Win32:Dropper-EMZ [Trj] -Qkc.exe -Qky.exe -Qko.exe

#1 Guten Morgen,
ich habe mir einen Dropper Trojaner eingefangen und nachdem ich mich jetzt hier etwas eingelesen habe befürchte ich werde ich ohne Hilfe das Problem nicht los.

Angefangen hat alles wie auf dem Screenshot zu sehen um 02:20 und seid dem öffnet sich immer mal wieder der Internet Explorer und ich merke doch das die Rechenleistung etwas langsamer geworden ist.. Kurz danach meldete sich immer mein "Avast" Schutz und teilte mir eine potentielle Bedrohung eines Trojaners mit und schob diese Qj0.exe, Qjx.exe, Qkc.exe, Qko.exe und 2x Qky.exe dann geblockt in den container!! Seid dem habe ich einen Virenscan laufen lassen und einen Neustart hinter mir.

Schonmal vielen Dank für die Hilfe und Mühe..ich werde jetzt die weiteren Anleitungspunkte step by step befolgen.

#2 Extras.Txt

Code

OTL Extras logfile created on: 13.12.2010 08:54:55 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\MeeX\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 108,94 Gb Free Space | 38,18% Space Free | Partition Type: NTFS
 
Computer Name: MEEX-MOBIL | User Name: MeeX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{33037348-6BB9-59EA-80DE-8D7E0E906B83}" = ccc-utility64
"{43239902-03DF-A165-7EF6-6A49DE4F8EF1}" = ATI AVIVO64 Codecs
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{D10D9994-4337-8067-F5D7-9F8FEC1E4A00}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.8.0
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark Fax Solutions" = Lexmark Fax-Lösungen
"LSI Soft Modem" = LSI HDA Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06EF78A1-935E-8982-48EE-DEAF73075BBE}" = Catalyst Control Center InstallProxy
"{09B14334-89FF-B11A-5D9B-14BBA2D8A4C3}" = CCC Help Hungarian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{19992AF5-2780-7E2C-100D-0A300A22DB6F}" = CCC Help Korean
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{243AD385-8C58-4D49-BF54-8E7F809E0A96}" = Acer TouchPortal
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3048B1-28C0-5231-B071-7BA3FBF2EF6B}" = CCC Help German
"{2F76BE0B-11EF-593F-FD8B-52C1EDEFD99F}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3D542863-7E63-D988-168A-48C48B9B7A9B}" = Catalyst Control Center Graphics Light
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE958E0-0656-FC87-1D7E-B7143AC235E7}" = CCC Help Spanish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{557FCE92-4537-6C23-7489-E5836908EB76}" = Catalyst Control Center Core Implementation
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5E174F7A-245B-D9A1-0FB1-5DEB3E7C4AFA}" = CCC Help Italian
"{5E3AE725-CACE-9016-D454-02B91CD33C75}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F25EB2C-0972-8528-7DEA-9FCAE8AA026E}" = Catalyst Control Center Graphics Full New
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3A514C-B4B2-C5B3-FDF9-12329E6E92BC}" = Catalyst Control Center Localization All
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8297136B-D69B-21F8-EA06-6527B4D2080F}" = CCC Help Czech
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD57F82-FFF4-13F7-F854-976E34CBDDF8}" = Catalyst Control Center Graphics Previews Vista
"{8DAB0DFE-093F-4C77-5301-59C394EE8FA0}" = CCC Help Norwegian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A05CA92F-4FE3-7129-6963-03AA82FB8817}" = CCC Help Portuguese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A51417-934D-EB1E-705B-276F9C3749D7}" = CCC Help Swedish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9DD5F30-96A2-CDF5-FDEA-0A11BF14AFB2}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE65393D-F007-E7F6-BD5E-A5B7CB65FACB}" = CCC Help Dutch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B70EC123-01CE-94B9-433D-85696F5D4453}" = CCC Help Greek
"{C1877FF5-519A-C207-A5E9-4E692174FE4A}" = ccc-core-static
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4519837-7F74-4DB3-36AF-94CDC3511F7A}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D74163DC-0BF1-0A8F-BA2E-D3B5ACD4D9D9}" = CCC Help Polish
"{D93AC7DC-EC2C-96A7-0733-07B05BD710CE}" = CCC Help Thai
"{DA79E283-89F5-D6A5-6D0B-D55FD8721668}" = CCC Help Finnish
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5BA962C-631A-464B-AA8C-B1CED01D2E93}" = ArcSoft Panorama Maker 4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78A0DB3-74D6-F576-331F-33780D1D8D7E}" = Catalyst Control Center Graphics Full Existing
"{E88CF135-CB50-319C-8268-1BED4261FDB2}" = CCC Help Chinese Standard
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB6DA76C-AA15-91FE-E6D7-A2B3ED4F6E29}" = CCC Help Danish
"{EC4B8E73-EB41-0386-8C39-7F6FC2CFD840}" = CCC Help Russian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEE4B066-28B3-145F-CEB6-2D47F2A83E3D}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter_is1" = AC3Filter 1.63b
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"bwin Poker_is1" = bwin Poker
"DFX for Windows Media Player" = DFX for Windows Media Player
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GMX Upload-Manager" = GMX Upload-Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{243AD385-8C58-4D49-BF54-8E7F809E0A96}" = Acer TouchPortal
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Internet Download Manager" = Internet Download Manager
"JDownloader" = JDownloader
"LManager" = Launch Manager
"MAGIX Music Maker 16 Premium Download Version UK" = MAGIX Music Maker 16 Premium Download Version
"MAGIX Screenshare UK" = MAGIX Screenshare
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"RapidShare Manager" = RapidShare Manager
"Spyware Terminator_is1" = Spyware Terminator
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.3.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 04.12.2010 03:59:33 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.12.2010 04:02:34 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.12.2010 04:02:34 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.12.2010 04:02:34 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.12.2010 04:02:34 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.12.2010 06:51:54 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.12.2010 06:54:37 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.12.2010 06:54:37 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.12.2010 06:54:37 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.12.2010 06:54:37 | Computer Name = MeeX-Mobil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 26.09.2010 04:30:39 | Computer Name = MeeX-Mobil | Source = MCUpdate | ID = 0
Description = 10:30:39 - Fehler beim Herstellen der Internetverbindung.  10:30:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.09.2010 04:30:48 | Computer Name = MeeX-Mobil | Source = MCUpdate | ID = 0
Description = 10:30:44 - Fehler beim Herstellen der Internetverbindung.  10:30:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 27.10.2010 12:37:18 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
Error - 27.10.2010 12:49:19 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
Error - 27.10.2010 13:01:20 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
Error - 27.10.2010 13:13:20 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
Error - 27.10.2010 13:25:21 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
Error - 27.10.2010 13:37:22 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
Error - 27.10.2010 13:50:53 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
Error - 27.10.2010 15:41:59 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
Error - 27.10.2010 15:54:00 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
Error - 27.10.2010 16:06:01 | Computer Name = MeeX-Mobil | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

#3 OTL.Txt

Code

OTL logfile created on: 13.12.2010 08:54:55 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\MeeX\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 108,94 Gb Free Space | 38,18% Space Free | Partition Type: NTFS
 
Computer Name: MEEX-MOBIL | User Name: MeeX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\MeeX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Qlydab.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\MPK\MPK.exe ()
PRC - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Acer\TouchPortal\Touch Movie\TouchMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\MeeX\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (lxdi_device) -- C:\Windows\SysNative\lxdicoms.exe ( )
SRV - (sp_rssrv) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (lxdi_device) -- C:\Windows\SysWow64\lxdicoms.exe ( )
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found
DRV:[b]64bit:[/b] - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found
DRV:[b]64bit:[/b] - (uigxrdr) -- C:\Windows\SysNative\drivers\uigxrdr.SYS (1&1 Mail & Media GmbH)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:[b]64bit:[/b] - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:[b]64bit:[/b] - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:[b]64bit:[/b] - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273606104026l0398z125t4751b513
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273606104026l0398z125t4751b513
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273606104026l0398z125t4751b513
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273606104026l0398z125t4751b513
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273606104026l0398z125t4751b513
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273606104026l0398z125t4751b513
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultthis.engineName: "InfinityMW Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2303146&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273606104026l0398z125t4751b513"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.1
FF - prefs.js..extensions.enabledItems: {d6ecae88-2910-4a5b-a7c6-3dee8318a3bc}:3.1.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: premiumproxyswitcher@freeproxylist.org:1.0.10
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.11 14:21:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.11 14:21:00 | 000,000,000 | ---D | M]
 
[2010.06.07 20:15:08 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\mozilla\Extensions
[2010.12.13 06:50:18 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\mozilla\Firefox\Profiles\zjaeg8cr.default\extensions
[2010.12.13 06:50:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\MeeX\AppData\Roaming\mozilla\Firefox\Profiles\zjaeg8cr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.12.13 06:50:06 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\MeeX\AppData\Roaming\mozilla\Firefox\Profiles\zjaeg8cr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.12.13 06:50:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\MeeX\AppData\Roaming\mozilla\Firefox\Profiles\zjaeg8cr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.04 00:30:45 | 000,000,000 | ---D | M] (InfinityMW Community Toolbar) -- C:\Users\MeeX\AppData\Roaming\mozilla\Firefox\Profiles\zjaeg8cr.default\extensions\{d6ecae88-2910-4a5b-a7c6-3dee8318a3bc}
[2010.10.17 17:29:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\MeeX\AppData\Roaming\mozilla\Firefox\Profiles\zjaeg8cr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.12.03 11:29:58 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\MeeX\AppData\Roaming\mozilla\Firefox\Profiles\zjaeg8cr.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.12.03 11:29:57 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\mozilla\Firefox\Profiles\zjaeg8cr.default\extensions\premiumproxyswitcher@freeproxylist.org
[2010.06.08 10:41:06 | 000,000,923 | ---- | M] () -- C:\Users\MeeX\AppData\Roaming\Mozilla\FireFox\Profiles\zjaeg8cr.default\searchplugins\conduit.xml
[2010.12.02 03:52:23 | 000,006,167 | ---- | M] () -- C:\Users\MeeX\AppData\Roaming\Mozilla\FireFox\Profiles\zjaeg8cr.default\searchplugins\imdbde.xml
[2010.11.22 15:05:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.02 00:36:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.10 21:26:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.22 15:05:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TouchMovieService] C:\Program Files (x86)\Acer\TouchPortal\Touch Movie\TouchMovieService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GMX_GMX Upload-Manager] C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:[b]64bit:[/b] - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\idmmbc.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\idmmbc.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) - C:\Windows\SysWOW64\MPK\MPK.exe ()
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ff0d487c-72c0-11df-b905-00262d519eb2}\Shell - "" = AutoRun
O33 - MountPoints2\{ff0d487c-72c0-11df-b905-00262d519eb2}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{ff0d487c-72c0-11df-b905-00262d519eb2}\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{ff0d487c-72c0-11df-b905-00262d519eb2}\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.12.13 08:50:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\MeeX\Desktop\OTL.exe
[2010.12.13 06:10:00 | 000,000,000 | ---D | C] -- C:\Users\MeeX\AppData\Roaming\Spyware Terminator
[2010.12.13 06:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.12.13 06:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2010.12.13 06:06:51 | 000,665,096 | ---- | C] (Crawler Inc.                                                ) -- C:\Users\MeeX\Desktop\SpywareTerminatorSetup2.8.1.188.exe
[2010.12.13 04:29:16 | 000,000,000 | ---D | C] -- C:\Programme\DFX
[2010.12.13 04:14:31 | 000,000,000 | ---D | C] -- C:\Users\MeeX\AppData\Local\DFX
[2010.12.13 04:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DFX
[2010.12.13 04:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DFX-Audio
[2010.12.13 04:14:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DFX
[2010.12.06 21:22:37 | 000,000,000 | ---D | C] -- C:\Users\MeeX\Desktop\Nikolaus-2010
[2010.12.02 06:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.12.02 02:01:41 | 000,198,256 | ---- | C] (1&1 Mail & Media GmbH) -- C:\Windows\SysNative\drivers\uigxrdr.SYS
[2010.12.02 02:01:41 | 000,011,776 | ---- | C] (1&1 Mail & Media GmbH) -- C:\Windows\SysNative\uigxnp.dll
[2010.12.02 02:01:41 | 000,007,680 | ---- | C] (1&1 Mail & Media GmbH) -- C:\Windows\SysWow64\uigxnp.dll
[2010.11.25 03:29:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.11.25 03:29:46 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.11.25 03:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.11.25 03:27:57 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.11.25 03:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.11.25 03:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010.11.25 03:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.11.22 15:05:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.11.22 15:05:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.11.22 15:05:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.11.21 16:19:42 | 000,000,000 | ---D | C] -- C:\Users\MeeX\Desktop\Mama-Kuchen
[2010.11.14 03:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.11.14 03:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2010.06.14 11:18:05 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2010.06.14 11:18:05 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2010.06.14 11:18:04 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2010.06.14 11:18:03 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2010.06.14 11:18:03 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2010.06.14 11:18:02 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2010.06.14 11:18:02 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2010.06.14 11:18:02 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2010.06.14 11:18:02 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2010.06.14 11:18:02 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2010.06.14 11:18:02 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2009.08.22 09:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.12.13 08:51:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\MeeX\Desktop\OTL.exe
[2010.12.13 08:44:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.13 08:41:37 | 000,186,965 | ---- | M] () -- C:\Users\MeeX\Desktop\Avast-container-screenshot.jpg
[2010.12.13 08:35:06 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.13 08:25:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.13 08:23:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-462554192-2548847293-3244117650-1001UA.job
[2010.12.13 06:53:44 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.13 06:53:44 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.13 06:46:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.13 06:45:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.13 06:45:34 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.13 06:10:10 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.12.13 06:06:52 | 000,665,096 | ---- | M] (Crawler Inc.                                                ) -- C:\Users\MeeX\Desktop\SpywareTerminatorSetup2.8.1.188.exe
[2010.12.13 05:16:02 | 000,380,416 | ---- | M] () -- C:\Windows\Qlydab.exe
[2010.12.13 04:18:44 | 000,380,416 | ---- | M] () -- C:\Windows\Qlydaa.exe
[2010.12.12 20:23:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-462554192-2548847293-3244117650-1001Core.job
[2010.12.11 00:49:11 | 000,007,680 | ---- | M] () -- C:\Users\MeeX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.06 21:22:45 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.06 21:22:45 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.06 21:22:45 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.06 21:22:45 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.06 21:22:45 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.03 12:23:42 | 000,002,398 | ---- | M] () -- C:\Users\MeeX\Desktop\Google Chrome.lnk
[2010.12.02 04:24:49 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2010.11.25 03:30:03 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.11.25 03:26:30 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.11.25 03:25:58 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.11.19 17:29:44 | 002,668,903 | ---- | M] () -- C:\Users\MeeX\Desktop\happy-3_Abmischung.mp3
[2010.11.19 16:34:06 | 000,198,256 | ---- | M] (1&1 Mail & Media GmbH) -- C:\Windows\SysNative\drivers\uigxrdr.SYS
[2010.11.19 16:34:00 | 000,011,776 | ---- | M] (1&1 Mail & Media GmbH) -- C:\Windows\SysNative\uigxnp.dll
[2010.11.19 16:33:40 | 000,007,680 | ---- | M] (1&1 Mail & Media GmbH) -- C:\Windows\SysWow64\uigxnp.dll
[2010.11.18 19:27:07 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.12.13 08:41:37 | 000,186,965 | ---- | C] () -- C:\Users\MeeX\Desktop\Avast-container-screenshot.jpg
[2010.12.13 06:46:27 | 000,380,416 | ---- | C] () -- C:\Windows\Qlydab.exe
[2010.12.13 06:10:10 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.12.13 04:18:52 | 000,380,416 | ---- | C] () -- C:\Windows\Qlydaa.exe
[2010.12.13 04:18:51 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.13 04:18:48 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.02 04:24:49 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2010.11.25 03:30:03 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.11.25 03:26:30 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.11.25 03:25:58 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.11.19 17:29:41 | 002,668,903 | ---- | C] () -- C:\Users\MeeX\Desktop\happy-3_Abmischung.mp3
[2010.11.18 19:27:07 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.11.14 03:31:55 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2010.11.06 19:11:10 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.07.10 03:37:39 | 000,000,000 | ---- | C] () -- C:\Windows\MusicEditor.INI
[2010.07.02 00:43:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.14 11:18:05 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2010.06.14 11:18:05 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2010.06.09 02:12:54 | 000,007,680 | ---- | C] () -- C:\Users\MeeX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.08 07:37:21 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.06.08 07:15:03 | 000,000,810 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010.06.07 19:13:55 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log
[2009.12.02 18:02:50 | 001,632,887 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2009.12.02 17:56:10 | 004,840,081 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009.11.04 19:45:44 | 000,611,638 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009.11.04 19:43:20 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009.11.03 21:11:22 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009.11.03 21:11:00 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009.11.03 21:10:42 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009.11.03 21:09:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009.11.03 21:08:58 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009.11.03 21:08:12 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009.11.03 21:07:16 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009.11.03 20:36:06 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009.11.03 20:34:56 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009.11.03 19:05:02 | 000,957,047 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009.10.27 23:46:26 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009.09.27 22:19:02 | 000,001,820 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009.09.27 13:22:33 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.09.27 13:05:11 | 000,007,832 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009.09.27 13:04:29 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.09.27 13:04:29 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009.09.27 13:03:15 | 000,000,113 | ---- | C] () -- C:\ProgramData\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}.log
[2009.09.27 13:01:23 | 000,000,113 | ---- | C] () -- C:\ProgramData\{243AD385-8C58-4D49-BF54-8E7F809E0A96}.log
[2009.08.22 09:43:39 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009.08.22 07:01:23 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.08.22 07:01:23 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.08.22 07:01:21 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.08.22 07:01:21 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.08.22 07:01:21 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.01.10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.01.10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.01.10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.01.10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.01.10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009.01.10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.01.10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.01.10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.01.10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.01.10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.11.04 18:27:26 | 000,000,000 | -HSD | M] -- C:\Users\MeeX\AppData\Roaming\.#
[2010.06.08 01:20:24 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\ACD Systems
[2010.06.11 01:34:20 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\DAEMON Tools Lite
[2010.12.13 06:47:04 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\DMCache
[2010.10.21 21:42:10 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\GMX
[2010.11.26 02:43:49 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\ICQ
[2010.08.24 17:20:18 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\IDM
[2010.06.14 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\Lexmark Imaging Studio
[2010.07.10 03:37:33 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\MAGIX
[2010.11.13 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\QuickScan
[2010.12.13 06:30:31 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\Spyware Terminator
[2010.06.08 06:32:59 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\TouchPortal
[2010.07.08 12:06:55 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\TuneUp Software
[2010.11.02 22:29:06 | 000,000,000 | ---D | M] -- C:\Users\MeeX\AppData\Roaming\Windows Live Writer
[2010.11.28 21:07:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.13 08:44:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.13 08:35:06 | 000,000,244 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

#4 Oki dok heute morgen noch etwas geschockt bzw genervt gewesen..von einem sich löschweigernden Trojaner^^ Durch das "Tutorial" und den doch zuverlässigen Kundenservice von Avast hab ich mittlerweile mein Problem selber behoben Alle empfohlen Programme kann ich echt empfehlen, vorallem Malwarebytes' Anti-Malware.. das hat definitiv einiges aufgeräumt^^

Greetz MeeX

#5 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Poste mir bitte das Log von Malwarebytes.

#6

Code

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5304

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.12.2010 15:12:12
mbam-log-2010-12-19 (15-12-12).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157664
Laufzeit: 3 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

#7 Sorry für späten Post..hab jetzt nochmal ein schnell scan laufen lassen evtl genügt der ansonsten mach ich auch gerne nochmal ein kompletten Scan^^ aber seid her läuft wieder alles einwandfrei LIKE THAT FORUM

LG Max

#8 ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.