Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.07.2011, 12:21   #1
Rainer001
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Hallo,
ich denke ich habe das gleiche Problem wie bereits hier gepostet: http://www.trojaner-board.de/100999-...estplatte.html
Malwarebytes und unhide habe ich ausgeführt.
Ich hoffe ihr könnt mir noch weiter helfen und ich habe soweit die erforderlichen Logs drangehängt:

Meine Logs von Malewarebytes:
--------------------------------
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.07.2011 20:29:18
mbam-log-2011-07-08 (20-29-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 186218
Laufzeit: 2 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\programdata\juadajhrvp.exe (Trojan.FakeAlert) -> 2236 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JUaDAjhRvP (Trojan.FakeAlert) -> Value: JUaDAjhRvP -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\juadajhrvp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Rainer\AppData\Local\Temp\Low\tmp6123.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\41082616.exe (Trojan.Agent) -> Quarantined and deleted successfully.


----------------------------
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.07.2011 21:13:06
mbam-log-2011-07-08 (21-13-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|J:\|L:\|)
Durchsuchte Objekte: 432092
Laufzeit: 38 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Rainer\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\NOHCL7UT\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
--------------------------
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7056

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.07.2011 10:11:21
mbam-log-2011-07-09 (10-11-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|J:\|L:\|)
Durchsuchte Objekte: 421210
Laufzeit: 33 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
-------------------------------------

Die Logs von OTL:

OTL logfile created on: 09.07.2011 11:05:40 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Rainer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 4,73 Gb Available Physical Memory | 59,07% Memory free
16,00 Gb Paging File | 12,27 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,46 Gb Total Space | 245,18 Gb Free Space | 53,48% Space Free | Partition Type: NTFS
Drive D: | 458,41 Gb Total Space | 105,86 Gb Free Space | 23,09% Space Free | Partition Type: NTFS
Drive G: | 1,83 Gb Total Space | 0,15 Gb Free Space | 8,36% Space Free | Partition Type: FAT
Drive L: | 1,88 Gb Total Space | 0,20 Gb Free Space | 10,58% Space Free | Partition Type: FAT

Computer Name: RAINER-PC | User Name: Rainer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.09 10:24:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
PRC - [2011.07.03 21:14:20 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011.06.16 20:41:36 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011.06.02 20:49:42 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.21 21:07:41 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Rainer\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011.01.04 21:28:27 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2010.11.29 12:55:44 | 002,676,696 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2010.11.17 11:29:38 | 000,287,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
PRC - [2009.06.03 12:03:44 | 001,119,304 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
PRC - [2009.06.03 12:03:44 | 000,920,648 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2009.06.03 12:03:44 | 000,394,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2009.03.30 16:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2009.03.10 03:47:10 | 000,298,568 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
PRC - [2009.02.09 14:59:54 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009.02.09 14:59:48 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.02.06 13:49:00 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.12.24 17:34:12 | 000,288,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.12.24 17:34:10 | 000,058,664 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
PRC - [2008.12.18 13:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.12.04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.12.04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.10.27 15:09:16 | 000,199,464 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2008.10.27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008.10.27 12:05:24 | 000,346,672 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2003.11.24 12:14:32 | 000,729,088 | ---- | M] () -- C:\Program Files (x86)\MENTOR\PVR Plus\TVR\Scheduled.exe


========== Modules (SafeList) ==========

MOD - [2011.07.09 10:24:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
MOD - [2010.08.27 12:09:16 | 000,324,032 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\KDS\pctESPHooking32.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 03:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2009.07.14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.06.02 20:49:42 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.17 11:29:38 | 000,287,024 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.25 12:54:34 | 001,918,952 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.03 12:03:44 | 001,119,304 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2009.06.03 12:03:44 | 000,394,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2009.03.10 03:47:10 | 000,298,568 | ---- | M] (G DATA Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.12.24 17:34:12 | 000,288,120 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (CyberLink Media Server Service)
SRV - [2008.12.24 17:34:10 | 000,058,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe -- (CyberLink Media Server Monitor Service)
SRV - [2008.12.18 13:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.12.04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.10.27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.03 17:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.25 11:42:10 | 000,179,464 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2010.11.24 10:18:16 | 000,119,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2010.11.17 11:20:20 | 000,331,368 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010.07.30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.07.30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.07.30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.07.30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.07.08 10:49:08 | 000,079,000 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdisMP)
DRV:64bit: - [2010.07.08 10:49:08 | 000,079,000 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdis)
DRV:64bit: - [2009.09.07 20:13:59 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.09.07 20:13:59 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.09.07 19:55:29 | 000,105,416 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2009.07.28 15:19:19 | 000,064,456 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2009.07.28 15:19:18 | 000,038,856 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2009.07.28 15:19:04 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.10.27 12:06:00 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2008.10.27 12:06:00 | 000,022,064 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2008.10.27 12:06:00 | 000,020,528 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2011.02.14 20:27:12 | 000,105,416 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2010.12.18 13:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0709&m=aspire_m3800
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0709&m=aspire_m3800
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1057609398-4056098699-2660756153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0709&m=aspire_m3800
IE - HKU\S-1-5-21-1057609398-4056098699-2660756153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1057609398-4056098699-2660756153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1057609398-4056098699-2660756153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-1057609398-4056098699-2660756153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1057609398-4056098699-2660756153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.08 11:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.13 14:14:47 | 000,000,000 | ---D | M]

[2011.02.03 22:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rainer\AppData\Roaming\mozilla\Extensions
[2011.02.03 22:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rainer\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2011.03.31 21:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rainer\AppData\Roaming\mozilla\Firefox\Profiles\2qrv9kpk.default\extensions
[2011.01.08 11:34:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rainer\AppData\Roaming\mozilla\Firefox\Profiles\2qrv9kpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.03 10:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.03 10:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.02.03 10:10:21 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG)
O3:64bit: - HKU\S-1-5-21-1057609398-4056098699-2660756153-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PVR Agent] C:\Program Files (x86)\MENTOR\PVR Plus\TVR\Scheduled.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1057609398-4056098699-2660756153-1000..\Run: [SansaDispatch] C:\Users\Rainer\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-1057609398-4056098699-2660756153-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1057609398-4056098699-2660756153-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-1057609398-4056098699-2660756153-1002..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} hxxp://acer-de.custhelp.com/euf/assets/activex/snret.cab (SNRet Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Rainer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rainer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.07.09 10:25:15 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
[2011.07.08 21:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.07.08 21:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.08 19:47:08 | 000,000,000 | ---D | C] -- C:\Users\Rainer\AppData\Roaming\Malwarebytes
[2011.07.08 19:47:02 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.08 19:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.08 19:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.08 19:46:58 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.08 19:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.06.25 19:27:57 | 000,000,000 | R--D | C] -- C:\Users\Rainer\AppData\Roaming\Brother
[2011.06.19 12:27:27 | 000,000,000 | ---D | C] -- C:\Windows\AxInstSV
[2009.07.28 23:05:17 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Rainer\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Rainer\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Rainer\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Rainer\AppData\Local\bass.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.09 10:55:52 | 000,302,592 | ---- | M] () -- C:\Users\Rainer\Desktop\oyktisz0.exe
[2011.07.09 10:52:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.09 10:49:10 | 000,000,000 | ---- | M] () -- C:\Users\Rainer\defogger_reenable
[2011.07.09 10:47:56 | 000,050,477 | ---- | M] () -- C:\Users\Rainer\Desktop\Defogger.exe
[2011.07.09 10:24:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
[2011.07.09 09:22:28 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.09 09:22:28 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.09 09:14:37 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.09 09:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.09 09:14:16 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.08 21:19:50 | 000,043,002 | ---- | M] () -- C:\cc_20110708_211934.reg
[2011.07.08 21:16:47 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.08 19:47:02 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.08 19:46:24 | 000,000,336 | ---- | M] () -- C:\ProgramData\40886008
[2011.06.25 17:13:23 | 000,049,961 | ---- | M] () -- C:\Users\Rainer\Desktop\ticket_836633933_0.pdf
[2011.06.19 21:42:30 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.19 21:42:30 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.19 21:42:30 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.19 21:42:30 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.19 21:42:30 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.17 07:20:53 | 000,349,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.09 10:55:59 | 000,302,592 | ---- | C] () -- C:\Users\Rainer\Desktop\oyktisz0.exe
[2011.07.09 10:49:10 | 000,000,000 | ---- | C] () -- C:\Users\Rainer\defogger_reenable
[2011.07.09 10:48:01 | 000,050,477 | ---- | C] () -- C:\Users\Rainer\Desktop\Defogger.exe
[2011.07.08 21:51:02 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.08 21:19:39 | 000,043,002 | ---- | C] () -- C:\cc_20110708_211934.reg
[2011.07.08 21:16:47 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.08 19:46:24 | 000,000,336 | ---- | C] () -- C:\ProgramData\40886008
[2011.06.25 17:13:23 | 000,049,961 | ---- | C] () -- C:\Users\Rainer\Desktop\ticket_836633933_0.pdf
[2011.03.12 19:14:31 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.01.31 22:40:29 | 000,001,623 | ---- | C] () -- C:\Users\Rainer\AppData\Local\RecConfig.xml
[2010.11.28 22:34:43 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.11.09 21:56:09 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.04.26 18:46:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.11.26 22:22:02 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2009.10.15 18:52:45 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\decdll.dll
[2009.10.15 18:43:11 | 000,061,208 | ---- | C] () -- C:\Windows\SysWow64\MPEG4E-uninstall.exe
[2009.10.04 18:54:37 | 000,161,100 | ---- | C] () -- C:\Windows\Star Assault Uninstaller.exe
[2009.07.31 13:03:09 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009.07.31 13:03:09 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009.07.28 15:23:47 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009.07.28 15:23:46 | 000,007,283 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.01.16 15:56:46 | 001,015,808 | ---- | C] () -- C:\Windows\SysWow64\MPEG4Evfw.dll
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Rainer\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Rainer\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Rainer\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Rainer\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Rainer\AppData\Local\ogg.dll
[2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Rainer\AppData\Local\no23xwrapper.dll
[2000.02.16 02:00:00 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\UniClear.exe

========== LOP Check ==========

[2010.09.29 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2010.09.29 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009.09.07 19:59:21 | 000,000,000 | -HSD | M] -- C:\Users\Rainer\AppData\Roaming\.#
[2010.09.29 22:15:17 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Acer GameZone Console
[2011.01.31 22:40:16 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Audacity
[2010.11.28 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Black Sea Studios
[2011.01.03 21:57:36 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\CheckPoint
[2011.01.31 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\DVDVideoSoft
[2010.09.29 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\eSobi
[2010.09.29 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\FreeOrion
[2010.09.29 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\FreeVideoConverter
[2011.02.03 22:18:49 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Haufe Mediengruppe
[2011.02.03 10:14:19 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Lexware
[2010.09.29 22:15:24 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\My Games
[2011.02.03 10:23:57 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\PCToolsFirewallPlus
[2010.09.29 22:15:24 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\PowerCinema
[2011.03.21 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\SanDisk
[2010.11.09 23:03:48 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\ScanSoft
[2011.01.05 23:16:40 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\The Creative Assembly
[2010.09.29 22:15:24 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Ubisoft
[2010.09.29 22:15:25 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\UFOAI
[2010.11.09 23:03:51 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Zeon
[2010.09.29 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Acer GameZone Console
[2011.06.26 09:18:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.09.29 22:47:30 | 000,000,000 | ---D | M] -- C:\$INPLACE.~TR
[2009.07.14 07:09:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.09.29 22:19:38 | 000,000,000 | ---D | M] -- C:\$WINDOWS.~Q
[2010.09.15 21:57:13 | 000,000,000 | ---D | M] -- C:\ACER
[2011.02.22 19:07:36 | 000,000,000 | ---D | M] -- C:\ACERSW
[2011.01.31 19:20:08 | 000,000,000 | ---D | M] -- C:\AudioSuite
[2010.07.15 18:04:14 | 000,000,000 | ---D | M] -- C:\book
[2010.09.29 22:57:01 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.05.08 21:57:14 | 000,000,000 | ---D | M] -- C:\Daten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.07 19:52:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.07.15 18:04:14 | 000,000,000 | ---D | M] -- C:\Games
[2010.07.15 18:04:14 | 000,000,000 | ---D | M] -- C:\Intel
[2011.05.22 21:13:19 | 000,000,000 | ---D | M] -- C:\lang
[2011.05.22 20:57:55 | 000,000,000 | ---D | M] -- C:\Langenscheidt
[2010.07.15 18:04:14 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.05.12 21:26:38 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2010.09.29 21:00:59 | 000,000,000 | ---D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.22 21:13:18 | 000,000,000 | ---D | M] -- C:\Plugins
[2011.07.08 21:16:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.08 19:46:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.07.08 20:29:18 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.09.07 19:52:00 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.09.30 00:01:12 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.07.09 11:06:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.12 21:29:18 | 000,000,000 | R--D | M] -- C:\Users
[2010.09.29 21:05:58 | 000,000,000 | ---D | M] -- C:\vom_Quellcomputer
[2011.07.09 09:14:27 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >
[2007.01.18 22:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\Rainer\AppData\Local\No23 Recorder.exe

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:C31F31E6

< End of report >
-------------------------
-------------------------
OTL Extras logfile created on: 09.07.2011 11:05:40 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Rainer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 4,73 Gb Available Physical Memory | 59,07% Memory free
16,00 Gb Paging File | 12,27 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,46 Gb Total Space | 245,18 Gb Free Space | 53,48% Space Free | Partition Type: NTFS
Drive D: | 458,41 Gb Total Space | 105,86 Gb Free Space | 23,09% Space Free | Partition Type: NTFS
Drive G: | 1,83 Gb Total Space | 0,15 Gb Free Space | 8,36% Space Free | Partition Type: FAT
Drive L: | 1,88 Gb Total Space | 0,20 Gb Free Space | 10,58% Space Free | Partition Type: FAT

Computer Name: RAINER-PC | User Name: Rainer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1057609398-4056098699-2660756153-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"CCleaner" = CCleaner

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0FDB2D25-D880-4E10-868F-8C64EFE155F1}" = G Data AntiVirus SE
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2338C1CD-3423-48BC-8AF3-39385F176076}" = Konz 2011
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4C41DF54-F78D-404E-9E71-29EF5A00F1E9}" = MotionDV STUDIO 6.0E LE for DV
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C9C4474-74D6-42F4-A6D3-C9BD5C8871D3}" = Anno 1404
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}" = Beetle Junior
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8A5359C9-7B27-45C0-B41C-666798A75752}" = Medieval 2 Total War Demo SE
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAFBDB00-2B9E-49AF-9C29-2FB7290DC8C4}" = Autobahn
"{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D22AFEDF-6A5B-459D-A9EA-D16E422E4C18}" = Nokia Connectivity Cable Driver
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9CCDF2C-55C3-4D32-96DD-A3899E3EDEF9}" = WW2 Africa Corps
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audio Recorder Pro_is1" = Audio Recorder Pro 3.70
"C-evo" = C-evo
"Divine Divinity" = Divine Divinity
"Drakensang - DEMO_is1" = Drakensang - DEMO
"FormatFactory" = FormatFactory 2.50
"Free Video Converter" = Free Video Converter
"Free Video Converter_is1" = Free Video Converter V 2.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.14
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2338C1CD-3423-48BC-8AF3-39385F176076}" = Konz 2011
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"mufin player D" = mufin player
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"SpeedFan" = SpeedFan (remove only)
"Star Assault" = Star Assault
"Steam App 10500" = Empire: Total War
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"UFO:Alien Invasion" = UFO:AI 2.3
"Uninstall_is1" = Uninstall 1.0.0.1
"Warzone Tower Defense" = Warzone Tower Defense
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"XMedia Recode" = XMedia Recode 2.1.3.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1057609398-4056098699-2660756153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
-----------------------------------
-----------------------------------
Logfile defogger:


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:49 on 09/07/2011 (Rainer)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
------
----- Vielen Dank!

Alt 11.07.2011, 11:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2011.07.08 19:46:24 | 000,000,336 | ---- | M] () -- C:\ProgramData\40886008
[2009.09.07 19:59:21 | 000,000,000 | -HSD | M] -- C:\Users\Rainer\AppData\Roaming\.#
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:C31F31E6
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________

__________________

Alt 12.07.2011, 20:40   #3
Rainer001
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Hallo, vielen Dank!!!

ich habe jedoch noch das gleiche PRoblem wie http://www.trojaner-board.de/100378-...rnt-wurde.html ,
nämlich dass die Programme im Startmenü unter Alle Programme nicht vollständig angezeigt werden.
Unhide habe ich mehrfach ausgeführt.
Könnt ihr mir helfen?
__________________

Alt 12.07.2011, 20:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.07.2011, 20:49   #5
Rainer001
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Hallo, Danke Dir, war ein paar Tage weg deshalb sorry für die Verspätung;

habe die Datei Moved Files gezippt und hochgeladen,
wieder mal nicht genau gelesen, beim 2. Mal war der Virenscanner auch beim hochladen deaktiviert.


Alt 18.07.2011, 21:22   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Du musst den Scanner schon vor dem Packen deaktivieren!!
__________________
--> Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung

Alt 19.07.2011, 19:35   #7
Rainer001
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Hallo,
Virenscanner hatte ich vor dem Packen deaktiviert;

Alt 19.07.2011, 22:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.07.2011, 21:47   #9
Rainer001
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Hallo,
Danke,
hab das Tool ausgeführt, nix gefunden, log ist angehängt.
Unhide habe ich ausgeführt,
folgende Meldung zum Schluss jedoch nicht verstanden:
... if you are still missing start menu items, please temporarily disable your Antivirus or security programs and try again in the event that they interfered with the removal process.

Die Programme bzw. Ausführungsdaten (exe) fehlen immer noch im Startmenü.

Alt 20.07.2011, 21:53   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.07.2011, 20:43   #11
Rainer001
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Hallo,
erl., anbei das Log:

-----


Combofix Logfile:
Code:
ATTFilter
ComboFix 11-07-21.02 - Rainer 21.07.2011  20:26:47.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6404 [GMT 2:00]
ausgeführt von:: c:\users\Rainero\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rainer\AppData\Local\lame_enc.dll
c:\users\Rainer\AppData\Local\no23xwrapper.dll
c:\users\Rainer\AppData\Local\ogg.dll
c:\users\Rainer\AppData\Local\vorbis.dll
c:\users\Rainer\AppData\Local\vorbisenc.dll
c:\users\Rainer\AppData\Local\vorbisfile.dll
c:\users\Rainer\Firefox_Setup_3.6.13.exe
c:\users\Rainer\No23Recorder2103.exe
c:\users\Rainero\avira_antivir_personal_de.exe
c:\users\Rainero\rkill.com
c:\windows\jestertb.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-21 bis 2011-07-21  ))))))))))))))))))))))))))))))
.
.
2011-07-11 16:47 . 2011-07-18 18:39	--------	d-----w-	C:\_OTL
2011-07-10 19:10 . 2011-07-10 19:10	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2011-07-10 18:00 . 2011-07-10 18:51	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-07-10 18:00 . 2011-07-10 18:00	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2011-07-10 17:04 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2011-07-10 17:04 . 2011-02-19 12:04	1544192	----a-w-	c:\windows\system32\DWrite.dll
2011-07-10 17:04 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-07-10 17:04 . 2011-02-19 06:30	1076736	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-07-10 17:04 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-07-10 17:00 . 2011-06-15 08:56	140248	----a-w-	c:\program files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-07-10 17:00 . 2011-06-15 08:56	25048	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-07-10 16:18 . 2011-07-10 16:18	--------	d-----w-	c:\users\Rainer\AppData\Roaming\Avira
2011-07-10 15:48 . 2011-07-10 15:48	--------	d-----w-	c:\users\Rainer\AppData\Local\Microsoft Help
2011-07-10 15:48 . 2011-07-10 15:48	--------	d-----w-	c:\windows\PCHEALTH
2011-07-10 15:43 . 2011-07-10 15:43	--------	d-----w-	c:\windows\system32\SPReview
2011-07-10 15:33 . 2011-02-25 06:19	2871808	----a-w-	c:\windows\explorer.exe
2011-07-10 15:33 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\SysWow64\explorer.exe
2011-07-10 15:31 . 2011-03-12 12:08	1465344	----a-w-	c:\windows\system32\XpsPrint.dll
2011-07-10 15:31 . 2011-03-12 11:23	870912	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-07-10 15:30 . 2011-01-17 11:09	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2011-07-10 15:30 . 2011-01-17 05:47	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2011-07-10 15:30 . 2010-11-20 13:26	321024	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-07-10 15:30 . 2010-11-20 12:18	219136	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2011-07-10 15:29 . 2011-02-24 06:15	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-07-10 15:29 . 2011-02-24 05:38	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-07-10 15:29 . 2011-04-22 22:15	27520	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-07-10 15:29 . 2011-02-18 10:51	31232	----a-w-	c:\windows\system32\prevhost.exe
2011-07-10 15:29 . 2011-02-18 05:39	31232	----a-w-	c:\windows\SysWow64\prevhost.exe
2011-07-10 15:27 . 2011-07-10 15:27	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-07-10 15:27 . 2011-07-10 15:27	--------	d-----w-	c:\program files (x86)\Java
2011-07-10 15:25 . 2011-07-10 15:25	--------	d-----w-	c:\windows\SysWow64\Adobe
2011-07-10 15:24 . 2011-07-10 15:24	--------	d-----w-	c:\users\Rainer\AppData\Local\WindowsUpdate
2011-07-10 15:19 . 2011-07-10 15:19	--------	d-----w-	c:\users\Rainer\AppData\Local\Secunia PSI
2011-07-10 15:19 . 2011-07-10 15:19	--------	d-----w-	c:\program files (x86)\Secunia
2011-07-10 15:16 . 2011-07-10 15:16	--------	d-----w-	c:\users\Rainer\AppData\Local\AskToolbar
2011-07-10 15:16 . 2011-07-10 15:16	--------	d-----w-	c:\program files (x86)\Ask.com
2011-07-10 15:11 . 2011-07-10 15:14	88288	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-10 15:11 . 2011-07-10 15:14	123784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-07-10 15:11 . 2011-07-10 15:16	--------	d-----w-	c:\programdata\Avira
2011-07-10 15:11 . 2011-07-10 15:11	--------	d-----w-	c:\program files (x86)\Avira
2011-07-09 16:55 . 2011-07-21 18:31	--------	d-----w-	c:\users\Rainero
2011-07-08 19:19 . 2011-07-08 19:19	43002	----a-w-	C:\cc_20110708_211934.reg
2011-07-08 19:16 . 2011-07-08 19:16	--------	d-----w-	c:\program files\CCleaner
2011-07-08 17:47 . 2011-07-08 17:47	--------	d-----w-	c:\users\Rainer\AppData\Roaming\Malwarebytes
2011-07-08 17:47 . 2011-05-29 07:11	39984	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-08 17:47 . 2011-07-08 17:47	--------	d-----w-	c:\programdata\Malwarebytes
2011-07-08 17:46 . 2011-07-08 17:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-08 17:46 . 2011-05-29 07:11	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-08 16:31 . 2011-06-07 17:10	8873296	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CA13543-2C21-4762-B278-1D9A4B75FA81}\mpengine.dll
2011-06-29 04:20 . 2011-05-24 11:42	404480	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-06-29 04:20 . 2011-05-24 10:40	64512	----a-w-	c:\windows\SysWow64\devobj.dll
2011-06-29 04:20 . 2011-05-24 10:40	44544	----a-w-	c:\windows\SysWow64\devrtl.dll
2011-06-29 04:20 . 2011-05-24 10:39	145920	----a-w-	c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 04:20 . 2011-05-24 10:37	252928	----a-w-	c:\windows\SysWow64\drvinst.exe
2011-06-29 04:20 . 2010-11-20 13:25	207872	----a-w-	c:\windows\system32\cfgmgr32.dll
2011-06-25 17:27 . 2011-06-25 17:27	--------	d-----r-	c:\users\Rainer\AppData\Roaming\Brother
2011-06-25 16:31 . 2010-11-20 13:33	95616	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2011-06-25 16:30 . 2010-11-20 13:27	524288	----a-w-	c:\windows\system32\wmicmiplugin.dll
2011-06-25 16:30 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2011-06-25 16:30 . 2010-11-20 13:27	1225216	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2011-06-25 16:30 . 2010-11-20 13:27	933376	----a-w-	c:\windows\system32\SmiEngine.dll
2011-06-25 16:30 . 2010-11-20 13:25	199168	----a-w-	c:\windows\system32\PkgMgr.exe
2011-06-25 16:30 . 2010-11-20 13:26	422912	----a-w-	c:\windows\system32\drvstore.dll
2011-06-25 16:30 . 2010-11-20 13:26	399872	----a-w-	c:\windows\system32\dpx.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 16:29 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-07-10 16:29 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-07-10 15:27 . 2011-02-03 08:10	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-07-10 15:25 . 2011-06-16 18:41	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 18:17	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-05-28 03:30 . 2011-06-16 18:45	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-06-16 18:45	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2010-02-10 18:24	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-05-03 05:29 . 2011-06-16 18:45	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-16 18:45	741376	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06 . 2011-06-16 18:45	467456	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-16 18:45	410112	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-16 18:45	168448	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:40 . 2011-06-16 18:45	158208	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 02:39 . 2011-06-16 18:45	289280	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:39 . 2011-06-16 18:45	128000	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-25 05:33 . 2011-06-16 18:45	1923968	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:34 . 2011-06-16 18:45	499200	----a-w-	c:\windows\system32\drivers\afd.sys
2011-04-22 22:08 . 2011-06-16 18:45	1188864	----a-w-	c:\windows\system32\wininet.dll
2011-04-22 19:10 . 2011-06-16 18:45	981504	----a-w-	c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-09 05:13	1493160	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-09 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05	40496	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\Rainer\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-03-21 79872]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-02-09 156968]
"CLMLServer"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-02-09 202024]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-09 397992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-10 428200]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 CLHNService;CLHNService;c:\program files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 CyberLink Media Server Monitor Service;CyberLink Media Server Monitor Service;c:\program files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe [2008-12-24 58664]
S2 CyberLink Media Server Service;CyberLink Media Server Service;c:\program files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-12-24 288120]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [x]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [x]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - gdwfpcd
*Deregistered* - pctESPInject
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 19:18]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 19:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05	51248	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.t-online.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://acer-de.custhelp.com/euf/assets/activex/snret.cab
FF - ProfilePath - c:\users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\2qrv9kpk.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Avira SearchFree Toolbar plus WebGuard: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-07-21  20:34:20
ComboFix-quarantined-files.txt  2011-07-21 18:34
.
Vor Suchlauf: 24 Verzeichnis(se), 326.809.153.536 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 326.913.187.840 Bytes frei
.
- - End Of File - - 46870A40E801EE372240A4CE81792D59
         
--- --- ---

Alt 21.07.2011, 20:59   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Zitat:
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
Ist das noch installiert? Wenn ja ungehend deinstallieren und die Windows-Firewall nutzen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.07.2011, 17:35   #13
Rainer001
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Ok, hab ich deinstalliert und die Windowsfirewall an.

Alt 25.07.2011, 11:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.07.2011, 21:19   #15
Rainer001
 
Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Standard

Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung



Hi,
hab das log angehängt;
Angehängte Dateien
Dateityp: txt aswMBR.txt (1,5 KB, 157x aufgerufen)

Antwort

Themen zu Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung
64-bit, 7-zip, alternate, antivirus, autorun, bildschirm schwarz, c:\windows\system32\rundll32.exe, disabletaskmgr, excel, festplattenmeldung, flash player, google chrome, google earth, h.264/mpeg-4, locker, microsoft office word, mywinlocker, nvidia update, pum.hijack.displayproperties, pum.hijack.taskmanager, security scan, start menu, syswow64, trojan.agent, trojan.fakealert, video converter, webcheck



Ähnliche Themen: Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung


  1. Problem mit Bild, Bildschirm oft schwarz !
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (5)
  2. windows7 bildschirm schwarz
    Alles rund um Windows - 12.12.2013 (16)
  3. TFT-Bildschirm immer länger schwarz
    Netzwerk und Hardware - 08.08.2013 (7)
  4. Trojan.Dropper & Trojan.FakeAlert & Trojan.Downloader
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (17)
  5. Trojan.Phex.THAGen6, RootKit.0Access, Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  6. Bildschirm schwarz
    Alles rund um Windows - 09.05.2012 (1)
  7. Trojan.FakeAlert
    Log-Analyse und Auswertung - 05.01.2012 (26)
  8. Wie entferne ich Trojan.Banker, Trojan.FakeAlert? C ist (angeblich) leer
    Log-Analyse und Auswertung - 10.10.2011 (5)
  9. FakeAlert! gbr Trojan!
    Plagegeister aller Art und deren Bekämpfung - 10.06.2011 (1)
  10. Fakealert-REP Trojan
    Log-Analyse und Auswertung - 05.06.2011 (36)
  11. Fakealert-REP Trojan
    Log-Analyse und Auswertung - 24.05.2011 (25)
  12. Bildschirm bleibt schwarz
    Alles rund um Windows - 07.02.2011 (4)
  13. Bildschirm bleibt schwarz PC piept
    Netzwerk und Hardware - 10.01.2011 (9)
  14. Malewarebytes meldet 2 verschiedene Trojaner (Trojan.Downloader und Trojan.FakeAlert)
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (0)
  15. Trojan Fraudpack, Trojan.Fakealert und tr/renos.ewc.11
    Plagegeister aller Art und deren Bekämpfung - 19.06.2010 (11)
  16. iebho.dll (Trojan.FakeAlert, Trojan.BHO.H) lassen sich nicht entfernen
    Log-Analyse und Auswertung - 06.03.2010 (17)
  17. Trojan.FakeAlert und Trojan.Downloader
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (3)

Zum Thema Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung - Hallo, ich denke ich habe das gleiche Problem wie bereits hier gepostet: http://www.trojaner-board.de/100999-...estplatte.html Malwarebytes und unhide habe ich ausgeführt. Ich hoffe ihr könnt mir noch weiter helfen und ich habe - Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung...
Archiv
Du betrachtest: Trojan.fakeAlert - Bildschirm schwarz, Festplattenmeldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.