle unnötigen Programme sowie mein Antivir ausgeschaltet und den PC neugestartet... ;)
Seitenanfang Seitenende
21.03.2012, 20:32
Member

Beiträge: 420
#8 Hm, ok, dann lass aswmbr erstmal.

1. Folge nun dieser Anleitung
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
und poste das Log.
Seitenanfang Seitenende
22.03.2012, 10:05
...neu hier

Themenstarter

Beiträge: 10
#9 Ach ja, nach OTL wurden meine Ordneroptionen zurückgesetzt, z.B. dass bekannte Dateitypenerweiterungen wieder ausgeblendet wurden. Ich hoffe, das ist normal, habe es aber wieder geändert.

Und wie gewünscht, die ComboFix-Log nach Anleitung.
Bitte schön:

Code

ComboFix 12-03-22.01 - Hacer 22.03.2012   9:44.1.6 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.4095.2686 [GMT 1:00]
ausgeführt von:: c:\users\Hacer\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hacer\AppData\Roaming\AcroIEHelpe.txt
c:\users\Hacer\AppData\Roaming\BAcroIEHelpe.dll
c:\users\Hacer\AppData\Roaming\srvblck2.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-22 bis 2012-03-22  ))))))))))))))))))))))))))))))
.
.
2012-03-22 07:58 . 2012-03-22 08:00    --------    d-----w-    c:\users\Hacer\AppData\Roaming\Canon
2012-03-22 07:55 . 2012-03-22 07:55    --------    d--h--w-    c:\programdata\CanonIJEPPEX2
2012-03-22 07:55 . 2012-03-22 07:55    --------    d--h--w-    c:\programdata\CanonEPP
2012-03-22 07:55 . 2012-03-22 07:55    --------    d-----w-    c:\program files\Canon
2012-03-22 07:39 . 2012-03-22 07:57    --------    d-----w-    c:\program files (x86)\Canon
2012-03-22 07:36 . 2009-04-07 15:11    252928    ----a-w-    c:\windows\system32\CNMN6PPM.DLL
2012-03-22 07:36 . 2009-04-07 15:11    153088    ----a-w-    c:\windows\system32\CNMN6UI.DLL
2012-03-22 07:36 . 2009-04-07 15:07    364032    ----a-w-    c:\windows\SysWow64\CNMNPPM.DLL
2012-03-22 07:34 . 2012-03-22 07:34    --------    d--h--w-    c:\programdata\CanonBJ
2012-03-22 07:34 . 2006-09-13 04:00    80896    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPP88.DLL
2012-03-22 07:34 . 2006-09-13 04:00    27136    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPD88.DLL
2012-03-22 07:34 . 2012-03-22 07:34    --------    d--h--w-    c:\windows\system32\CanonIJ Uninstaller Information
2012-03-22 07:33 . 2006-09-13 04:00    234496    ----a-w-    c:\windows\system32\CNMLM88.DLL
2012-03-22 07:33 . 2006-06-29 13:30    17408    ----a-w-    c:\windows\system32\cnco600R.DLL
2012-03-22 07:33 . 2006-09-08 10:01    1336320    ----a-w-    c:\windows\system32\CNCC600R.DLL
2012-03-22 07:33 . 2006-09-08 10:01    49664    ----a-w-    c:\windows\system32\CNCI600R.DLL
2012-03-22 07:33 . 2006-05-26 15:23    92160    ----a-w-    c:\windows\system32\CNCL600R.DLL
2012-03-21 22:34 . 2012-03-21 22:34    --------    d-----w-    c:\users\Hacer\AppData\Local\SCE
2012-03-21 21:40 . 2012-03-21 21:40    --------    d-----w-    c:\program files (x86)\Common Files\Java
2012-03-21 21:40 . 2012-03-21 21:40    525544    ----a-w-    c:\windows\system32\deployJava1.dll
2012-03-21 21:40 . 2012-03-21 21:40    --------    d-----w-    c:\program files\Java
2012-03-21 21:38 . 2012-03-21 21:39    414368    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 21:37 . 2012-03-21 21:37    --------    d-----w-    c:\windows\system32\appmgmt
2012-03-21 16:24 . 2012-03-21 16:24    --------    d-----w-    C:\_OTL
2012-03-20 18:04 . 2012-03-20 18:05    --------    d-----w-    c:\users\Hacer\AppData\Roaming\MAGIX
2012-03-20 18:03 . 2012-03-20 18:03    --------    d-----w-    c:\program files (x86)\MAGIX
2012-03-20 18:03 . 2012-03-20 18:05    --------    d-----w-    c:\programdata\MAGIX
2012-03-20 18:03 . 2012-03-20 18:03    --------    d-----w-    c:\program files (x86)\Common Files\MAGIX Services
2012-03-20 18:02 . 2012-03-20 18:02    --------    d-----w-    c:\program files (x86)\MSXML 4.0
2012-03-20 08:20 . 2012-03-20 08:20    --------    d-----w-    c:\users\Hacer\AppData\Roaming\Malwarebytes
2012-03-20 08:20 . 2012-03-20 08:20    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-20 08:20 . 2012-03-20 08:20    --------    d-----w-    c:\programdata\Malwarebytes
2012-03-20 08:20 . 2011-12-10 14:24    23152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-03-19 08:33 . 2012-03-19 08:33    --------    d-----w-    c:\programdata\ATI
2012-03-19 08:26 . 2012-03-19 08:26    --------    d-----w-    c:\program files (x86)\AMD AVT
2012-03-19 08:26 . 2012-03-19 08:26    --------    d-----w-    c:\program files\AMD
2012-03-19 08:26 . 2012-03-19 08:26    --------    d-----w-    c:\program files (x86)\AMD
2012-03-19 08:26 . 2012-03-19 08:26    --------    d-----w-    c:\program files (x86)\AMD APP
2012-03-18 16:25 . 2012-03-18 16:25    --------    d-----w-    c:\program files (x86)\Gameforge
2012-03-16 21:00 . 2012-03-16 21:00    592824    ----a-w-    c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-16 21:00 . 2012-03-16 21:00    44472    ----a-w-    c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 00:36 . 2011-11-19 15:20    5559152    ----a-w-    c:\windows\system32\ntoskrnl.exe
2012-03-15 00:36 . 2011-11-19 14:50    3968368    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 00:36 . 2011-11-19 14:50    3913584    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:34 . 2012-02-03 04:34    3145728    ----a-w-    c:\windows\system32\win32k.sys
2012-03-14 17:34 . 2012-02-10 06:36    1544192    ----a-w-    c:\windows\system32\DWrite.dll
2012-03-14 17:34 . 2012-02-10 05:38    1077248    ----a-w-    c:\windows\SysWow64\DWrite.dll
2012-03-14 09:22 . 2012-02-17 06:38    1031680    ----a-w-    c:\windows\system32\rdpcore.dll
2012-03-14 09:22 . 2012-02-17 05:34    826880    ----a-w-    c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:22 . 2012-02-17 04:58    210944    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:22 . 2012-02-17 04:57    23552    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:22 . 2012-01-25 06:38    77312    ----a-w-    c:\windows\system32\rdpwsx.dll
2012-03-14 09:22 . 2012-01-25 06:38    149504    ----a-w-    c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:22 . 2012-01-25 06:33    9216    ----a-w-    c:\windows\system32\rdrmemptylst.exe
2012-03-08 23:08 . 2012-03-08 23:08    --------    d-----w-    c:\users\Hacer\AppData\Local\AliensVsPredator
2012-02-24 01:26 . 2012-02-24 01:26    162664    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 21:40 . 2012-01-10 19:51    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-02-15 03:48 . 2012-02-15 03:48    10856960    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21    25839104    ----a-w-    c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18    159744    ----a-w-    c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18    791040    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2012-02-15 03:17    957952    ----a-w-    c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13    442368    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13    496128    ----a-w-    c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13    235520    ----a-w-    c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10    21504    ----a-w-    c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07    6200320    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58    19392000    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2012-02-15 02:52    7646208    ----a-w-    c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41    1113088    ----a-w-    c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40    1828864    ----a-w-    c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40    4958208    ----a-w-    c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34    51200    ----a-w-    c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34    46080    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34    44544    ----a-w-    c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34    44032    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34    5954048    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34    13859840    ----a-w-    c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29    5062656    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29    11561984    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25    7551488    ----a-w-    c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-11-10 02:18    58880    ----a-w-    c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14    512000    ----a-w-    c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13    356352    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13    17408    ----a-w-    c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13    14336    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13    14336    ----a-w-    c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13    39936    ----a-w-    c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13    33280    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13    327680    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2012-02-15 02:12    43008    ----a-w-    c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12    33280    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12    39936    ----a-w-    c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12    30208    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11    54784    ----a-w-    c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11    54784    ----a-w-    c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11    53760    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11    53760    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05    69632    ----a-w-    c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05    59904    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05    61952    ----a-w-    c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05    54784    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05    16507904    ----a-w-    c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04    13238272    ----a-w-    c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03    54272    ----a-w-    c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03    48128    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2012-01-31 05:02 . 2012-01-31 05:02    21504    ----a-w-    c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00    16896    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2012-01-21 14:23 . 2012-01-21 14:23    74752    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-21 14:23 . 2012-01-21 14:23    161792    ----a-w-    c:\windows\SysWow64\msls31.dll
2012-01-21 14:23 . 2012-01-21 14:23    86528    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2012-01-21 14:23 . 2012-01-21 14:23    76800    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-21 14:23 . 2012-01-21 14:23    74752    ----a-w-    c:\windows\SysWow64\iesetup.dll
2012-01-21 14:23 . 2012-01-21 14:23    63488    ----a-w-    c:\windows\SysWow64\tdc.ocx
2012-01-21 14:23 . 2012-01-21 14:23    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2012-01-21 14:23 . 2012-01-21 14:23    420864    ----a-w-    c:\windows\SysWow64\vbscript.dll
2012-01-21 14:23 . 2012-01-21 14:23    367104    ----a-w-    c:\windows\SysWow64\html.iec
2012-01-21 14:23 . 2012-01-21 14:23    23552    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2012-01-21 14:23 . 2012-01-21 14:23    152064    ----a-w-    c:\windows\SysWow64\wextract.exe
2012-01-21 14:23 . 2012-01-21 14:23    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2012-01-21 14:23 . 2012-01-21 14:23    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2012-01-21 14:23 . 2012-01-21 14:23    89088    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2012-01-21 14:23 . 2012-01-21 14:23    35840    ----a-w-    c:\windows\SysWow64\imgutil.dll
2012-01-21 14:23 . 2012-01-21 14:23    222208    ----a-w-    c:\windows\system32\msls31.dll
2012-01-21 14:23 . 2012-01-21 14:23    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-01-21 14:23 . 2012-01-21 14:23    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2012-01-21 14:23 . 2012-01-21 14:23    12288    ----a-w-    c:\windows\system32\mshta.exe
2012-01-21 14:23 . 2012-01-21 14:23    11776    ----a-w-    c:\windows\SysWow64\mshta.exe
2012-01-21 14:23 . 2012-01-21 14:23    114176    ----a-w-    c:\windows\system32\admparse.dll
2012-01-21 14:23 . 2012-01-21 14:23    101888    ----a-w-    c:\windows\SysWow64\admparse.dll
2012-01-21 14:23 . 2012-01-21 14:23    91648    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2012-01-21 14:23 . 2012-01-21 14:23    85504    ----a-w-    c:\windows\system32\iesetup.dll
2012-01-21 14:23 . 2012-01-21 14:23    76800    ----a-w-    c:\windows\system32\tdc.ocx
2012-01-21 14:23 . 2012-01-21 14:23    603648    ----a-w-    c:\windows\system32\vbscript.dll
2012-01-21 14:23 . 2012-01-21 14:23    49664    ----a-w-    c:\windows\system32\imgutil.dll
2012-01-21 14:23 . 2012-01-21 14:23    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2012-01-21 14:23 . 2012-01-21 14:23    448512    ----a-w-    c:\windows\system32\html.iec
2012-01-21 14:23 . 2012-01-21 14:23    30720    ----a-w-    c:\windows\system32\licmgr10.dll
2012-01-21 14:23 . 2012-01-21 14:23    165888    ----a-w-    c:\windows\system32\iexpress.exe
2012-01-21 14:23 . 2012-01-21 14:23    160256    ----a-w-    c:\windows\system32\wextract.exe
2012-01-21 14:23 . 2012-01-21 14:23    135168    ----a-w-    c:\windows\system32\IEAdvpack.dll
2012-01-21 14:23 . 2012-01-21 14:23    111616    ----a-w-    c:\windows\system32\iesysprep.dll
2012-01-18 09:54 . 2012-01-22 22:57    4603904    ----a-w-    c:\windows\system32\x264vfw.dll
2012-01-18 09:54 . 2012-01-18 09:54    4790272    ----a-w-    c:\windows\SysWow64\x264vfw.dll
2012-01-10 23:35 . 2012-01-10 23:22    624640    ----a-w-    c:\windows\NIVEA-DiamondGloss-Screensaver.scr
2012-01-10 20:28 . 2012-01-10 20:28    53248    ----a-r-    c:\users\Hacer\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-10 20:27 . 2012-01-10 20:27    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2012-01-10 18:53 . 2012-01-10 18:53    339984    ----a-w-    c:\windows\system32\drivers\tmwfp.sys
2012-01-10 18:53 . 2012-01-10 18:53    107536    ----a-w-    c:\windows\system32\drivers\tmtdi.sys
2012-01-10 18:53 . 2012-01-10 18:53    200720    ----a-w-    c:\windows\system32\drivers\tmlwf.sys
2012-01-10 18:42 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
2012-01-10 18:42 . 2009-07-14 02:36    152576    ----a-w-    c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CherryKeyMan"="c:\program files (x86)\Cherry\KeyMan\KeyMan.exe" [2009-07-29 258100]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Cherry Device Interface;Cherry Device Interface;c:\program files (x86)\Cherry\CDI\cdi.exe [2009-05-28 585774]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2012-01-10 595960]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2012-01-10 917768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44    81024    ----a-w-    c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
TCP: DhcpNameServer = 195.34.133.18 195.34.133.19 195.34.133.21
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
FF - ProfilePath - c:\users\Hacer\AppData\Roaming\Mozilla\Firefox\Profiles\gnc127fm.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-22  09:55:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-22 08:55
.
Vor Suchlauf: 9 Verzeichnis(se), 57.240.662.016 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 57.216.774.144 Bytes frei
.
- - End Of File - - 30C0E8312929D26025868F46999BC738
Und ein Dankeschön zwischendurch für deine Hilfe! Vielleicht ist es nur Einbildung, aber es kommt mir vor, als arbeite mein PC seit gestern um einiges schneller, Internet lädt auch fixer usw.


EDIT: Oh, ist das auch noch interessant? Das habe ich aus der Datei "ComboFix-quarantined-files.txt":

Code

2012-03-22 08:54:29 . 2012-03-22 08:54:29              223 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}.reg.dat
2012-03-22 08:49:03 . 2012-03-22 08:49:03            4,055 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-03-22 08:43:49 . 2012-03-22 08:43:49               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-03-19 16:51:22 . 2012-03-19 16:51:22            5,624 ----a-w-  C:\Qoobox\Quarantine\C\Users\Hacer\AppData\Roaming\BAcroIEHelpe.dll.vir
2012-03-19 16:51:22 . 2012-03-19 16:51:22               65 ----a-w-  C:\Qoobox\Quarantine\C\Users\Hacer\AppData\Roaming\AcroIEHelpe.txt.vir
2012-03-19 16:51:05 . 2012-03-19 16:51:05              136 ----a-w-  C:\Qoobox\Quarantine\C\Users\Hacer\AppData\Roaming\srvblck2.tmp.vir
Dieser Beitrag wurde am 22.03.2012 um 10:30 Uhr von TxT editiert.
Seitenanfang Seitenende
22.03.2012, 11:02
Member

Beiträge: 420
#10

Zitat

Ach ja, nach OTL wurden meine Ordneroptionen zurückgesetzt, z.B. dass bekannte Dateitypenerweiterungen wieder ausgeblendet wurden. Ich hoffe, das ist normal, habe es aber wieder geändert.
Jepp, ist normal.

So, das Log von Combofix sieht gut aus, trotzdem möchte ich noch den MBR prüfen, um sich den Rücken frei zu halten. Da aswmbr nicht will, versuchen wir mal einen anderen:

1. Hol Dir bitte den RougueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Stelle sicher, dass das Häckchen bei "MBR Scan" gesetzt ist.
Klicke auf "Scan"
Warte, bis der Scan beendet ist, klicke dann auf "Report" und poste das Log.

Zitat

EDIT: Oh, ist das auch noch interessant? Das habe ich aus der Datei "ComboFix-quarantined-files.txt"
Das ist eine Auflistung dessen, was Combofix gemacht hat. Der Ordner Qoobox wird von dem Programm erstellt, dort werden dann Sicherungen des Gelöschten und diverse Logs abgespeichert. Ist vor allem dann interessant, wenn was schief geht.
Seitenanfang Seitenende
22.03.2012, 11:16
...neu hier

Themenstarter

Beiträge: 10
#11 Mit dem Programm hats super funktioniert.

Code

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Hacer [Admin rights]
Mode: Scan -- Date: 03/22/2012 11:14:42

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\NIVEA-~1.SCR) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502HJ SATA Disk Device +++++
--- User ---
[MBR] 2f5b260fc76e7e08936b08eb0bbb0799
[BSP] e8a2ed5a5222671b528a297790767034 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 200272 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 410364360 | Size: 276564 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
Seitenanfang Seitenende
22.03.2012, 11:33
Member

Beiträge: 420
#12 Ok, sieht gut aus. Dann noch einen letzten:

1. Eset Online Scanner
http://www.eset.de/onlinescanner
(hier sollte der Browser mit Rechtsklick als Administrator gestartet werden)
Poste bitte nach Ende des Scans das Log, normalerweise zu finden unter C:\Programme\Eset\EsetOnlineScanner\log.txt
Seitenanfang Seitenende
22.03.2012, 13:35
...neu hier

Themenstarter

Beiträge: 10
#13 Also, erstmal hats bei mir wieder rumgezickt und wollte nicht updaten aufgrund von Proxy-Einstellungen oder so. Dann hab ich mal in den Einstellungen von FF geguckt und tatsächlich war da komischerweise "Proxy-Einstellungen des Systems verwenden" aktiviert. Das hab ich auf "Kein Proxy" umgestellt... Daraufhin lief das Programm!

Code

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1e6f5e80f46baa418594ba2e818c08bc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-22 12:29:39
# local_time=2012-03-22 01:29:39 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=513 16777086 100 97 3660 67925120 0 0
# compatibility_mode=5893 16776574 66 85 6197705 84045106 0 0
# compatibility_mode=8192 67108863 100 0 4978 4978 0 0
# scanned=281321
# found=2
# cleaned=2
# scan_time=4123
C:\Qoobox\Quarantine\C\Users\Hacer\AppData\Roaming\BAcroIEHelpe.dll.vir    Win32/Spy.Agent.NYS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)    00000000000000000000000000000000    C
C:\_OTL\MovedFiles\03212012_172454\C_USERS\HACER\APPDATA\ROAMING\11001\components\AcroFF.dll    möglicherweise Variante von Win32/Spy.Banker.WZJ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)    00000000000000000000000000000000    C
Seitenanfang Seitenende
22.03.2012, 13:52
Member

Beiträge: 420
#14 Interessant, normalerweise zeigen sich solche Proxy-Einstellungen im OTL-Log, diese Malware war schlauer. Aber Ende gut, alles gut, Eset fand nur noch bereits gelöschtes Zeug in Quarantäne. Wenn der PC keine Probleme mehr macht, wären wir durch:

1. Starte OTL und klicke bitte auf Clean Up. OTL entfernt sich daraufhin selbst.

2. Ändere alle Deine Passwörter (E-Mail etc.), da möglicherweise die aktuellen abgeschöpft wurden. Für die Erstellung von sicheren Passwörtern und deren Verwaltung, empfehle ich ein Programm wie z.B. KeePass http://keepass.info/

3. Halte Dein System auf dem neuesten Stand. http://secunia.com/vulnerability_scanning/personal/ kann dabei helfen (kostenlos).

4. Lies Dir das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar

Fertig ;)

Gruß,
gangren
Seitenanfang Seitenende
22.03.2012, 14:14
...neu hier

Themenstarter

Beiträge: 10
#15 Erstmal vielen lieben Dank für deine Hilfe! Eigentlich habe ich keine Probleme derzeit, ich hoffe, das bleibt auch so.

Ich habe da aber noch eine kleine Frage. Ist dieser Eintrag von OTL eventuell auch infiziert?

Code

[2012.03.19 17:51:12 | 000,000,016 | ---- | C] () -- C:\Users\Hacer\AppData\Roaming\blckdom.res
In meinem Anfangspost hatte ich ja geschrieben, dass sich wohl beim Surfen etwas eingeschlichen hat. Das war so gegen 6 Uhr abends. Beim Fixen mit OTL hast du Einträge angegeben, bei denen die Uhrzeit 17:50 / 17:51 vom selben Tag davor steht. Die gleiche Uhrzeit steht auch vor oben genanntem Eintrag und befindet sich im selben Verzeichnis. Oder ist das Zufall?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »