Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: System Fix Virus eingefangen!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.12.2011, 19:02   #1
bluehouseman
 
System Fix Virus eingefangen! - Standard

System Fix Virus eingefangen!



Hallo Leute hab mir anscheinend den "System Fix" Virus eingefangen, hab auf dem Desktop nur noch den Papierkorb, alles andere ist verschwunden!

Habe Windows 7

Habe otl runtergeladen:

OTL logfile created on: 06.12.2011 18:37:59 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,13% Memory free
8,00 Gb Paging File | 6,03 Gb Available in Paging File | 75,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 8,21 Gb Free Space | 7,05% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 261,44 Gb Free Space | 78,12% Space Free | Partition Type: NTFS

Computer Name: BLUEHOUSEMAN-PC | User Name: bluehouseman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\GlgkCclOFMZIGS.exe ()
PRC - C:\ProgramData\jLwqhukCQlnQiQ.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Windows\SysWOW64\attrib.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\GlgkCclOFMZIGS.exe ()
MOD - C:\ProgramData\jLwqhukCQlnQiQ.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\9b8dcad25a3be7d4a3f3b8b384f3190a\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AllShare) -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (TVService) -- C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe (Team MediaPortal)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=3214b6e0-0891-11e1-8b1d-e0cb4e49dc61&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.22 11:09:04 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.06 17:06:00 | 000,000,000 | -H-D | M]

[2011.07.04 17:48:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\bluehouseman\AppData\Roaming\mozilla\Extensions
[2011.08.20 13:20:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\bluehouseman\AppData\Roaming\mozilla\Firefox\Profiles\cj9asfco.default\extensions
[2011.07.04 18:32:11 | 000,000,000 | -H-D | M] (PriceGong) -- C:\Users\bluehouseman\AppData\Roaming\mozilla\Firefox\Profiles\cj9asfco.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2011.08.20 13:20:11 | 000,000,000 | -H-D | M] (Sopcast Ask Toolbar) -- C:\Users\bluehouseman\AppData\Roaming\mozilla\Firefox\Profiles\cj9asfco.default\extensions\toolbar@ask.com
[2011.05.17 12:12:44 | 000,002,333 | -H-- | M] () -- C:\Users\bluehouseman\AppData\Roaming\Mozilla\Firefox\Profiles\cj9asfco.default\searchplugins\askcom.xml
[2011.07.11 19:04:02 | 000,000,633 | -H-- | M] () -- C:\Users\bluehouseman\AppData\Roaming\Mozilla\Firefox\Profiles\cj9asfco.default\searchplugins\startsear.xml
[2011.07.04 17:47:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.16 05:32:37 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 10:14:54 | 000,083,456 | -H-- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.07.11 22:48:12 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.01 09:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=3214b6e0-0891-11e1-8b1d-e0cb4e49dc61&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [jLwqhukCQlnQiQ.exe] C:\ProgramData\jLwqhukCQlnQiQ.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [RegistryMonitor1] C:\Windows\system32\qtplugin.exe File not found
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKCU..\Run: [{10566A2C-2AD3-82F6-69A3-4F64AE0B3E28}] C:\Users\bluehouseman\AppData\Roaming\Izexi\ykyd.exe File not found
O4 - HKCU..\Run: [PynRvjvh] C:\Program Files (x86)\MVxvCewS¾…šœËpynrvjvh.exe\pynrvjvh.exe File not found
O4 - Startup: C:\Users\bluehouseman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\bluehouseman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\bluehouseman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97BF6A5F-6810-4475-B8A3-0A2C17BC9B96}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA03E0E7-D0CE-468A-AC65-9F1A28E84A7B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files (x86)\MVxvCewS¾…šœËpynrvjvh.exe\pynrvjvh.exe) -C:\Program Files (x86)\MVxvCewS¾…šœËpynrvjvh.exe\pynrvjvh.exe File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1da514c0-b2d2-11e0-9207-e0cb4e49dc61}\Shell - "" = AutoRun
O33 - MountPoints2\{1da514c0-b2d2-11e0-9207-e0cb4e49dc61}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{2632499b-1027-11df-9691-e0cb4e49dc61}\Shell - "" = AutoRun
O33 - MountPoints2\{2632499b-1027-11df-9691-e0cb4e49dc61}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5b1c0bc8-c9ca-11e0-a0d1-e0cb4e49dc61}\Shell - "" = AutoRun
O33 - MountPoints2\{5b1c0bc8-c9ca-11e0-a0d1-e0cb4e49dc61}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{c0e8a4a8-57f9-11e0-85af-e0cb4e49dc61}\Shell - "" = AutoRun
O33 - MountPoints2\{c0e8a4a8-57f9-11e0-85af-e0cb4e49dc61}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e976eba1-2462-11df-9715-e0cb4e49dc61}\Shell - "" = AutoRun
O33 - MountPoints2\{e976eba1-2462-11df-9715-e0cb4e49dc61}\Shell\AutoRun\command - "" = I:\start.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.12.05 20:17:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011.12.05 18:36:05 | 000,000,000 | -H-D | C] -- C:\Users\bluehouseman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011.11.27 18:39:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2011.12.06 18:47:19 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 18:47:19 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 18:42:50 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.06 18:42:50 | 000,700,592 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.06 18:42:50 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.06 18:42:50 | 000,149,356 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.06 18:42:50 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.06 18:35:26 | 000,001,118 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.06 18:34:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.06 18:34:38 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.06 07:06:02 | 000,001,122 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.05 20:17:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011.12.05 18:36:06 | 000,000,651 | -H-- | M] () -- C:\Users\bluehouseman\Desktop\System Fix.lnk
[2011.12.05 18:36:06 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~GlgkCclOFMZIGS
[2011.12.05 18:36:06 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~GlgkCclOFMZIGSr
[2011.12.05 18:35:46 | 000,000,336 | -H-- | M] () -- C:\ProgramData\GlgkCclOFMZIGS
[2011.12.05 18:35:05 | 000,370,688 | -H-- | M] () -- C:\ProgramData\GlgkCclOFMZIGS.exe
[2011.12.05 18:33:54 | 000,002,074 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.12.05 18:25:48 | 000,461,824 | -HS- | M] () -- C:\ProgramData\jLwqhukCQlnQiQ.exe
[2011.12.05 16:36:28 | 000,013,379 | -H-- | M] () -- C:\Users\bluehouseman\Desktop\ddddddddd
[2011.11.27 18:34:43 | 000,473,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.24 19:14:11 | 000,003,928 | -H-- | M] () -- C:\Users\bluehouseman\Desktop\v70iv8488d27rg4.dlc
[2011.11.19 18:16:47 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

========== Files Created - No Company Name ==========

[2011.12.05 18:36:06 | 000,000,651 | -H-- | C] () -- C:\Users\bluehouseman\Desktop\System Fix.lnk
[2011.12.05 18:36:06 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~GlgkCclOFMZIGS
[2011.12.05 18:36:06 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~GlgkCclOFMZIGSr
[2011.12.05 18:35:46 | 000,000,336 | -H-- | C] () -- C:\ProgramData\GlgkCclOFMZIGS
[2011.12.05 18:35:05 | 000,370,688 | -H-- | C] () -- C:\ProgramData\GlgkCclOFMZIGS.exe
[2011.12.05 18:29:26 | 000,461,824 | -HS- | C] () -- C:\ProgramData\jLwqhukCQlnQiQ.exe
[2011.12.05 16:36:28 | 000,013,379 | -H-- | C] () -- C:\Users\bluehouseman\Desktop\ddddddddd
[2011.11.24 19:14:17 | 000,003,928 | -H-- | C] () -- C:\Users\bluehouseman\Desktop\v70iv8488d27rg4.dlc
[2011.10.01 02:36:03 | 000,000,000 | -H-- | C] () -- C:\Users\bluehouseman\AppData\Local\{DC9CEB66-62F2-4084-B3EB-DC092FDC8889}
[2011.07.04 17:47:55 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011.04.16 16:31:53 | 000,184,625 | -H-- | C] () -- C:\Windows\hpoins46.dat
[2011.04.16 16:31:53 | 000,000,532 | -H-- | C] () -- C:\Windows\hpomdl46.dat
[2010.12.21 17:12:51 | 000,000,020 | -H-- | C] () -- C:\Users\bluehouseman\AppData\Roaming\abpzlw.dat
[2010.12.21 17:12:46 | 000,000,004 | -H-- | C] () -- C:\Users\bluehouseman\AppData\Roaming\avdrn.dat
[2010.08.12 15:49:57 | 000,172,552 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.02.28 17:54:34 | 001,599,834 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.18 16:35:18 | 000,042,483 | -H-- | C] () -- C:\Windows\ICCCODES.DAT
[2010.02.18 16:35:18 | 000,039,095 | -H-- | C] () -- C:\Windows\Iccsigs.dat
[2010.02.18 16:35:18 | 000,000,156 | -H-- | C] () -- C:\Windows\KPCMS.INI
[2010.02.18 15:54:23 | 000,210,944 | -H-- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2009.12.21 20:42:44 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009.12.21 20:25:16 | 000,131,368 | -H-- | C] () -- C:\ProgramData\FullRemove.exe
[2009.10.26 04:38:20 | 000,000,176 | -H-- | C] () -- C:\Windows\explorer.exe.config
[2009.08.19 09:33:09 | 000,018,432 | -H-- | C] () -- C:\Windows\OOBEPlayer.exe
[2009.08.19 09:33:09 | 000,000,035 | -H-- | C] () -- C:\Windows\OOBEPlayer.ini
[2009.07.29 06:20:40 | 000,000,010 | -H-- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.09 13:44:42 | 000,108,066 | RH-- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2006.05.19 04:39:57 | 000,015,497 | -H-- | C] () -- C:\Windows\snp2uvc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8

< End of report >

___________________________________

Hoff ihr könnt mir helfen...

Alt 06.12.2011, 19:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Fix Virus eingefangen! - Standard

System Fix Virus eingefangen!



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 06.12.2011, 21:47   #3
bluehouseman
 
System Fix Virus eingefangen! - Standard

System Fix Virus eingefangen!



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8323

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.12.2011 21:44:51
mbam-log-2011-12-06 (21-44-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|)
Durchsuchte Objekte: 487278
Laufzeit: 1 Stunde(n), 47 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{10566A2C-2AD3-82F6-69A3-4F64AE0B3E28} (Trojan.ZbotR.Gen) -> Value: {10566A2C-2AD3-82F6-69A3-4F64AE0B3E28} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegistryMonitor1 (Trojan.Agent) -> Value: RegistryMonitor1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\RegistryMonitor2 (Malware.Trace) -> Value: RegistryMonitor2 -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> No action taken.
c:\Windows\System32\winrar v.3.90 final\FFF\Keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\Windows\SysWOW64\winrar v.3.90 final\FFF\Keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\bluehouseman\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.
c:\Users\bluehouseman\AppData\Roaming\abpzlw.dat (Malware.Trace) -> No action taken.
__________________

Alt 07.12.2011, 12:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Fix Virus eingefangen! - Standard

System Fix Virus eingefangen!



Zitat:
c:\Windows\System32\winrar v.3.90 final\FFF\Keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\Windows\SysWOW64\winrar v.3.90 final\FFF\Keygen.exe (Trojan.Agent.CK) -> No action taken.


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu System Fix Virus eingefangen!
alternate, antivir, avira, bho, bonjour, converter, desktop, disabletaskmgr, excel, explorer, firefox, format, gfnexsrv.exe, google earth, helper, home, logfile, mp3, msvcrt, nvidia, pdf, plug-in, realtek, registry, scan, sched.exe, security, server, software, system, system fix virus, version=1.0, virus, vodafone, webcheck, windows



Ähnliche Themen: System Fix Virus eingefangen!


  1. Veränderungen am System - Virus eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 25.01.2014 (11)
  2. virus eingefangen durch Advanced System Projector von Systweak
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (22)
  3. System Care Antivirus eingefangen
    Log-Analyse und Auswertung - 21.06.2013 (10)
  4. System Care Antivirus eingefangen
    Log-Analyse und Auswertung - 11.06.2013 (14)
  5. System Care Antivirus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (3)
  6. Hab mir System Progressiv Scan eingefangen
    Log-Analyse und Auswertung - 12.01.2013 (1)
  7. BKA Trojaner eingefangen; System blockiert;
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (6)
  8. Virus eingefangen, System blockiert, Deutschlandflagge, 50€
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (5)
  9. System Check Virus + Gema Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (32)
  10. "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?
    Log-Analyse und Auswertung - 27.03.2012 (34)
  11. System-Check Virus eingefangen
    Log-Analyse und Auswertung - 15.02.2012 (6)
  12. System Check Virus eingefangen und ich komme nicht weiter
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (5)
  13. [doppelt] GEMA Virus nach XP-Security-Entfernung auf unsicherem System eingefangen.
    Mülltonne - 02.02.2012 (2)
  14. "System Fix" Virus Windows eingefangen - brauche Hilfe
    Log-Analyse und Auswertung - 26.01.2012 (26)
  15. System Fix eingefangen, Windows 7, 32 bit
    Plagegeister aller Art und deren Bekämpfung - 27.11.2011 (6)
  16. Ebenfalls System Fix eingefangen, Windoof 7 64
    Plagegeister aller Art und deren Bekämpfung - 25.11.2011 (7)
  17. *System Tool* eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (5)

Zum Thema System Fix Virus eingefangen! - Hallo Leute hab mir anscheinend den "System Fix" Virus eingefangen, hab auf dem Desktop nur noch den Papierkorb, alles andere ist verschwunden! Habe Windows 7 Habe otl runtergeladen: OTL logfile - System Fix Virus eingefangen!...
Archiv
Du betrachtest: System Fix Virus eingefangen! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.