Home » Spyware & Browser Hijacker Support Forum » HijackThis - Bitte überprüfen! » Themenansicht

HijackThis - Bitte überprüfen!
#0
27.10.2010, 21:09
Chou
Member

Beiträge: 12
#1 Guten Abend liebe Leute!
ich hoffe ihr könnt mir helfen >_<
mein CA Antivirus kann diesen blöden Hijacker "WebSearch Tool" nicht löschen...
und bei der Auswertung von HiJackThis kenn ich mich überhaupt nicht aus x_x

hier mal die Kopie von der Text-Datei

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:14, on 27.10.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\OfferBox\OfferBox.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Users\Chou\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2206084
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
R3 - URLSearchHook: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [setc] C:\Program Files (x86)\MySecurityCenter\Programs\setc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [OfferBox] C:\Program Files (x86)\OfferBox\OfferBox.exe
O4 - HKCU\..\Run: [MSNCleaner] C:\Users\Chou\Desktop\MsnCleaner\MSNCleaner.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.localhost
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O18 - Protocol: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDToolbar.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Program Files (x86)\MySecurityCenter\Programs\service.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinSock Extention Manager (WinExtManager) - Unknown owner - C:\Windows\SysWOW64\mdmcls32.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\Windows\SysWOW64\svcprs32.exe
O23 - Service: WinSvchostManagerSrv - Unknown owner - C:\Windows\SysWOW64\cfgmig32.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16024 bytes

ich hoffe ihr könnt mir helfen und schonmal danke dafür!

Greez
Seitenanfang Seitenende
28.10.2010, 22:05
Swisstreasure
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

Lade Malwarebytes Anti-Malware (ca. 2 MB) von diesem Downloadspiegel herunter:

Malwarebytes


* Anwendbar auf Windows 2000, XP, Vista und Windows 7.
* Installiere das Programm in den vorgegebenen Pfad.
* Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
* Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
* Aktiviere "Komplett Scan durchführen" => Scan.
* Wähle alle verfügbaren Laufwerke aus und starte den Scan.
* Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
* Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
* Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
* Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
* Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
* Berichte, wie der Rechner nun läuft.

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
• Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
30.10.2010, 20:27
Chou
Member

Themenstarter

Beiträge: 12
#3 Guten Abend Leute!

Hier mal die Text-Datei vom Anti-Maleware

Code

 Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4999

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.10.2010 20:11:15
mbam-log-2010-10-30 (20-11-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 237447
Laufzeit: 48 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)





und jetzt die von OTL.txt

Code

 OTL logfile created on: 30.10.2010 20:12:39 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Chou\Desktop\HiJackThis
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 40,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,38 Gb Total Space | 530,01 Gb Free Space | 90,85% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTINE | User Name: Chou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Chou\Desktop\HiJackThis\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Windows\SysWOW64\cfgmig32.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\OfferBox\OfferBox.exe (Secure Digital Services)
PRC - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Light\CAGlobalLight.exe (CallingID Ltd.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\svcprs32.exe ()
PRC - C:\Windows\SysWOW64\mdmcls32.exe ()
PRC - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\MySecurityCenter\Programs\service.exe ()
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc. and H.C. Top Systems B.V.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Chou\Desktop\HiJackThis\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\UmxSbxExw.dll (CA)
MOD - C:\Windows\SysWOW64\UmxSbxw.dll (CA)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:[b]64bit:[/b] - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:[b]64bit:[/b] - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
SRV:[b]64bit:[/b] - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:[b]64bit:[/b] - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV:[b]64bit:[/b] - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WinSvchostManagerSrv) -- C:\Windows\SysWOW64\cfgmig32.exe ()
SRV - (ccSchedulerSVC) -- C:\Programme\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CAISafe) -- C:\Programme\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (WinSvchostManager) -- C:\Windows\SysWOW64\svcprs32.exe ()
SRV - (WinExtManager) -- C:\Windows\SysWOW64\mdmcls32.exe ()
SRV - (UmxPol) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxCfg) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (MySecurityCenter License Service) -- C:\Program Files (x86)\MySecurityCenter\Programs\service.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:[b]64bit:[/b] - (KmxAMRT) -- C:\Windows\SysNative\drivers\KmxAMRT.sys (CA)
DRV:[b]64bit:[/b] - (KmxAgent) -- C:\Windows\SysNative\drivers\KmxAgent.sys (CA)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (KmxCfg) -- C:\Windows\SysNative\drivers\KmxCfg.sys (CA)
DRV:[b]64bit:[/b] - (KmxSbx) -- C:\Windows\SysNative\drivers\KmxSbx.sys (CA)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (KmxFile) -- C:\Windows\SysNative\drivers\KmxFile.sys (CA)
DRV:[b]64bit:[/b] - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (KmxCF) -- C:\Windows\SysNative\drivers\KmxCF.sys (CA)
DRV:[b]64bit:[/b] - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (KmxFw) -- C:\Windows\SysNative\drivers\KmxFw.sys (CA)
DRV:[b]64bit:[/b] - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (KmxFilter) -- C:\Windows\SysNative\drivers\KmxFilter.sys (CA)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:[b]64bit:[/b] - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:[b]64bit:[/b] - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2206084
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F A6 DC 68 39 24 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:1.2.1.24
FF - prefs.js..extensions.enabledItems: {8b02914c-4e6b-4410-90e1-1a2b1b69b12d}:1.2.1.24
FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:1.0.1.4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\Firefox [2010.04.20 20:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\LinkAdvisor\Firefox [2010.04.20 20:45:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\LinkAdvisor\Firefox [2010.04.20 20:45:45 | 000,000,000 | ---D | M]
 
[2010.06.03 12:23:12 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\mozilla\Extensions
[2010.07.30 19:44:45 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\mozilla\Firefox\Profiles\2ycsc98a.default\extensions
[2010.07.30 19:44:46 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\Chou\AppData\Roaming\mozilla\Firefox\Profiles\2ycsc98a.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
 
O1 HOSTS File: ([2010.10.11 19:35:24 | 000,000,687 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:[b]64bit:[/b] - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [OOTag] C:\Windows\OOBEOffer\OOBEOffer\OOTag.exe (Microsoft)
O4:[b]64bit:[/b] - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [setc] C:\Program Files (x86)\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [MsgCenterExe] C:\Program Files (x86)\Common Files\Real\Update_OB\RealOneMessageCenter.exe File not found
O4 - HKCU..\Run: [MSNCleaner] C:\Users\Chou\Desktop\MsnCleaner\MSNCleaner.exe (InfoSpyware - ForoSpyware)
O4 - HKCU..\Run: [OfferBox] C:\Program Files (x86)\OfferBox\OfferBox.exe (Secure Digital Services)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\VetRedir.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\VetRedir.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysNative\VetRedir.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - AppInit_DLLs: (UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\SysWow64\UmxSbxExw.dll (CA)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\SysWow64\UmxWNP.dll (CA)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.10.30 19:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2010.10.30 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\FreeFixer
[2010.10.30 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\FreeFixer
[2010.10.30 18:04:46 | 000,000,000 | ---D | C] -- C:\Programme\FreeFixer
[2010.10.29 22:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.10.29 21:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.29 21:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.10.29 20:25:25 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\Google
[2010.10.29 20:00:58 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\ATI
[2010.10.29 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\EgisTec
[2010.10.29 19:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2010.10.29 19:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic-de
[2010.10.29 16:16:47 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\Malwarebytes
[2010.10.29 16:16:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.29 16:16:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.10.29 16:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.29 16:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.10.27 20:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chou\Desktop\HiJackThis
[2010.10.27 17:33:28 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 17:33:28 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 17:33:28 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 17:33:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 17:33:28 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 17:33:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 17:33:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 17:33:23 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.10.20 18:55:44 | 000,000,000 | ---D | C] -- C:\Users\Chou\Documents\Virtual Machines
[2010.10.20 18:43:50 | 000,000,000 | ---D | C] -- C:\Users\Chou\Desktop\Virtuelle Maschine
[2010.10.20 18:40:48 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\VMware
[2010.10.20 18:32:12 | 000,080,944 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2010.10.20 18:32:07 | 000,068,144 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2010.10.20 18:31:41 | 000,055,344 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2010.10.20 18:31:41 | 000,020,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[2010.10.20 18:31:37 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2010.10.20 18:31:32 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2010.10.20 18:31:32 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2010.10.20 18:31:31 | 000,056,880 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2010.10.20 18:31:31 | 000,045,104 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2010.10.20 18:31:31 | 000,024,112 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2010.10.20 18:31:28 | 000,958,000 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2010.10.20 18:31:01 | 000,029,744 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2010.10.20 18:30:59 | 000,038,960 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2010.10.20 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2010.10.20 18:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010.10.20 18:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2010.10.19 18:29:53 | 000,000,000 | ---D | C] -- C:\Users\Chou\Documents\Protokolle
[2010.10.19 18:29:18 | 000,000,000 | ---D | C] -- C:\Users\Chou\Desktop\Sicherungsdaten
[2010.10.15 15:21:19 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.15 15:21:18 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.15 15:21:17 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.15 15:21:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.15 15:10:23 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.15 15:10:23 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.15 15:09:09 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.15 15:09:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.15 15:09:08 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.15 15:09:08 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.15 15:09:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.15 15:09:08 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.15 15:09:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.15 15:09:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.15 15:09:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.15 15:09:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.15 15:09:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.15 15:09:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.15 15:09:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.15 15:09:07 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.15 15:06:59 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.15 15:06:59 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.15 15:06:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.15 15:06:39 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.10.15 15:04:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.15 15:04:15 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.15 15:04:15 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.15 15:02:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.09 10:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.10.07 19:36:41 | 002,734,688 | ---- | C] (Conduit Ltd.) -- C:\Program Files (x86)\tbSoft.dll
[2010.10.06 18:06:57 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\Microsoft Games
[2010.10.02 18:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase5
[2009.11.05 05:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.10.30 20:07:08 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.30 18:50:54 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.30 18:07:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.30 10:21:11 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.30 10:21:11 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.30 10:12:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.30 10:12:19 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.30 02:05:00 | 000,761,729 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2010.10.30 02:05:00 | 000,391,620 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2010.10.30 02:05:00 | 000,010,549 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2010.10.30 02:05:00 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2010.10.30 02:05:00 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2010.10.30 02:05:00 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2010.10.30 02:05:00 | 000,000,289 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2010.10.30 01:44:49 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2010.10.29 21:31:04 | 000,001,262 | ---- | M] () -- C:\Users\Chou\Desktop\Spybot - Search & Destroy.lnk
[2010.10.27 20:21:44 | 000,000,017 | ---- | M] () -- C:\Users\Chou\Desktop\stinger1010838.opt
[2010.10.24 21:38:10 | 000,002,810 | ---- | M] () -- C:\Windows\DNAPrinters.ini
[2010.10.24 13:43:00 | 001,506,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.24 13:43:00 | 000,656,850 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.24 13:43:00 | 000,618,692 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.24 13:43:00 | 000,131,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.24 13:43:00 | 000,107,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.20 18:30:56 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010.10.20 18:30:37 | 001,526,948 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.20 18:30:32 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2010.10.15 18:25:26 | 000,382,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.12 18:56:15 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010.10.11 19:35:24 | 000,000,687 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.10.11 19:35:24 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\DelReboot
[2010.10.07 19:36:30 | 000,001,202 | ---- | M] () -- C:\Users\Chou\Desktop\Format Factory.lnk
[2010.10.03 12:32:50 | 000,001,011 | ---- | M] () -- C:\Users\Chou\Desktop\CCleaner.lnk
[2010.10.02 23:12:38 | 000,215,658 | ---- | M] () -- C:\Users\Chou\Desktop\200781.jpg
[2010.10.02 18:32:03 | 000,000,925 | ---- | M] () -- C:\Users\Chou\Desktop\HTML Editor.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.10.30 02:05:00 | 000,761,729 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2010.10.30 02:05:00 | 000,010,549 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2010.10.30 02:05:00 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2010.10.30 02:05:00 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2010.10.30 02:05:00 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2010.10.30 02:05:00 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2010.10.30 02:05:00 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2010.10.30 02:05:00 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2010.10.30 01:44:49 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2010.10.29 21:31:04 | 000,001,262 | ---- | C] () -- C:\Users\Chou\Desktop\Spybot - Search & Destroy.lnk
[2010.10.29 16:16:30 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.20 18:30:56 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010.10.20 18:30:37 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.20 18:30:32 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2010.10.19 18:29:56 | 000,002,810 | ---- | C] () -- C:\Windows\DNAPrinters.ini
[2010.10.11 19:35:23 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\DelReboot
[2010.10.07 19:36:41 | 000,153,088 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2010.10.07 19:36:41 | 000,006,836 | ---- | C] () -- C:\Program Files (x86)\UNWISE.INI
[2010.10.07 19:36:30 | 000,001,202 | ---- | C] () -- C:\Users\Chou\Desktop\Format Factory.lnk
[2010.10.02 23:12:38 | 000,215,658 | ---- | C] () -- C:\Users\Chou\Desktop\200781.jpg
[2010.10.02 18:32:03 | 000,000,925 | ---- | C] () -- C:\Users\Chou\Desktop\HTML Editor.lnk
[2010.09.30 18:32:44 | 000,000,119 | ---- | C] () -- C:\Windows\wininit.ini
[2010.05.05 17:54:49 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.05.05 14:28:15 | 000,003,584 | ---- | C] () -- C:\Users\Chou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.05 14:22:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.05.01 23:46:11 | 000,000,000 | ---- | C] () -- C:\Windows\magix.ini
[2010.05.01 21:59:39 | 000,001,208 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.20 20:45:34 | 001,054,032 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.dll
[2010.04.16 17:07:24 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.04.15 16:34:11 | 005,845,744 | ---- | C] () -- C:\Windows\SysWow64\win32cpr.dll
[2010.04.15 16:34:11 | 001,872,624 | ---- | C] () -- C:\Windows\SysWow64\winsflt.dll
[2010.04.15 15:50:26 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.27 20:20:49 | 000,001,800 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.03.27 12:05:35 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.03.27 11:48:32 | 000,008,754 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2010.03.27 11:46:33 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
[2009.11.05 05:32:42 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009.11.05 02:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.11.05 02:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.11.05 02:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.04.25 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.03 13:43:39 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\FileZilla
[2010.10.30 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\FreeFixer
[2010.08.21 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\gtk-2.0
[2010.05.02 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\OfferBox
[2010.04.15 16:52:37 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\Opera
[2010.07.11 19:03:25 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\PhotoScape
[2010.07.04 19:16:23 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\StepMania 4
[2010.05.02 20:22:55 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\widestream
[2010.05.14 19:20:21 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\Win7codecs
[2010.09.12 14:11:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >




hier die von Extras.txt

Code

 OTL Extras logfile created on: 30.10.2010 20:12:39 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Chou\Desktop\HiJackThis
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 40,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,38 Gb Total Space | 530,01 Gb Free Space | 90,85% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTINE | User Name: Chou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{244FBE3B-3814-4999-A24D-672149DC822B}" = AMRT
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6B0BED25-F79E-4FD2-ADEE-3746B61784E2}" = CA Personal Firewall
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"eTrust Suite Personal" = CA Internet Security Suite
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{56DD3770-2EF5-42D0-BA5A-A8135E9D4A9E}" = USB Dual Vibration Joystick
"{5A05B328-35EB-4CED-B16F-62FA5A2642E6}" = 
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{98AD61BF-A229-411A-8723-B5E7F72D725C}" = Opera 10.52
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B2C868A9-AD02-4745-AE94-275ABAF8D973}_is1" = Trr Kahs "Haare & Augen" 1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.3.4.1
"FormatFactory" = FormatFactory 2.50
"FreeFixer0.58" = FreeFixer
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PhotoScape" = PhotoScape
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StepMania CVS" = StepMania CVS 4.0 (Nur entfernen)
"ToneGen" = NCH Tone Generator
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"VMware_Player" = VMware Player
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >




Was jetzt neu dazu gekommen ist, das mein Laptop immer ein AMRT.msi installieren will, es aber nicht findet.
Ist das eine art Maleware oder sowas? Wie krieg ich das weg? >_<

Hoffe ihr könnt mir helfen

Greez

EDIT:
okay, das mit dem Hijacker habe ich jetzt doch eleminieren können, ABER jetzt kommt eine Fehlermeldung von EgisUpdate, es steht rein gar nichts drinnen. Es erscheint nur, wenn ich den Laptop neustarte, klick ich es weg, kommt es nicht mehr bis zum nächsten start... Was ist das? Oo
Im Anhang liegt dann die Fehlermeldung wie sie mir erscheint, vielleicht hilft euch das

Anhang: Unbenannt.png
Dieser Beitrag wurde am 31.10.2010 um 15:36 Uhr von Chou editiert.
Seitenanfang Seitenende
02.11.2010, 18:15
Swisstreasure
Moderator

Beiträge: 5694
#4 Schritt 1

Fixen mit OTL

• Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code

:OTL
[2010.10.30 02:05:00 | 000,761,729 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2010.10.30 02:05:00 | 000,391,620 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2010.10.30 02:05:00 | 000,010,549 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2010.10.30 02:05:00 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2010.10.30 02:05:00 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2010.10.30 02:05:00 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2010.10.30 02:05:00 | 000,000,289 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in [url=http://www.hijackthis-forum.de/hijackthis-logfiles/17-wie-erstelle-ich-ein-logfile-update.html#post154284]Code-Tags[/url] in Deinen Thread.

Schritt 2

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.







Zur Kenntnis:

Ich bin für einige Tage abwesend. Werde mich danach wieder melden. Am besten lässt Du bis dann die Finger vom System.
Seitenanfang Seitenende
03.11.2010, 18:08
Chou
Member

Themenstarter

Beiträge: 12
#5 Hallo!
Ich hätte eine Bitte an dich: erkläre mir was das ganze bewirkt oder wofür das gut ist.
Nicht das ich dir nicht traue oder so, aber ich fühle mich wohler wenn ich weiß, was das genau bewirkt^^

Erstmal das zum killen:

Code

 All processes killed
========== OTL ==========
C:\Windows\SysWOW64\drivers\kmxcfg.u2k0 moved successfully.
C:\Windows\SysNative\drivers\KmxAgent.asc moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k1 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k2 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k1 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k0 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k2 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k7 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k6 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k5 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k4 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k3 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k7 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k6 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k5 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k4 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k3 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Chou
->Temp folder emptied: 8985778 bytes
->Temporary Internet Files folder emptied: 4524372 bytes
->FireFox cache emptied: 3348683 bytes
->Opera cache emptied: 9667392 bytes
->Flash cache emptied: 47983 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 445482548 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 450,00 mb
 
 
OTL by OldTimer - Version 3.2.17.1 log created on 11032010_173201

Files\Folders moved on Reboot...
C:\Users\Chou\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3676.log moved successfully.

Registry entries deleted on Reboot...


Hier das OTL:

Code

 OTL logfile created on: 03.11.2010 17:38:32 - Run 2
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Chou\Desktop\Setup
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,38 Gb Total Space | 529,16 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTINE | User Name: Chou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Chou\Desktop\Setup\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\cfgmig32.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\OfferBox\OfferBox.exe (Secure Digital Services)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\svcprs32.exe ()
PRC - C:\Windows\SysWOW64\mdmcls32.exe ()
PRC - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\MySecurityCenter\Programs\service.exe ()
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc. and H.C. Top Systems B.V.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Chou\Desktop\Setup\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\UmxSbxExw.dll (CA)
MOD - C:\Windows\SysWOW64\UmxSbxw.dll (CA)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:[b]64bit:[/b] - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:[b]64bit:[/b] - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
SRV:[b]64bit:[/b] - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:[b]64bit:[/b] - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV:[b]64bit:[/b] - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WinSvchostManagerSrv) -- C:\Windows\SysWOW64\cfgmig32.exe ()
SRV - (ccSchedulerSVC) -- C:\Programme\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CAISafe) -- C:\Programme\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (WinSvchostManager) -- C:\Windows\SysWOW64\svcprs32.exe ()
SRV - (WinExtManager) -- C:\Windows\SysWOW64\mdmcls32.exe ()
SRV - (UmxPol) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxCfg) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (MySecurityCenter License Service) -- C:\Program Files (x86)\MySecurityCenter\Programs\service.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:[b]64bit:[/b] - (KmxAMRT) -- C:\Windows\SysNative\drivers\KmxAMRT.sys (CA)
DRV:[b]64bit:[/b] - (KmxAgent) -- C:\Windows\SysNative\drivers\KmxAgent.sys (CA)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (KmxCfg) -- C:\Windows\SysNative\drivers\KmxCfg.sys (CA)
DRV:[b]64bit:[/b] - (KmxSbx) -- C:\Windows\SysNative\drivers\KmxSbx.sys (CA)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (KmxFile) -- C:\Windows\SysNative\drivers\KmxFile.sys (CA)
DRV:[b]64bit:[/b] - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (KmxCF) -- C:\Windows\SysNative\drivers\KmxCF.sys (CA)
DRV:[b]64bit:[/b] - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (KmxFw) -- C:\Windows\SysNative\drivers\KmxFw.sys (CA)
DRV:[b]64bit:[/b] - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:[b]64bit:[/b] - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (KmxFilter) -- C:\Windows\SysNative\drivers\KmxFilter.sys (CA)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:[b]64bit:[/b] - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:[b]64bit:[/b] - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2206084
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F A6 DC 68 39 24 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:1.2.1.24
FF - prefs.js..extensions.enabledItems: {8b02914c-4e6b-4410-90e1-1a2b1b69b12d}:1.2.1.24
FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:1.0.1.4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\Firefox [2010.04.20 19:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\LinkAdvisor\Firefox [2010.04.20 19:45:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\LinkAdvisor\Firefox [2010.04.20 19:45:45 | 000,000,000 | ---D | M]
 
[2010.06.03 11:23:12 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\mozilla\Extensions
[2010.07.30 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\mozilla\Firefox\Profiles\2ycsc98a.default\extensions
[2010.07.30 18:44:46 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\Chou\AppData\Roaming\mozilla\Firefox\Profiles\2ycsc98a.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
 
O1 HOSTS File: ([2010.10.11 18:35:24 | 000,000,687 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:[b]64bit:[/b] - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [OOTag] C:\Windows\OOBEOffer\OOBEOffer\OOTag.exe (Microsoft)
O4:[b]64bit:[/b] - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [setc] C:\Program Files (x86)\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [MsgCenterExe] C:\Program Files (x86)\Common Files\Real\Update_OB\RealOneMessageCenter.exe File not found
O4 - HKCU..\Run: [OfferBox] C:\Program Files (x86)\OfferBox\OfferBox.exe (Secure Digital Services)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\VetRedir.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\VetRedir.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysNative\VetRedir.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - AppInit_DLLs: (UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\SysWow64\UmxSbxExw.dll (CA)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\SysWow64\UmxWNP.dll (CA)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.11.03 17:32:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.11.01 11:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010.10.31 15:48:02 | 000,000,000 | ---D | C] -- C:\Users\Chou\Application Data
[2010.10.30 23:26:16 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\Paint.NET
[2010.10.30 21:14:35 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010.10.30 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010.10.30 18:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2010.10.30 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\FreeFixer
[2010.10.30 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\FreeFixer
[2010.10.30 17:04:46 | 000,000,000 | ---D | C] -- C:\Programme\FreeFixer
[2010.10.29 21:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.10.29 20:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.29 20:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.10.29 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\Google
[2010.10.29 19:00:58 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\ATI
[2010.10.29 19:00:14 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\EgisTec
[2010.10.29 18:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2010.10.29 18:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic-de
[2010.10.29 15:16:47 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\Malwarebytes
[2010.10.29 15:16:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.29 15:16:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.10.29 15:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.29 15:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.10.27 19:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chou\Desktop\Setup
[2010.10.27 16:33:28 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 16:33:28 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 16:33:28 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 16:33:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 16:33:28 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 16:33:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 16:33:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 16:33:23 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.10.20 17:55:44 | 000,000,000 | ---D | C] -- C:\Users\Chou\Documents\Virtual Machines
[2010.10.20 17:43:50 | 000,000,000 | ---D | C] -- C:\Users\Chou\Desktop\Virtuelle Maschine
[2010.10.20 17:40:48 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\VMware
[2010.10.20 17:32:12 | 000,080,944 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2010.10.20 17:32:07 | 000,068,144 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2010.10.20 17:31:41 | 000,055,344 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2010.10.20 17:31:41 | 000,020,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[2010.10.20 17:31:37 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2010.10.20 17:31:32 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2010.10.20 17:31:32 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2010.10.20 17:31:31 | 000,056,880 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2010.10.20 17:31:31 | 000,045,104 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2010.10.20 17:31:31 | 000,024,112 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2010.10.20 17:31:28 | 000,958,000 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2010.10.20 17:31:01 | 000,029,744 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2010.10.20 17:30:59 | 000,038,960 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2010.10.20 17:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2010.10.20 17:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010.10.20 17:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2010.10.19 17:29:53 | 000,000,000 | ---D | C] -- C:\Users\Chou\Documents\Protokolle
[2010.10.19 17:29:18 | 000,000,000 | ---D | C] -- C:\Users\Chou\Desktop\Sicherungsdaten
[2010.10.15 14:21:19 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.15 14:21:18 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.15 14:21:17 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.15 14:21:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.15 14:10:23 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.15 14:10:23 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.15 14:09:09 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.15 14:09:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.15 14:09:08 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.15 14:09:08 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.15 14:09:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.15 14:09:08 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.15 14:09:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.15 14:09:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.15 14:09:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.15 14:09:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.15 14:09:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.15 14:09:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.15 14:09:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.15 14:09:07 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.15 14:06:59 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.15 14:06:59 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.15 14:06:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.15 14:06:39 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.10.15 14:04:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.15 14:04:15 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.15 14:04:15 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.15 14:02:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.09 09:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.10.07 18:36:41 | 002,734,688 | ---- | C] (Conduit Ltd.) -- C:\Program Files (x86)\tbSoft.dll
[2010.10.06 17:06:57 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\Microsoft Games
[2009.11.05 04:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.11.03 17:34:21 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.03 17:34:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.03 17:33:56 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.03 17:33:26 | 000,413,236 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2010.11.03 17:33:26 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2010.11.03 17:33:26 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2010.11.03 17:33:26 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2010.11.03 17:33:26 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2010.11.03 17:33:26 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2010.11.03 17:33:26 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2010.11.03 17:33:26 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2010.11.03 17:33:26 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2010.11.03 17:31:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.03 17:31:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.03 17:07:14 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.01 11:45:00 | 000,001,129 | ---- | M] () -- C:\Users\Chou\Desktop\Play StepMania 3.9.lnk
[2010.11.01 11:32:02 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010.10.31 15:35:21 | 000,035,476 | ---- | M] () -- C:\Users\Chou\Desktop\Unbenannt.png
[2010.10.31 14:34:55 | 001,506,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.31 14:34:55 | 000,656,850 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.31 14:34:55 | 000,618,692 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.31 14:34:55 | 000,131,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.31 14:34:55 | 000,107,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.31 12:28:52 | 000,000,017 | ---- | M] () -- C:\Users\Chou\Desktop\stinger1010838.opt
[2010.10.30 17:50:54 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.30 00:44:49 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2010.10.24 20:38:10 | 000,002,810 | ---- | M] () -- C:\Windows\DNAPrinters.ini
[2010.10.20 17:30:56 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010.10.20 17:30:37 | 001,526,948 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.20 17:30:32 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2010.10.15 17:25:26 | 000,382,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.12 17:56:15 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010.10.11 18:35:24 | 000,000,687 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.10.07 18:36:30 | 000,001,202 | ---- | M] () -- C:\Users\Chou\Desktop\Format Factory.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.11.03 17:33:26 | 001,296,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2010.11.03 17:33:26 | 000,010,549 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2010.11.03 17:33:26 | 000,000,465 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2010.11.03 17:33:26 | 000,000,465 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2010.11.03 17:33:26 | 000,000,465 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2010.11.03 17:33:26 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2010.11.03 17:33:26 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2010.11.03 17:33:26 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2010.11.03 17:33:26 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2010.11.03 17:33:26 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2010.11.03 17:33:26 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2010.11.03 17:33:26 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2010.11.03 17:33:26 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2010.11.03 17:33:26 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2010.11.03 17:33:26 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2010.11.03 17:33:26 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2010.11.03 17:33:21 | 000,413,236 | ---- | C] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2010.11.01 11:45:00 | 000,001,129 | ---- | C] () -- C:\Users\Chou\Desktop\Play StepMania 3.9.lnk
[2010.10.31 14:28:05 | 000,035,476 | ---- | C] () -- C:\Users\Chou\Desktop\Unbenannt.png
[2010.10.30 00:44:49 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2010.10.29 15:16:30 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.20 17:30:56 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010.10.20 17:30:37 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.20 17:30:32 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2010.10.19 17:29:56 | 000,002,810 | ---- | C] () -- C:\Windows\DNAPrinters.ini
[2010.10.07 18:36:41 | 000,153,088 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2010.10.07 18:36:41 | 000,006,836 | ---- | C] () -- C:\Program Files (x86)\UNWISE.INI
[2010.10.07 18:36:30 | 000,001,202 | ---- | C] () -- C:\Users\Chou\Desktop\Format Factory.lnk
[2010.09.30 17:32:44 | 000,000,119 | ---- | C] () -- C:\Windows\wininit.ini
[2010.05.05 16:54:49 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.05.05 13:28:15 | 000,003,584 | ---- | C] () -- C:\Users\Chou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.05 13:22:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.05.01 22:46:11 | 000,000,000 | ---- | C] () -- C:\Windows\magix.ini
[2010.05.01 20:59:39 | 000,001,208 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.20 19:45:34 | 001,054,032 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.dll
[2010.04.16 16:07:24 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.04.15 15:34:11 | 005,845,744 | ---- | C] () -- C:\Windows\SysWow64\win32cpr.dll
[2010.04.15 15:34:11 | 001,872,624 | ---- | C] () -- C:\Windows\SysWow64\winsflt.dll
[2010.04.15 14:50:26 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.27 19:20:49 | 000,001,800 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.03.27 11:05:35 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.03.27 10:48:32 | 000,008,754 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2010.03.27 10:46:33 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
[2009.11.05 04:32:42 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009.11.05 01:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.11.05 01:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.11.05 01:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.04.25 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.01 11:33:24 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\FileZilla
[2010.10.30 17:58:33 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\FreeFixer
[2010.08.21 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\gtk-2.0
[2010.05.02 19:22:26 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\OfferBox
[2010.04.15 15:52:37 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\Opera
[2010.07.11 18:03:25 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\PhotoScape
[2010.07.04 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\StepMania 4
[2010.05.02 19:22:55 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\widestream
[2010.05.14 18:20:21 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\Win7codecs
[2010.09.12 13:11:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >


Und jetzt das Extra:

Code

 OTL Extras logfile created on: 03.11.2010 17:38:32 - Run 2
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Chou\Desktop\Setup
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,38 Gb Total Space | 529,16 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTINE | User Name: Chou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{244FBE3B-3814-4999-A24D-672149DC822B}" = AMRT
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6B0BED25-F79E-4FD2-ADEE-3746B61784E2}" = CA Personal Firewall
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"eTrust Suite Personal" = CA Internet Security Suite
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{56DD3770-2EF5-42D0-BA5A-A8135E9D4A9E}" = USB Dual Vibration Joystick
"{5A05B328-35EB-4CED-B16F-62FA5A2642E6}" = 
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{98AD61BF-A229-411A-8723-B5E7F72D725C}" = Opera 10.52
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B2C868A9-AD02-4745-AE94-275ABAF8D973}_is1" = Trr Kahs "Haare & Augen" 1.2
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.3.4.1
"FormatFactory" = FormatFactory 2.50
"FreeFixer0.58" = FreeFixer
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PhotoScape" = PhotoScape
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StepMania" = StepMania (remove only)
"ToneGen" = NCH Tone Generator
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"VMware_Player" = VMware Player
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >


wünsche dir schöne abwesende Tage ^.~

Greez
Seitenanfang Seitenende
06.11.2010, 20:33
Swisstreasure
Moderator

Beiträge: 5694
#6 Zu erklären was ich mache wäre zu mühsam. Dann müsste ich das bei allen machen.

Was sagt Dir das Programm:

Zitat

OfferBox
Datei-Überprüfung bei VirusTotal

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Send filei" nach VirusTotal hochladen und prüfen lassen. Beim Firefox mit NoScript bitte VirusTotal erlauben. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Reanalyse" erneut prüfen.

Wenn das Ergebnis vorliegt, zunächst den vierzeiligen Kopf hier in den Thread kopieren, damit ich sehe, welche Datei Du wann hast prüfen lassen. Sieht ungefähr so aus:

Code

File name:
mbr.exe
Submission date:
2010-09-08 07:58:01 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)
Nun kleinen Button "Compact" links oberhalb der Ergebnisse drücken und auf den Reiter BBCode klicken und das Ergebnis inkl. MD5 und SHA1 kopieren und hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

Auch wenn sich herausstellt, dass die Datei/en infiziert ist/sind, bitte nicht ohne Absprache löschen!

Code


C:\Users\Chou\Desktop\MsnCleaner\MSNCleaner.exe
C:\Program Files (x86)\OfferBox\OfferBox.exe
Seitenanfang Seitenende
07.11.2010, 12:20
Chou
Member

Themenstarter

Beiträge: 12
#7 Hallo!
okay, gut zu wissen^^

OfferBox ist eine Datei die von Anfang an (Fabrikneu und ohne Internetzugang) drauf war, ich weiß selber nicht was sie bewirkt.

Code

 File name: 
OfferBox.exe
Submission date: 
2010-11-07 11:07:33 (UTC)
Current status: 
finished
Result: 
0/ 43 (0.0%)


Hier das Compact BBCode:

Code

 [i]Antivirus results[/i]
AhnLab-V3 - 2010.11.06.01 - 2010.11.06 - -
AntiVir - 7.10.13.145 - 2010.11.05 - -
Antiy-AVL - 2.0.3.7 - 2010.11.07 - -
Authentium - 5.2.0.5 - 2010.11.07 - -
Avast - 4.8.1351.0 - 2010.11.07 - -
Avast5 - 5.0.594.0 - 2010.11.07 - -
AVG - 9.0.0.851 - 2010.11.06 - -
BitDefender - 7.2 - 2010.11.07 - -
CAT-QuickHeal - 11.00 - 2010.11.04 - -
ClamAV - 0.96.2.0-git - 2010.11.06 - -
Comodo - 6639 - 2010.11.07 - -
DrWeb - 5.0.2.03300 - 2010.11.07 - -
Emsisoft - 5.0.0.50 - 2010.11.07 - -
eSafe - 7.0.17.0 - 2010.11.03 - -
eTrust-Vet - 36.1.7958 - 2010.11.05 - -
F-Prot - 4.6.2.117 - 2010.11.05 - -
F-Secure - 9.0.16160.0 - 2010.11.07 - -
Fortinet - 4.2.249.0 - 2010.11.07 - -
GData - 21 - 2010.11.07 - -
Ikarus - T3.1.1.90.0 - 2010.11.07 - -
Jiangmin - 13.0.900 - 2010.11.07 - -
K7AntiVirus - 9.67.2903 - 2010.11.03 - -
Kaspersky - 7.0.0.125 - 2010.11.07 - -
McAfee - 5.400.0.1158 - 2010.11.07 - -
McAfee-GW-Edition - 2010.1C - 2010.11.06 - -
Microsoft - 1.6301 - 2010.11.07 - -
NOD32 - 5597 - 2010.11.06 - -
Norman - 6.06.10 - 2010.11.07 - -
nProtect - 2010-11-07.01 - 2010.11.07 - -
Panda - 10.0.2.7 - 2010.11.07 - -
PCTools - 7.0.3.5 - 2010.11.07 - -
Prevx - 3.0 - 2010.11.07 - -
Rising - 22.72.04.00 - 2010.11.06 - -
Sophos - 4.59.0 - 2010.11.07 - -
Sunbelt - 7240 - 2010.11.07 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.07 - -
Symantec - 20101.2.0.161 - 2010.11.07 - -
TheHacker - 6.7.0.1.076 - 2010.11.05 - -
TrendMicro - 9.120.0.1004 - 2010.11.07 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.07 - -
VBA32 - 3.12.14.1 - 2010.11.05 - -
ViRobot - 2010.10.4.4074 - 2010.11.06 - -
VirusBuster - 12.71.8.0 - 2010.11.06 - -
[i]File info:[/i]
MD5: 0fd3f93e58134bc64259988175dd1e3d
SHA1: db2f6e542b63742fd342abffa24a20ad65586edc
SHA256: e0ca0204581f3cbc50c967201458d863b5e49938348e73c24e21509c3a801c83
File size: 632464 bytes
Scan date: 2010-11-07 11:07:33 (UTC)


Code

 File name: 
MSNCleaner.exe
Submission date: 
2010-11-07 11:14:37 (UTC)
Current status: 
finished
Result: 
17/ 43 (39.5%)


Hier wieder das Compact mit BBCode:

Code

 [i]Antivirus results[/i]
AhnLab-V3 - 2010.11.06.01 - 2010.11.06 - [color=red]Win-Trojan/Downloader.166912.C [/color]
AntiVir - 7.10.13.145 - 2010.11.05 - [color=red]TR/Small.166912 [/color]
Antiy-AVL - 2.0.3.7 - 2010.11.07 - -
Authentium - 5.2.0.5 - 2010.11.07 - -
Avast - 4.8.1351.0 - 2010.11.07 - -
Avast5 - 5.0.594.0 - 2010.11.07 - -
AVG - 9.0.0.851 - 2010.11.06 - -
BitDefender - 7.2 - 2010.11.07 - -
CAT-QuickHeal - 11.00 - 2010.11.04 - [color=red]Trojan.Agent.ATV [/color]
ClamAV - 0.96.2.0-git - 2010.11.06 - -
Comodo - 6639 - 2010.11.07 - [color=red]UnclassifiedMalware [/color]
DrWeb - 5.0.2.03300 - 2010.11.07 - -
Emsisoft - 5.0.0.50 - 2010.11.07 - [color=red]Trojan.Small!IK [/color]
eSafe - 7.0.17.0 - 2010.11.04 - -
eTrust-Vet - 36.1.7958 - 2010.11.05 - -
F-Prot - 4.6.2.117 - 2010.11.05 - -
F-Secure - 9.0.16160.0 - 2010.11.07 - -
Fortinet - 4.2.249.0 - 2010.11.07 - [color=red]W32/Drsmart.A [/color]
GData - 21 - 2010.11.07 - -
Ikarus - T3.1.1.90.0 - 2010.11.07 - [color=red]Trojan.Small [/color]
Jiangmin - 13.0.900 - 2010.11.07 - [color=red]Trojan/Agent.dama [/color]
K7AntiVirus - 9.67.2903 - 2010.11.03 - [color=red]Trojan [/color]
Kaspersky - 7.0.0.125 - 2010.11.07 - -
McAfee - 5.400.0.1158 - 2010.11.07 - [color=red]Generic.dx!by [/color]
McAfee-GW-Edition - 2010.1C - 2010.11.06 - [color=red]Generic.dx!by [/color]
Microsoft - 1.6301 - 2010.11.07 - -
NOD32 - 5597 - 2010.11.06 - -
Norman - 6.06.10 - 2010.11.07 - -
nProtect - 2010-11-07.01 - 2010.11.07 - [color=red]Trojan/W32.Agent_Packed.166912.O [/color]
Panda - 10.0.2.7 - 2010.11.07 - -
PCTools - 7.0.3.5 - 2010.11.07 - [color=red]Trojan.Generic [/color]
Prevx - 3.0 - 2010.11.07 - -
Rising - 22.72.04.00 - 2010.11.06 - -
Sophos - 4.59.0 - 2010.11.07 - [color=red]Mal/Behav-236 [/color]
Sunbelt - 7240 - 2010.11.07 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.07 - -
Symantec - 20101.2.0.161 - 2010.11.07 - [color=red]Trojan Horse [/color]
TheHacker - 6.7.0.1.076 - 2010.11.05 - -
TrendMicro - 9.120.0.1004 - 2010.11.07 - [color=red]TROJ_ROGUEAV.A [/color]
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.07 - [color=red]TROJ_ROGUEAV.A [/color]
VBA32 - 3.12.14.1 - 2010.11.05 - -
ViRobot - 2010.10.4.4074 - 2010.11.06 - -
VirusBuster - 12.71.8.0 - 2010.11.06 - -
[i]File info:[/i]
MD5: 04f73eefbacec350d7681510037c20aa
SHA1: 9a456386f22ea33791433c8b2ec28f99bce931e9
SHA256: 1624b960f2a0bb63a58a05b13d59d0fb2dc214da4b10f457a13b0e610cd4511d
File size: 166912 bytes
Scan date: 2010-11-07 11:14:37 (UTC)


Vielen Dank für deine Mühen^^

Greez
Seitenanfang Seitenende
07.11.2010, 12:25
Swisstreasure
Moderator

Beiträge: 5694
#8 Schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2

Fixen mit OTL

• Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code

:OTL
O4 - HKCU..\Run: [MSNCleaner] C:\Users\Chou\Desktop\MsnCleaner\MSNCleaner.exe (InfoSpyware - ForoSpyware)
[2010.10.30 02:05:00 | 000,761,729 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2010.10.30 02:05:00 | 000,391,620 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2010.10.30 02:05:00 | 000,010,549 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2010.10.30 02:05:00 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2010.10.30 02:05:00 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2010.10.30 02:05:00 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2010.10.30 02:05:00 | 000,000,289 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2010.10.30 02:05:00 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2010.10.30 02:05:00 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
:files
C:\Users\Chou\Desktop\MsnCleaner
:Commands
[purity]
[emptytemp]
• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Seitenanfang Seitenende
07.11.2010, 14:48
Chou
Member

Themenstarter

Beiträge: 12
#9 Hallo!
Hier das Ergebnis nach dem neustart:

Code

 All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSNCleaner not found.
C:\Users\Chou\Desktop\MsnCleaner\MSNCleaner.exe moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k0 moved successfully.
C:\Windows\SysNative\drivers\KmxAgent.asc moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k1 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k2 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k1 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k0 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k2 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k7 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k6 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k5 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k4 moved successfully.
C:\Windows\SysWOW64\drivers\kmxcfg.u2k3 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k7 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k6 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k5 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k4 moved successfully.
C:\Windows\SysWOW64\drivers\kmxzone.u2k3 moved successfully.
========== FILES ==========
C:\Users\Chou\Desktop\MsnCleaner folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Chou
->Temp folder emptied: 3907855 bytes
->Temporary Internet Files folder emptied: 1322985 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 14156912 bytes
->Flash cache emptied: 5680 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85396923 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 41364412 bytes
 
Total Files Cleaned = 139,00 mb
 
 
OTL by OldTimer - Version 3.2.17.1 log created on 11072010_144106

Files\Folders moved on Reboot...
C:\Users\Chou\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3540.log moved successfully.

Registry entries deleted on Reboot...


Greez
Seitenanfang Seitenende
07.11.2010, 15:01
Swisstreasure
Moderator

Beiträge: 5694
#10 Mach bitte einmal einen Zwischnebericht. ;)
Seitenanfang Seitenende
07.11.2010, 15:29
Chou
Member

Themenstarter

Beiträge: 12
#11 So, hoffe ich hab das jetzt richtig verstanden XD

Hier der Bericht von OTL:

Code

 OTL logfile created on: 07.11.2010 15:18:22 - Run 3
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Chou\Desktop\Setup\OTL
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,38 Gb Total Space | 498,95 Gb Free Space | 85,53% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTINE | User Name: Chou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Chou\Desktop\Setup\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Metin2\metin2client.bin ()
PRC - C:\Windows\SysWOW64\cfgmig32.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\OfferBox\OfferBox.exe (Secure Digital Services)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\svcprs32.exe ()
PRC - C:\Windows\SysWOW64\mdmcls32.exe ()
PRC - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Users\Chou\Desktop\Setup\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\MySecurityCenter\Programs\service.exe ()
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc. and H.C. Top Systems B.V.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Chou\Desktop\Setup\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\UmxSbxExw.dll (CA)
MOD - C:\Windows\SysWOW64\UmxSbxw.dll (CA)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:[b]64bit:[/b] - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:[b]64bit:[/b] - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
SRV:[b]64bit:[/b] - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:[b]64bit:[/b] - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV:[b]64bit:[/b] - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WinSvchostManagerSrv) -- C:\Windows\SysWOW64\cfgmig32.exe ()
SRV - (ccSchedulerSVC) -- C:\Programme\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CAISafe) -- C:\Programme\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (WinSvchostManager) -- C:\Windows\SysWOW64\svcprs32.exe ()
SRV - (WinExtManager) -- C:\Windows\SysWOW64\mdmcls32.exe ()
SRV - (UmxPol) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxCfg) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (MySecurityCenter License Service) -- C:\Program Files (x86)\MySecurityCenter\Programs\service.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:[b]64bit:[/b] - (KmxAMRT) -- C:\Windows\SysNative\drivers\KmxAMRT.sys (CA)
DRV:[b]64bit:[/b] - (KmxAgent) -- C:\Windows\SysNative\drivers\KmxAgent.sys (CA)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (KmxCfg) -- C:\Windows\SysNative\drivers\KmxCfg.sys (CA)
DRV:[b]64bit:[/b] - (KmxSbx) -- C:\Windows\SysNative\drivers\KmxSbx.sys (CA)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (KmxFile) -- C:\Windows\SysNative\drivers\KmxFile.sys (CA)
DRV:[b]64bit:[/b] - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (KmxCF) -- C:\Windows\SysNative\drivers\KmxCF.sys (CA)
DRV:[b]64bit:[/b] - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (KmxFw) -- C:\Windows\SysNative\drivers\KmxFw.sys (CA)
DRV:[b]64bit:[/b] - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:[b]64bit:[/b] - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:[b]64bit:[/b] - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (KmxFilter) -- C:\Windows\SysNative\drivers\KmxFilter.sys (CA)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:[b]64bit:[/b] - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:[b]64bit:[/b] - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_5740&r=27360410h516l0468z1l5t6511d14s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2206084
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F A6 DC 68 39 24 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:1.2.1.24
FF - prefs.js..extensions.enabledItems: {8b02914c-4e6b-4410-90e1-1a2b1b69b12d}:1.2.1.24
FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:1.0.1.4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\Firefox [2010.04.20 19:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\LinkAdvisor\Firefox [2010.04.20 19:45:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\LinkAdvisor\Firefox [2010.04.20 19:45:45 | 000,000,000 | ---D | M]
 
[2010.06.03 11:23:12 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\mozilla\Extensions
[2010.07.30 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\mozilla\Firefox\Profiles\2ycsc98a.default\extensions
[2010.07.30 18:44:46 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\Chou\AppData\Roaming\mozilla\Firefox\Profiles\2ycsc98a.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
 
O1 HOSTS File: ([2010.10.11 18:35:24 | 000,000,687 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:[b]64bit:[/b] - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [OOTag] C:\Windows\OOBEOffer\OOBEOffer\OOTag.exe (Microsoft)
O4:[b]64bit:[/b] - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [setc] C:\Program Files (x86)\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [MsgCenterExe] C:\Program Files (x86)\Common Files\Real\Update_OB\RealOneMessageCenter.exe File not found
O4 - HKCU..\Run: [OfferBox] C:\Program Files (x86)\OfferBox\OfferBox.exe (Secure Digital Services)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\VetRedir.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\VetRedir.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysNative\VetRedir.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - AppInit_DLLs: (UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\SysWow64\UmxSbxExw.dll (CA)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\SysWow64\UmxWNP.dll (CA)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Programme\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00521589\x86\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.11.05 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\Oblivion
[2010.11.05 15:26:12 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\Canneverbe Limited
[2010.11.05 15:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.11.05 15:25:52 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2010.11.03 17:32:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.11.01 11:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010.10.31 15:48:02 | 000,000,000 | ---D | C] -- C:\Users\Chou\Application Data
[2010.10.30 23:26:16 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\Paint.NET
[2010.10.30 21:14:35 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010.10.30 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010.10.30 18:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2010.10.30 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\FreeFixer
[2010.10.30 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\FreeFixer
[2010.10.30 17:04:46 | 000,000,000 | ---D | C] -- C:\Programme\FreeFixer
[2010.10.29 21:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.10.29 20:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.29 20:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.10.29 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\Google
[2010.10.29 19:00:58 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\ATI
[2010.10.29 19:00:14 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Local\EgisTec
[2010.10.29 18:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2010.10.29 18:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic-de
[2010.10.29 15:16:47 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\Malwarebytes
[2010.10.29 15:16:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.29 15:16:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.10.29 15:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.29 15:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.10.27 19:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chou\Desktop\Setup
[2010.10.27 16:33:28 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 16:33:28 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 16:33:28 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 16:33:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 16:33:28 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 16:33:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 16:33:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 16:33:23 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.10.20 17:55:44 | 000,000,000 | ---D | C] -- C:\Users\Chou\Documents\Virtual Machines
[2010.10.20 17:43:50 | 000,000,000 | ---D | C] -- C:\Users\Chou\Desktop\Virtuelle Maschine
[2010.10.20 17:40:48 | 000,000,000 | ---D | C] -- C:\Users\Chou\AppData\Roaming\VMware
[2010.10.20 17:32:12 | 000,080,944 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2010.10.20 17:32:07 | 000,068,144 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2010.10.20 17:31:41 | 000,055,344 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2010.10.20 17:31:41 | 000,020,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[2010.10.20 17:31:37 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2010.10.20 17:31:32 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2010.10.20 17:31:32 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2010.10.20 17:31:31 | 000,056,880 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2010.10.20 17:31:31 | 000,045,104 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2010.10.20 17:31:31 | 000,024,112 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2010.10.20 17:31:28 | 000,958,000 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2010.10.20 17:31:01 | 000,029,744 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2010.10.20 17:30:59 | 000,038,960 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2010.10.20 17:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2010.10.20 17:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010.10.20 17:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2010.10.19 17:29:53 | 000,000,000 | ---D | C] -- C:\Users\Chou\Documents\Protokolle
[2010.10.19 17:29:18 | 000,000,000 | ---D | C] -- C:\Users\Chou\Desktop\Sicherungsdaten
[2010.10.15 14:21:19 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.15 14:21:18 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.15 14:21:17 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.15 14:21:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.15 14:10:23 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.15 14:10:23 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.15 14:09:09 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.15 14:09:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.15 14:09:08 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.15 14:09:08 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.15 14:09:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.15 14:09:08 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.15 14:09:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.15 14:09:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.15 14:09:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.15 14:09:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.15 14:09:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.15 14:09:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.15 14:09:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.15 14:09:07 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.15 14:06:59 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.15 14:06:59 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.15 14:06:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.15 14:06:39 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.10.15 14:04:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.15 14:04:15 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.15 14:04:15 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.15 14:02:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.09 09:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.10.07 18:36:41 | 002,734,688 | ---- | C] (Conduit Ltd.) -- C:\Program Files (x86)\tbSoft.dll
[2009.11.05 04:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.11.07 15:07:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.07 14:51:12 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.07 14:51:12 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.07 14:42:59 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.07 14:42:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.07 14:42:30 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.07 14:41:58 | 001,300,355 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2010.11.07 14:41:58 | 000,949,156 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2010.11.07 14:41:58 | 000,010,549 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2010.11.07 14:41:58 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2010.11.07 14:41:58 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2010.11.07 14:41:58 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2010.11.07 14:41:58 | 000,000,289 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2010.11.07 14:41:58 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2010.11.07 14:41:58 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2010.11.07 14:41:58 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2010.11.07 14:41:58 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2010.11.07 14:41:58 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2010.11.07 14:41:58 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2010.11.07 14:41:58 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2010.11.07 14:41:58 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2010.11.07 14:41:58 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2010.11.07 14:41:58 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2010.11.07 14:32:36 | 000,001,262 | ---- | M] () -- C:\Users\Chou\Desktop\Spybot - Search & Destroy.lnk
[2010.11.07 12:34:38 | 000,009,216 | -H-- | M] () -- C:\Users\Chou\Desktop\photothumb.db
[2010.11.07 12:33:54 | 000,001,035 | ---- | M] () -- C:\Users\Chou\Desktop\PhotoScape.lnk
[2010.11.06 15:50:10 | 000,053,760 | ---- | M] () -- C:\Users\Chou\Desktop\Kurzfassung Chapter 20.doc
[2010.11.06 14:07:01 | 000,656,850 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.06 14:07:01 | 000,618,692 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.06 14:07:01 | 000,131,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.06 14:07:01 | 000,107,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.06 14:07:00 | 001,506,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.06 13:07:53 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Metin2.lnk
[2010.11.05 15:25:53 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.11.04 17:51:11 | 000,002,810 | ---- | M] () -- C:\Windows\DNAPrinters.ini
[2010.11.01 11:45:00 | 000,001,129 | ---- | M] () -- C:\Users\Chou\Desktop\Play StepMania 3.9.lnk
[2010.11.01 11:32:02 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010.10.31 15:35:21 | 000,035,476 | ---- | M] () -- C:\Users\Chou\Desktop\Unbenannt.png
[2010.10.31 12:28:52 | 000,000,017 | ---- | M] () -- C:\Users\Chou\Desktop\stinger1010838.opt
[2010.10.30 17:50:54 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.30 00:44:49 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2010.10.20 17:30:56 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010.10.20 17:30:37 | 001,526,948 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.20 17:30:32 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2010.10.15 17:25:26 | 000,382,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.12 17:56:15 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010.10.11 18:35:24 | 000,000,687 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.11.07 14:41:58 | 001,300,355 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2010.11.07 14:41:58 | 000,010,549 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2010.11.07 14:41:58 | 000,000,465 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2010.11.07 14:41:58 | 000,000,465 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2010.11.07 14:41:58 | 000,000,465 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2010.11.07 14:41:58 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2010.11.07 14:41:58 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2010.11.07 14:41:58 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2010.11.07 14:41:58 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2010.11.07 14:41:58 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2010.11.07 14:41:58 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2010.11.07 14:41:58 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2010.11.07 14:41:58 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2010.11.07 14:41:58 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2010.11.07 14:41:58 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2010.11.07 14:41:58 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2010.11.07 14:41:45 | 000,949,156 | ---- | C] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2010.11.07 14:32:36 | 000,001,262 | ---- | C] () -- C:\Users\Chou\Desktop\Spybot - Search & Destroy.lnk
[2010.11.06 13:28:37 | 000,053,760 | ---- | C] () -- C:\Users\Chou\Desktop\Kurzfassung Chapter 20.doc
[2010.11.05 15:25:53 | 000,001,746 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.11.01 11:45:00 | 000,001,129 | ---- | C] () -- C:\Users\Chou\Desktop\Play StepMania 3.9.lnk
[2010.10.31 14:28:05 | 000,035,476 | ---- | C] () -- C:\Users\Chou\Desktop\Unbenannt.png
[2010.10.30 00:44:49 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2010.10.29 15:16:30 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.20 17:30:56 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010.10.20 17:30:37 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.20 17:30:32 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2010.10.19 17:29:56 | 000,002,810 | ---- | C] () -- C:\Windows\DNAPrinters.ini
[2010.10.07 18:36:41 | 000,153,088 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2010.10.07 18:36:41 | 000,006,836 | ---- | C] () -- C:\Program Files (x86)\UNWISE.INI
[2010.09.30 17:32:44 | 000,000,119 | ---- | C] () -- C:\Windows\wininit.ini
[2010.05.05 16:54:49 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.05.05 13:28:15 | 000,003,584 | ---- | C] () -- C:\Users\Chou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.05 13:22:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.05.01 22:46:11 | 000,000,000 | ---- | C] () -- C:\Windows\magix.ini
[2010.05.01 20:59:39 | 000,001,208 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.20 19:45:34 | 001,054,032 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.dll
[2010.04.16 16:07:24 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.04.15 15:34:11 | 005,845,744 | ---- | C] () -- C:\Windows\SysWow64\win32cpr.dll
[2010.04.15 15:34:11 | 001,872,624 | ---- | C] () -- C:\Windows\SysWow64\winsflt.dll
[2010.04.15 14:50:26 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.27 19:20:49 | 000,001,800 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.03.27 11:05:35 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.03.27 10:48:32 | 000,008,754 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2010.03.27 10:46:33 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
[2009.11.05 04:32:42 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009.11.05 01:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.11.05 01:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.11.05 01:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.11.05 15:26:12 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\Canneverbe Limited
[2010.04.25 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.01 11:33:24 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\FileZilla
[2010.10.30 17:58:33 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\FreeFixer
[2010.08.21 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\gtk-2.0
[2010.05.02 19:22:26 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\OfferBox
[2010.04.15 15:52:37 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\Opera
[2010.11.07 14:05:48 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\PhotoScape
[2010.07.04 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\StepMania 4
[2010.05.02 19:22:55 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\widestream
[2010.05.14 18:20:21 | 000,000,000 | ---D | M] -- C:\Users\Chou\AppData\Roaming\Win7codecs
[2010.09.12 13:11:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >


Was mein Laptop immer noch macht:
die Fehlermeldung von EgisUpdate (wo nix drinnen steht) kommt immernoch nach jedem neuen Neustart
und alle heiligen Zeiten (besonders nach Neustart und wenn ich meinen CA Antivirus durchlaufen lasse) will mein Laptop AMRT.msi installieren was er nirgeds findet

Was sich allerdings verbessert hat:
ich kann mich nun schneller einloggen und er baut die Internetverbindung schneller auf

Hoffe es passt alles so^^

Greez
Seitenanfang Seitenende
07.11.2010, 20:08
Swisstreasure
Moderator

Beiträge: 5694
#12 Das gehört alles zu diesem CA Antivrus. Ich würde dieses komplett deinstallieren:

Anderes Anti-Virus-Programm durch Antivir ersetzen

Avira AntiVir PersonalEdition Classic herunterladen, aber noch nicht installieren.

• Du trennst den Rechner vom Netz.
• Du deinstalliert über Systemsteuerung => das andere Anti-Virus-Programm
• Rechner neu starten.
• Mit der Suchfunktion schauen, ob noch Ordner des anderen Anti-Virus-Programms zu finden sind, ggfs. löschen.
• CCleaner noch mal temp. Dateien und Registry bereinigen lassen.
• Rechner neu starten.


AntiVir nun installieren

Installiere nun Antivir.

AntiVir so einstellen, dass nur noch wichtige Ereignisse geloggt werden:

Rechte Maustaste auf den AntiVir-Schirm unten rechts in der Leiste => Antivir konfigurieren => einen Haken bei "Experten-Modus" machen => Scanner aufklappen => Report auf "Standard" umstellen" => Guard aufklappen => Report auf "Standard" umstellen => mit OK AntiVir schließen.

Fullscan mit Antivir machen

Mache nun einen vollständigen Systemscan Deines Rechners mit Antivir und poste mir den Bericht hier in den Thread.

Bericht in AntiVir finden

Du kommst wie folgt an den Bericht: Antivir über Doppelklick auf den Schirm unten rechts starten => den Reiter "Berichte" anklicken => Doppelklick auf den Bericht namens "Suchlauf" => in dem aufpoppenden Fenster auf "Report" klicken => es öffnet sich Dein Editor => im Editor mit Tastenkombination STRG + A den Text markieren => mit STRG + C den Text ins Clipboard kopieren => mit STRG + V den Text hier reinkopieren. Bitte im Logfile Deine Seriennummer unkenntlich machen.
Seitenanfang Seitenende
08.11.2010, 19:47
Chou
Member

Themenstarter

Beiträge: 12
#13 Hallo!
Nach ein bisschen Panik hab ichs doch noch geschafft alles richtig zu installieren XD (man muss das richtige Setup erstmal finden in den ganzen Daten...)

Hier der Bericht^^ :

Code

 

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 08. November 2010  18:32

Es wird nach 3027646 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus
Seriennummer   : ---------------
Plattform      : Windows 7 x64
Windowsversion : (plain)  [-------]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : CHRISTINE

Versionsinformationen:
BUILD.DAT      : 10.0.0.592     31823 Bytes  09.08.2010 10:49:00
AVSCAN.EXE     : 10.0.3.1      434344 Bytes  02.08.2010 15:09:34
AVSCAN.DLL     : 10.0.3.0       56168 Bytes  02.08.2010 15:09:46
LUKE.DLL       : 10.0.2.3      104296 Bytes  02.08.2010 15:09:40
LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 11:59:48
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 09:05:36
VBASE001.VDF   : 7.10.1.0     1372672 Bytes  19.11.2009 19:27:50
VBASE002.VDF   : 7.10.3.1     3143680 Bytes  20.01.2010 17:37:44
VBASE003.VDF   : 7.10.3.75     996864 Bytes  26.01.2010 16:37:44
VBASE004.VDF   : 7.10.4.203   1579008 Bytes  05.03.2010 11:29:04
VBASE005.VDF   : 7.10.6.82    2494464 Bytes  15.04.2010 15:09:42
VBASE006.VDF   : 7.10.7.218   2294784 Bytes  02.06.2010 15:09:44
VBASE007.VDF   : 7.10.9.165   4840960 Bytes  23.07.2010 15:09:44
VBASE008.VDF   : 7.10.11.133  3454464 Bytes  13.09.2010 17:29:26
VBASE009.VDF   : 7.10.13.80   2265600 Bytes  02.11.2010 17:29:55
VBASE010.VDF   : 7.10.13.81      2048 Bytes  02.11.2010 17:29:56
VBASE011.VDF   : 7.10.13.82      2048 Bytes  02.11.2010 17:29:56
VBASE012.VDF   : 7.10.13.83      2048 Bytes  02.11.2010 17:29:56
VBASE013.VDF   : 7.10.13.116   147968 Bytes  04.11.2010 17:29:58
VBASE014.VDF   : 7.10.13.147   146944 Bytes  07.11.2010 17:29:59
VBASE015.VDF   : 7.10.13.148     2048 Bytes  07.11.2010 17:29:59
VBASE016.VDF   : 7.10.13.149     2048 Bytes  07.11.2010 17:30:00
VBASE017.VDF   : 7.10.13.150     2048 Bytes  07.11.2010 17:30:00
VBASE018.VDF   : 7.10.13.151     2048 Bytes  07.11.2010 17:30:00
VBASE019.VDF   : 7.10.13.152     2048 Bytes  07.11.2010 17:30:00
VBASE020.VDF   : 7.10.13.153     2048 Bytes  07.11.2010 17:30:00
VBASE021.VDF   : 7.10.13.154     2048 Bytes  07.11.2010 17:30:00
VBASE022.VDF   : 7.10.13.155     2048 Bytes  07.11.2010 17:30:00
VBASE023.VDF   : 7.10.13.156     2048 Bytes  07.11.2010 17:30:00
VBASE024.VDF   : 7.10.13.157     2048 Bytes  07.11.2010 17:30:00
VBASE025.VDF   : 7.10.13.158     2048 Bytes  07.11.2010 17:30:00
VBASE026.VDF   : 7.10.13.159     2048 Bytes  07.11.2010 17:30:00
VBASE027.VDF   : 7.10.13.160     2048 Bytes  07.11.2010 17:30:00
VBASE028.VDF   : 7.10.13.161     2048 Bytes  07.11.2010 17:30:00
VBASE029.VDF   : 7.10.13.162     2048 Bytes  07.11.2010 17:30:00
VBASE030.VDF   : 7.10.13.163     2048 Bytes  07.11.2010 17:30:00
VBASE031.VDF   : 7.10.13.171    75264 Bytes  08.11.2010 17:30:01
Engineversion  : 8.2.4.92  
AEVDF.DLL      : 8.1.2.1       106868 Bytes  02.08.2010 15:09:32
AESCRIPT.DLL   : 8.1.3.46     1364347 Bytes  08.11.2010 17:30:40
AESCN.DLL      : 8.1.6.1       127347 Bytes  02.08.2010 15:09:32
AESBX.DLL      : 8.1.3.1       254324 Bytes  02.08.2010 15:09:32
AERDL.DLL      : 8.1.9.2       635252 Bytes  08.11.2010 17:30:35
AEPACK.DLL     : 8.2.3.11      471416 Bytes  08.11.2010 17:30:31
AEOFFICE.DLL   : 8.1.1.8       201081 Bytes  02.08.2010 15:09:30
AEHEUR.DLL     : 8.1.2.38     2990455 Bytes  08.11.2010 17:30:28
AEHELP.DLL     : 8.1.14.0      246134 Bytes  08.11.2010 17:30:12
AEGEN.DLL      : 8.1.3.24      401781 Bytes  08.11.2010 17:30:08
AEEMU.DLL      : 8.1.2.0       393588 Bytes  02.08.2010 15:09:26
AECORE.DLL     : 8.1.17.0      196982 Bytes  08.11.2010 17:30:05
AEBB.DLL       : 8.1.1.0        53618 Bytes  02.08.2010 15:09:26
AVWINLL.DLL    : 10.0.0.0       19304 Bytes  02.08.2010 15:09:34
AVPREF.DLL     : 10.0.0.0       44904 Bytes  02.08.2010 15:09:34
AVREP.DLL      : 10.0.0.8       62209 Bytes  17.06.2010 14:26:54
AVREG.DLL      : 10.0.3.2       53096 Bytes  02.08.2010 15:09:34
AVSCPLR.DLL    : 10.0.3.1       83816 Bytes  02.08.2010 15:09:34
AVARKT.DLL     : 10.0.0.14     227176 Bytes  02.08.2010 15:09:32
AVEVTLOG.DLL   : 10.0.0.8      203112 Bytes  02.08.2010 15:09:34
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  17.06.2010 14:27:04
AVSMTP.DLL     : 10.0.0.17      63848 Bytes  02.08.2010 15:09:34
NETNT.DLL      : 10.0.0.0       11624 Bytes  17.06.2010 14:27:02
RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28.01.2010 13:10:10
RCTEXT.DLL     : 10.0.58.0      98152 Bytes  02.08.2010 15:09:46

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Montag, 08. November 2010  18:32

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\Software\Microsoft\DevDiv\VC\Servicing\8.0\sp
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\DevDiv\VC\Servicing\8.0\RED\1033\sp
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\5
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
%SystemRoot%\system32\wmploc.dll,-738
C:\Windows\system32\wmploc.dll,-738
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
%SystemRoot%\system32\wmploc.dll,-730
C:\Windows\system32\wmploc.dll,-730
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
c:\program files (x86)\mysecuritycenter\programs\csetting.exe
c:\Program Files (x86)\MySecurityCenter\Programs\csetting.exe
    [HINWEIS]   Der Prozess ist nicht sichtbar.
c:\program files (x86)\mysecuritycenter\programs\checkinstall.exe
c:\Program Files (x86)\MySecurityCenter\Programs\checkinstall.exe
    [HINWEIS]   Der Prozess ist nicht sichtbar.
c:\program files (x86)\mysecuritycenter\programs\selfupdate.exe
c:\Program Files (x86)\MySecurityCenter\Programs\selfupdate.exe
    [HINWEIS]   Der Prozess ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'hqtray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMVService.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'WZQKPICK.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfferBox.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmnetdhcp.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmware-authd.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmnat.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmware-usbarbitrator.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'service.exe' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'MDM.EXE' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '24' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '134' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
C:\_OTL\MovedFiles\11072010_144106\C_Users\Chou\Desktop\MsnCleaner\MSNCleaner.exe
    [FUND]      Ist das Trojanische Pferd TR/Small.166912

Beginne mit der Desinfektion:
C:\_OTL\MovedFiles\11072010_144106\C_Users\Chou\Desktop\MsnCleaner\MSNCleaner.exe
    [FUND]      Ist das Trojanische Pferd TR/Small.166912
    [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4805e050.qua' verschoben!


Ende des Suchlaufs: Montag, 08. November 2010  19:42
Benötigte Zeit: 36:06 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  20071 Verzeichnisse wurden überprüft
 306048 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 306047 Dateien ohne Befall
   1235 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 599959 Objekte wurden beim Rootkitscan durchsucht
      9 Versteckte Objekte wurden gefunden


Jetzt wird die Quarantäne gesäubert, oder? Werde damit warten bis du es mir erlaubst^^

und was ich noch fragen wollte:
ich habe bei der Installation den Windows Defender ausschalten müssen beim Echtzeitschutz. Soll er weiter ausgeschalten bleiben?

Greez
Dieser Beitrag wurde am 08.11.2010 um 20:38 Uhr von Chou editiert.
Seitenanfang Seitenende
09.11.2010, 18:31
Swisstreasure
Moderator

Beiträge: 5694
#14 Windows Defender kannst Du eingeschalten lassen.

Schritt 1

Systemwiederherstellung mit OTL leeren

• Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code

:Commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[reboot]
• und füge es hier ein:

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klicke auf .
OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart wird Dein Editor mit einem Textdokument geöffnet.
• Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 2

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
Seitenanfang Seitenende
09.11.2010, 19:59
Chou
Member

Themenstarter

Beiträge: 12
#15 Hallo!

Hier das Logfile vom OnlineScanner^^ :

Code

 ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3701dbfd1b0bdd46865ad30bce7220e9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-09 06:54:25
# local_time=2010-11-09 07:54:25 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 85373 25858588 84307 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 7271 40955218 0 0
# compatibility_mode=8192 67108863 100 0 3887 3887 0 0
# scanned=103358
# found=1
# cleaned=1
# scan_time=3497
C:\Users\Chou\Desktop\ITT\festplatten_tools\WinLiteXP.iso    probably a variant of Win32/Agent.JJQXECT trojan (deleted - quarantined)    00000000000000000000000000000000    C


und hier das von OTL:

Code

 All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Chou
->Temp folder emptied: 25204816 bytes
->Temporary Internet Files folder emptied: 1552138 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 405740 bytes
->Flash cache emptied: 5179 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108917 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 26,00 mb
 
 
OTL by OldTimer - Version 3.2.17.1 log created on 11092010_184243

Files\Folders moved on Reboot...
File\Folder C:\Users\Chou\AppData\Local\Temp\BIT1A59.tmp not found!
C:\Users\Chou\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-976.log moved successfully.

Registry entries deleted on Reboot...


Greez
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »
Seite(n): 12