Trojaner-Board - 5O euro Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - 5O euro Trojaner (https://www.trojaner-board.de/111349-5o-euro-trojaner.html)

5O euro Trojaner

Guten Tag habe mir heute Morgen diesen 50ig Euro Trojaner eingefangen, der Angeblich von Avira und Kapersky ist und den Computer sperrt wegen Sicherheitgefährdenter Internetseiten die besucht wurden..

Hab jetzt mal Hijackthis durchlaufen lassen.

Genau wie Malewarebytes.

IM Systemstart hatten sich zwei Programme eingeschlichen! Einmal eine Skype exe, die ich gleich gelöscht habe.
Das andere Programm hat Chinesische Schriftzeichen, auch der Ort ist in Chinesisch so das ich nicht weis wo genau es liegt...

Nunja ich hänge jetzt mal die Logfiles an:

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:27:42, on 12.03.2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\mobsync.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\aol\aol toolbar 4.0\AolTbServer.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Heiko\Downloads\HiJackThis204.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 115.108.177.230:1080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1189262390\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe
 

--

End of file - 9119 bytes

Erstes Malewarebytes Log mit funden:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.12.04
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Heiko :: HEIKO-PC [Administrator]
 

Schutz: Aktiviert
 

12.03.2012 17:48:37

mbam-log-2012-03-12 (17-48-37).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 175212

Laufzeit: 7 Minute(n), 45 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 9

HKCU\SOFTWARE\MSupdate (Backdoor.CEP) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\MSupdate (Backdoor.CEP) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 1

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Zweites LOG ohne Funde:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.12.04
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Heiko :: HEIKO-PC [Administrator]
 

Schutz: Aktiviert
 

12.03.2012 18:09:16

mbam-log-2012-03-12 (18-09-16).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 175495

Laufzeit: 8 Minute(n), 49 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Habe das alles ohne dieses Bord durchgeführt, da ich es nicht kannte...
Wollte jetzt mal wissen ob alles wieder sauber ist, oder ich weitere Schritte erledigen muss?

gruß reggie

Hier mal ein Screenshot, der im Systemstart befindlichen programme, das Skype habe ich bereits gelöscht...
http://img6.imagebanana.com/img/5tla...ystemstart.jpg

Zudem hatten sich zur gleichen Urzeit als mein Pc gesperrt wurde einige Programme erstellt, die ich sofort gelöscht habe.
Anbei ein Screenshot davon:

http://img6.imagebanana.com/img/e00vbz03/HeavyW.jpg

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hier erstmal das Malewarebytes Log, vorherige habe ich ja oben schon gepostet!

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.12.05
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Heiko :: HEIKO-PC [Administrator]
 

Schutz: Aktiviert
 

12.03.2012 20:25:44

mbam-log-2012-03-12 (20-25-44).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 176028

Laufzeit: 7 Minute(n), 47 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

So jetzt mache ich das mit dem eset!

Du solltest einen Vollscan mti Malwarebytes machen und keinen Quickscan!

Sorry nochmal Malwarebytes

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.12.05
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Heiko :: HEIKO-PC [Administrator]
 

Schutz: Aktiviert
 

12.03.2012 22:34:29

mbam-log-2012-03-12 (22-34-29).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 311621

Laufzeit: 1 Stunde(n), 2 Minute(n), 50 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Dann ESET, da wurde was gefunden!

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=32186a663c6ffd4f922973b38a60cb57

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-12 09:33:10

# local_time=2012-03-12 10:33:10 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 12972637 12972637 0 0

# compatibility_mode=5892 16776573 100 100 13628 169114303 0 0

# compatibility_mode=8192 67108863 100 0 4941 4941 0 0

# scanned=162121

# found=3

# cleaned=0

# scan_time=6414

C:\Program Files\FoxTabAVIConverter\AviConverter.exe        a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Heiko\AppData\Local\Temp\Main.class        Java/TrojanDownloader.Agent.NDQ trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Heiko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5440888e-4b461876        Java/Agent.EE trojan (unable to clean)        00000000000000000000000000000000        I

Hab schonmal OTL drüberlaufen lassen:

Code:

OTL logfile created on: 13.03.2012 10:30:50 - Run 1

OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\*****\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

893,77 Mb Total Physical Memory | 239,13 Mb Available Physical Memory | 26,76% Memory free

2,16 Gb Paging File | 0,47 Gb Available in Paging File | 21,68% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 113,20 Gb Total Space | 24,33 Gb Free Space | 21,49% Space Free | Partition Type: NTFS

Drive D: | 112,85 Gb Total Space | 6,22 Gb Free Space | 5,52% Space Free | Partition Type: NTFS

Drive J: | 3,73 Gb Total Space | 1,24 Gb Free Space | 33,14% Space Free | Partition Type: FAT32

 

Computer Name: ***** | User Name: ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)

PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)

PRC - c:\Programme\AOL\AOL Toolbar 4.0\AolTbServer.exe (AOL LLC)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

PRC - C:\Windows\System32\SysMonitor.exe ()

PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)

PRC - C:\Programme\Common Files\aol\1189262390\ee\aolsoftware.exe (America Online, Inc.)

PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)

PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

PRC - C:\Windows\wanmpsvc.exe (America Online, Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - c:\Programme\AOL\AOL Toolbar 4.0\apopup.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()

MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()

MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - C:\Windows\System32\SysMonitor.exe ()

MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()

MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()

MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()

MOD - C:\Windows\System32\ShowErrMsg.dll ()

MOD - C:\Programme\ICQLite\ICQLiteShell.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)

SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)

SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\Windows\wanmpsvc.exe (America Online, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) --  File not found

DRV - (NwlnkFlt) --  File not found

DRV - (IpInIp) --  File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)

DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)

DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)

DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)

DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)

DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)

DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)

DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)

DRV - (StkTMini) -- C:\Windows\System32\drivers\StkTMini.sys (Syntek)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)

DRV - (ZD1211U(WLAN)) WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)

DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)

DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 115.108.177.230:1080

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.09 09:10:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 13:07:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.23 08:00:19 | 000,000,000 | ---D | M]

 

[2009.01.12 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Extensions

[2012.02.01 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions

[2009.09.16 12:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.02.01 19:04:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.02.23 07:51:35 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml

[2009.06.01 18:29:41 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml

[2009.08.25 19:40:49 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml

[2009.11.08 17:14:11 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml

[2009.11.27 21:11:32 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml

[2009.12.18 13:24:03 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml

[2010.01.06 19:01:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml

[2010.02.18 20:07:52 | 000,000,961 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml

[2010.03.11 20:53:37 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml

[2010.03.23 20:20:17 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml

[2010.04.03 22:19:05 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml

[2007.10.28 12:52:31 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml

[2010.06.24 20:28:21 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml

[2010.06.28 16:39:24 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml

[2010.07.24 16:18:14 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml

[2010.07.26 19:02:40 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml

[2010.09.09 17:13:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml

[2010.09.16 19:11:59 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml

[2010.10.24 08:51:32 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml

[2010.10.30 10:12:17 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml

[2011.01.02 14:42:46 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml

[2011.03.10 21:06:58 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml

[2007.11.24 12:18:49 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml

[2008.04.16 19:19:24 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml

[2008.04.17 08:21:05 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml

[2008.12.23 20:02:07 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml

[2009.01.12 12:25:55 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml

[2009.01.12 12:46:16 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml

[2009.02.05 10:26:28 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml

[2009.06.07 13:21:06 | 000,000,944 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml

[2012.02.17 12:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.06.11 10:52:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.02.02 13:07:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll

[2012.02.02 13:07:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.02 13:07:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.02 13:07:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.02 13:07:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.02 13:07:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.02 13:07:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.12.21 11:13:20 | 000,430,000 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1        babe.the-killer.bz

O1 - Hosts: 127.0.0.1        www.babe.the-killer.bz

O1 - Hosts: 127.0.0.1        babe.k-lined.com

O1 - Hosts: 127.0.0.1        www.babe.k-lined.com

O1 - Hosts: 127.0.0.1        did.i-used.cc

O1 - Hosts: 127.0.0.1        www.did.i-used.cc

O1 - Hosts: 127.0.0.1        coolwwwsearch.com

O1 - Hosts: 127.0.0.1        www.coolwwwsearch.com

O1 - Hosts: 127.0.0.1        coolwebsearch.com

O1 - Hosts: 127.0.0.1        www.coolwebsearch.com

O1 - Hosts: 127.0.0.1        hi.studioaperto.net

O1 - Hosts: 127.0.0.1        www.hi.studioaperto.net

O1 - Hosts: 127.0.0.1        wazzupnet.com

O1 - Hosts: 127.0.0.1        www.wazzupnet.com

O1 - Hosts: 127.0.0.1        gueb.com

O1 - Hosts: 127.0.0.1        www.gueb.com

O1 - Hosts: 127.0.0.1        kabex.com

O1 - Hosts: 127.0.0.1        www.kabex.com

O1 - Hosts: 127.0.0.1        hityou.com

O1 - Hosts: 127.0.0.1        www.hityou.com

O1 - Hosts: 127.0.0.1        miosearch.com

O1 - Hosts: 127.0.0.1        www.miosearch.com

O1 - Hosts: 127.0.0.1        blue-elefant.com

O1 - Hosts: 14814 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Tour]  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1189262390\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [捁牥吠畯r]  File not found

O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6B5357-A9D8-4C32-84DC-42ABD529A336}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A1050BE-A6CF-481B-BE23-A0A8E208FAFA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50BB292F-60ED-4692-A710-424913D3F639}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2DEC78-CAD0-46D4-A487-F50F0959DFBA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6A2FB18-98AD-4E0F-9662-5F975372D5FB}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFA4E1FF-BFBB-4316-A7ED-DB5B3C572165}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\*****\Desktop\DSC00303.JPG

O24 - Desktop BackupWallPaper: C:\Users\*****\Desktop\DSC00303.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell - "" = AutoRun

O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell\AutoRun\command - "" = J:\Startme.exe

O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell - "" = AutoRun

O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.13 00:06:48 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe

[2012.03.12 20:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.03.12 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes

[2012.03.12 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.12 17:37:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.12 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.03.12 17:36:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe

[2012.02.27 11:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.02.23 07:55:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.02.17 03:01:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.02.17 03:01:26 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.02.17 03:01:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.02.17 03:01:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.02.17 03:01:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.02.17 03:01:18 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.02.16 09:45:06 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.13 10:01:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.13 10:01:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.13 00:06:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe

[2012.03.12 18:26:25 | 000,204,800 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.12 18:01:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.12 18:01:06 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.12 17:46:30 | 000,002,078 | ---- | M] () -- C:\Users\*****\Documents\cc_20120312_174619.reg

[2012.03.12 17:37:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.12 17:34:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe

[2012.03.12 13:36:37 | 000,000,680 | ---- | M] () -- C:\Users\*****\AppData\Local\d3d9caps.dat

[2012.03.12 13:34:13 | 000,002,228 | ---- | M] () -- C:\Users\*****\Documents\cc_20120312_133407.reg

[2012.03.06 00:00:35 | 000,000,104 | ---- | M] () -- C:\Users\*****\Desktop\Papierkorb - Verknüpfung.lnk

[2012.03.03 22:39:37 | 000,432,883 | ---- | M] () -- C:\Users\*****\Documents\todesminen.pdf

[2012.03.02 22:12:22 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.02 22:12:22 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.02 22:12:22 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.02 22:12:22 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.27 14:39:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.02.27 11:50:20 | 000,257,668 | ---- | M] () -- C:\Users\*****\Documents\cc_20120227_114646.reg

[2012.02.27 11:36:20 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.02.23 10:56:05 | 000,000,407 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Checksum.ini

[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2012.02.23 08:00:19 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.02.23 07:48:48 | 000,000,152 | ---- | M] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta

[2012.02.17 03:24:38 | 000,270,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.02.15 19:57:52 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.12 17:46:23 | 000,002,078 | ---- | C] () -- C:\Users\*****\Documents\cc_20120312_174619.reg

[2012.03.12 17:41:03 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys

[2012.03.12 17:37:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.12 13:36:37 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat

[2012.03.12 13:34:11 | 000,002,228 | ---- | C] () -- C:\Users\*****\Documents\cc_20120312_133407.reg

[2012.03.06 00:00:35 | 000,000,104 | ---- | C] () -- C:\Users\*****\Desktop\Papierkorb - Verknüpfung.lnk

[2012.03.03 22:39:36 | 000,432,883 | ---- | C] () -- C:\Users\*****\Documents\todesminen.pdf

[2012.02.27 11:46:52 | 000,257,668 | ---- | C] () -- C:\Users\*****\Documents\cc_20120227_114646.reg

[2012.02.27 11:36:20 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.02.23 10:11:49 | 000,000,407 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Checksum.ini

[2012.02.23 08:00:19 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.02.23 08:00:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.02.23 07:46:36 | 000,000,152 | ---- | C] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta

[2011.10.30 21:15:03 | 000,001,059 | ---- | C] () -- C:\Users\*****\AppData\Roaming\DVDSubEdit.ini

[2011.10.08 15:33:30 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini

[2011.03.27 16:28:44 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Roaming\FixVTS.ini

[2011.03.11 21:28:15 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011.03.11 21:28:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011.01.31 18:33:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011.01.31 17:25:07 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe

[2010.11.12 08:17:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

 
 ========== LOP Check ==========

 

[2012.02.11 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft

[2010.08.05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ

[2007.09.14 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQLite

[2011.02.03 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Local

[2011.08.15 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mkvtoolnix

[2011.08.06 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org

[2010.01.19 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems

[2012.03.12 17:59:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:59756FA4
 

< End of report >

Code:

OTL Extras logfile created on: 13.03.2012 10:30:50 - Run 1

OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\*****\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

893,77 Mb Total Physical Memory | 239,13 Mb Available Physical Memory | 26,76% Memory free

2,16 Gb Paging File | 0,47 Gb Available in Paging File | 21,68% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 113,20 Gb Total Space | 24,33 Gb Free Space | 21,49% Space Free | Partition Type: NTFS

Drive D: | 112,85 Gb Total Space | 6,22 Gb Free Space | 5,52% Space Free | Partition Type: NTFS

Drive J: | 3,73 Gb Total Space | 1,24 Gb Free Space | 33,14% Space Free | Partition Type: FAT32

 

Computer Name: ***** | User Name: ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{16151656-9479-4499-BCD3-9F6C1AD4342E}" = lport=445 | protocol=6 | dir=in | app=system | 

"{298DE6E7-3231-4C5A-A81D-DC5FDA973A93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{32E642EF-FB93-48F7-80B3-9E735281D31F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{48BDE921-305C-47C7-B4FF-B80D8745126C}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5BF891C3-24C6-4C71-898E-3ACB9BF5840F}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5D3F6CD5-180C-4F2E-896E-83FB24162273}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{8022DD7C-CE5D-426A-87DD-D4B2119CF848}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{91886A2E-1A55-43D5-BFC5-864A8A35B39E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{99FDF929-22EE-405C-B6DE-C619EC907504}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{ABF297D9-7B09-4D95-8770-D920326A13A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{AC453D09-D81F-45B8-A3EA-B32864A2B3AD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{B44180F7-47D3-4231-97CE-63B832AEA34A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D6435F4E-F006-4A42-9BE7-5C88E485B80A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{069F99BF-5BC6-4333-96CF-5189FD2A89B0}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 

"{0BA27B5E-C54E-4B55-9618-0FF7220DC2D1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 

"{0D8CAA3C-61EC-4F8B-84D6-0FF4F946314E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 

"{0E2D3D59-208A-4F74-8768-AEA828F96BFA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{189089C0-45BC-4C22-8E9B-99E7F58B7175}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 

"{19D9B808-F746-490F-9010-5883CE8F3010}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 

"{289CB4E1-815F-462B-BBF0-01C8B3A41583}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 

"{3BAD34E0-589E-477B-8533-C815F2FA2DE2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1189262390\ee\aolsoftware.exe | 

"{3FCE4DCC-281E-491C-A583-0B88E5219DE3}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe | 

"{44295C03-C6D0-4A29-8F22-49A8955B686A}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe | 

"{4A1B6788-0617-4474-B729-C3EEAADFBE41}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe | 

"{51FB9794-B409-4D6B-B010-D45ABFC64F7C}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\update.exe | 

"{57C2586C-D9DE-497E-8FCC-6F3205CF9C02}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 

"{5EB1AFD1-FD11-4B97-A213-5BB9CFFE55A8}" = protocol=6 | dir=in | app=c:\program files\common files\aolshare\sysinfo\sinf.exe | 

"{69B7054F-D4AD-446E-9B68-D554B3A1608B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 

"{7010D6F6-5DE2-449A-B50F-6049E4BDAC9E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 

"{74E03CB3-52EB-46E7-8A9E-A1C0E336C305}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe | 

"{818D0CC8-E5FA-44FD-8A36-7818D3ED063C}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe | 

"{851A7BF6-39F8-4166-9485-D3EFDE4BC411}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 

"{85FF2D39-4205-4B94-898B-B8E59BD28592}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 

"{8B878FED-2ADC-4CAC-88FD-0C851F0E4FE3}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe | 

"{8CFA3349-1CA8-4B62-AB71-3C92430D8F33}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 

"{929FC9C6-7FEF-4662-8A9E-6D4E50AC1E49}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 

"{93435471-75BE-41BE-86FA-2F6C73383396}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe | 

"{A157887B-BA1E-4497-B0A7-E222E8F96B68}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 

"{A6650730-BF1E-4DA8-92E8-2B39CB1BA187}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe | 

"{AED97BBD-4321-4309-85D2-D46B5763C9B3}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe | 

"{B36F4AFD-4062-439B-84C4-C02240E9F018}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 

"{B3A2DD6D-AFF4-444B-A593-11AB7A35892B}" = protocol=6 | dir=out | app=system | 

"{BB37C231-A786-47EA-8438-36A33C9A8792}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 

"{BD4E8989-BEDD-4249-85C2-4576D5255BFF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 

"{BFCCAF4B-933C-46A3-84AE-AA72E799E049}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\update.exe | 

"{BFFEBCDE-26F8-4811-B203-57C6349541F5}" = protocol=17 | dir=in | app=c:\program files\common files\aolshare\sysinfo\sinf.exe | 

"{C9A96EFA-49BD-4AC7-9C4D-A4465F16DC10}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe | 

"{D0C3F5EE-6AFC-42A4-BBE6-46AC0819FF87}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 

"{D2BE195C-11FC-47DE-BEDA-6D8F40D35AEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{D57FD54A-A2B4-471C-8482-BB6BEDAE0451}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{D75F59BE-0A40-4DA3-9D89-18A5C60DB45C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1189262390\ee\aolsoftware.exe | 

"{E06555F5-0FC7-4538-9BE3-3F21CCCFFD35}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 

"{E07A494A-2AA0-41AD-8F9A-28E4418E8846}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 

"{ECCFCF74-C86A-43FE-B2FB-30AC2969F788}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{F0A04DF1-63B0-484F-BB50-054AADCE47B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{F150FF19-3D43-475A-A3C2-D0DCA6414F4E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 

"{F1CCE602-48B7-47BC-ABD8-21B6CC8A7342}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 

"{F5BEA71C-8E7A-4B05-A227-FC86467E35CE}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 

"TCP Query User{13DDBAA0-1B59-4783-B578-EF34F5A49914}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{24335CC3-74DD-4ACC-BF8B-E4FF54FE7B86}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{07C542AB-7B93-49D7-828C-EB41F1261964}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{E27EEA51-3D30-4A90-B878-5F0E016A3D3B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 26

"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger

"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36

"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7

"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7

"{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003

"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{94F5A370-E9E0-E543-E33D-BB80C25967B9}" = ATI Catalyst Control Center Ex

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer Zone SoftDMA

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch

"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer Zone MakeDisk

"{B1914510-38B5-4835-83D8-A188073E542F}" = Cheetah Audio Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record

"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer Zone MagicDirector

"ActualCoach Bundesliga Manager_is1" = ActualCoach Bundesliga Manager 2.32

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AOL Deinstallation" = AOL Deinstallation

"AOL Installations-Manager" = AOL Installations-Manager

"AOL Toolbar 4.0" = 

"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner

"AVIedit 3.39" = AVIedit 3.39

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"Collab" = Collab

"DivX Setup" = DivX-Setup

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDFab" = DVDFab (remove only)

"ESET Online Scanner" = ESET Online Scanner v3

"ffdshow_is1" = ffdshow v1.1.3721 [2011-01-07]

"FL Studio 7" = FL Studio 7

"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.22.804

"ICQToolbar" = ICQ Toolbar

"IL Download Manager" = IL Download Manager

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)

"JDownloader" = JDownloader

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MKVtoolnix" = MKVtoolnix 4.9.0

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"MPEG AVI DVD Cutter 1" = MPEG AVI DVD Cutter 1

"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)

"Native Instruments Limelite Solo" = Native Instruments Limelite Solo

"StreetPlugin" = Learn2 Player (Uninstall Only)

"SubtitleCreator" = SubtitleCreator

"ViewpointMediaPlayer" = Viewpoint Media Player

"VobSub" = VobSub v2.23 (Remove Only)

"WinRAR archiver" = WinRAR

"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Yahoo! Toolbar" = Yahoo! Toolbar

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Vielen, vielen dank dass du mich meiner annimst! Werde ich gleich erledigen!!

:daumenhoc

So hier der OTL text:

Code:

OTL logfile created on: 13.03.2012 17:16:42 - Run 2

OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Heiko\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

893,77 Mb Total Physical Memory | 417,71 Mb Available Physical Memory | 46,74% Memory free

2,37 Gb Paging File | 0,96 Gb Available in Paging File | 40,26% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 113,20 Gb Total Space | 24,05 Gb Free Space | 21,25% Space Free | Partition Type: NTFS

Drive D: | 112,85 Gb Total Space | 6,22 Gb Free Space | 5,52% Space Free | Partition Type: NTFS

Drive J: | 3,73 Gb Total Space | 1,24 Gb Free Space | 33,14% Space Free | Partition Type: FAT32

 

Computer Name: ***** | User Name: Heiko | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Heiko\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)

PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

PRC - C:\Windows\System32\SysMonitor.exe ()

PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)

PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)

PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

PRC - C:\Windows\wanmpsvc.exe (America Online, Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()

MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()

MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()

MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - C:\Windows\System32\SysMonitor.exe ()

MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()

MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()

MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()

MOD - C:\Windows\System32\ShowErrMsg.dll ()

MOD - C:\Programme\ICQLite\ICQLiteShell.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)

SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)

SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\Windows\wanmpsvc.exe (America Online, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) --  File not found

DRV - (NwlnkFlt) --  File not found

DRV - (IpInIp) --  File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)

DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)

DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)

DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)

DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)

DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)

DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)

DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)

DRV - (StkTMini) -- C:\Windows\System32\drivers\StkTMini.sys (Syntek)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)

DRV - (ZD1211U(WLAN)) WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)

DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)

DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 115.108.177.230:1080

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.09 09:10:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 13:07:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.13 10:55:15 | 000,000,000 | ---D | M]

 

[2009.01.12 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Extensions

[2012.02.01 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions

[2009.09.16 12:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.02.01 19:04:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.02.23 07:51:35 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml

[2009.06.01 18:29:41 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml

[2009.08.25 19:40:49 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml

[2009.11.08 17:14:11 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml

[2009.11.27 21:11:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml

[2009.12.18 13:24:03 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml

[2010.01.06 19:01:48 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml

[2010.02.18 20:07:52 | 000,000,961 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml

[2010.03.11 20:53:37 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml

[2010.03.23 20:20:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml

[2010.04.03 22:19:05 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml

[2007.10.28 12:52:31 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml

[2010.06.24 20:28:21 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml

[2010.06.28 16:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml

[2010.07.24 16:18:14 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml

[2010.07.26 19:02:40 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml

[2010.09.09 17:13:36 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml

[2010.09.16 19:11:59 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml

[2010.10.24 08:51:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml

[2010.10.30 10:12:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml

[2011.01.02 14:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml

[2011.03.10 21:06:58 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml

[2007.11.24 12:18:49 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml

[2008.04.16 19:19:24 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml

[2008.04.17 08:21:05 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml

[2008.12.23 20:02:07 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml

[2009.01.12 12:25:55 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml

[2009.01.12 12:46:16 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml

[2009.02.05 10:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml

[2009.06.07 13:21:06 | 000,000,944 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml

[2012.02.17 12:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.06.11 10:52:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.02.02 13:07:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.02 13:07:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.02 13:07:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.02 13:07:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.02 13:07:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.02 13:07:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.02 13:07:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.12.21 11:13:20 | 000,430,000 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1        babe.the-killer.bz

O1 - Hosts: 127.0.0.1        www.babe.the-killer.bz

O1 - Hosts: 127.0.0.1        babe.k-lined.com

O1 - Hosts: 127.0.0.1        www.babe.k-lined.com

O1 - Hosts: 127.0.0.1        did.i-used.cc

O1 - Hosts: 127.0.0.1        www.did.i-used.cc

O1 - Hosts: 127.0.0.1        coolwwwsearch.com

O1 - Hosts: 127.0.0.1        www.coolwwwsearch.com

O1 - Hosts: 127.0.0.1        coolwebsearch.com

O1 - Hosts: 127.0.0.1        www.coolwebsearch.com

O1 - Hosts: 127.0.0.1        hi.studioaperto.net

O1 - Hosts: 127.0.0.1        www.hi.studioaperto.net

O1 - Hosts: 127.0.0.1        wazzupnet.com

O1 - Hosts: 127.0.0.1        www.wazzupnet.com

O1 - Hosts: 127.0.0.1        gueb.com

O1 - Hosts: 127.0.0.1        www.gueb.com

O1 - Hosts: 127.0.0.1        kabex.com

O1 - Hosts: 127.0.0.1        www.kabex.com

O1 - Hosts: 127.0.0.1        hityou.com

O1 - Hosts: 127.0.0.1        www.hityou.com

O1 - Hosts: 127.0.0.1        miosearch.com

O1 - Hosts: 127.0.0.1        www.miosearch.com

O1 - Hosts: 127.0.0.1        blue-elefant.com

O1 - Hosts: 14814 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Tour]  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1189262390\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [捁牥吠畯r]  File not found

O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6B5357-A9D8-4C32-84DC-42ABD529A336}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A1050BE-A6CF-481B-BE23-A0A8E208FAFA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50BB292F-60ED-4692-A710-424913D3F639}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2DEC78-CAD0-46D4-A487-F50F0959DFBA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6A2FB18-98AD-4E0F-9662-5F975372D5FB}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFA4E1FF-BFBB-4316-A7ED-DB5B3C572165}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Heiko\Desktop\DSC00303.JPG

O24 - Desktop BackupWallPaper: C:\Users\Heiko\Desktop\DSC00303.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell - "" = AutoRun

O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell\AutoRun\command - "" = J:\Startme.exe

O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell - "" = AutoRun

O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: SkypeM - hkey= - key= -  File not found

MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)

MsConfig - StartUpReg: 捁牥吠畯⁲敒業摮牥 - hkey= - key= -  File not found

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM File not found

Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)

Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

Drivers32: VIDC.I420 - MSh263.drv File not found

Drivers32: vidc.x264 - C:\Programme\x264vfw\x264vfw.dll ()

Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.13 00:06:48 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe

[2012.03.12 20:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.03.12 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\Heiko\AppData\Roaming\Malwarebytes

[2012.03.12 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.12 17:37:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.12 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.03.12 17:36:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe

[2012.02.27 11:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.02.24 11:46:13 | 000,000,000 | ---D | C] -- C:\Users\Heiko\Desktop\bluescreens

[2012.02.23 14:50:11 | 000,000,000 | ---D | C] -- C:\Users\Heiko\Desktop\bootcd

[2012.02.23 07:55:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.13 16:04:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.13 16:04:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.13 00:06:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe

[2012.03.12 18:26:25 | 000,204,800 | ---- | M] () -- C:\Users\Heiko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.12 18:01:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.12 18:01:06 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.12 17:46:30 | 000,002,078 | ---- | M] () -- C:\Users\Heiko\Documents\cc_20120312_174619.reg

[2012.03.12 17:37:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.12 17:34:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe

[2012.03.12 13:36:37 | 000,000,680 | ---- | M] () -- C:\Users\Heiko\AppData\Local\d3d9caps.dat

[2012.03.12 13:34:13 | 000,002,228 | ---- | M] () -- C:\Users\Heiko\Documents\cc_20120312_133407.reg

[2012.03.06 00:00:35 | 000,000,104 | ---- | M] () -- C:\Users\Heiko\Desktop\Papierkorb - Verknüpfung.lnk

[2012.03.03 22:39:37 | 000,432,883 | ---- | M] () -- C:\Users\Heiko\Documents\todesminen.pdf

[2012.03.02 22:12:22 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.02 22:12:22 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.02 22:12:22 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.02 22:12:22 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.27 11:50:20 | 000,257,668 | ---- | M] () -- C:\Users\Heiko\Documents\cc_20120227_114646.reg

[2012.02.27 11:36:20 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.02.23 10:56:05 | 000,000,407 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Checksum.ini

[2012.02.23 08:00:19 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.02.23 07:48:48 | 000,000,152 | ---- | M] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta

[2012.02.17 03:24:38 | 000,270,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.02.15 19:57:52 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.12 17:46:23 | 000,002,078 | ---- | C] () -- C:\Users\Heiko\Documents\cc_20120312_174619.reg

[2012.03.12 17:41:03 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys

[2012.03.12 17:37:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.12 13:36:37 | 000,000,680 | ---- | C] () -- C:\Users\Heiko\AppData\Local\d3d9caps.dat

[2012.03.12 13:34:11 | 000,002,228 | ---- | C] () -- C:\Users\Heiko\Documents\cc_20120312_133407.reg

[2012.03.06 00:00:35 | 000,000,104 | ---- | C] () -- C:\Users\Heiko\Desktop\Papierkorb - Verknüpfung.lnk

[2012.03.03 22:39:36 | 000,432,883 | ---- | C] () -- C:\Users\Heiko\Documents\todesminen.pdf

[2012.02.27 11:46:52 | 000,257,668 | ---- | C] () -- C:\Users\Heiko\Documents\cc_20120227_114646.reg

[2012.02.27 11:36:20 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.02.23 10:11:49 | 000,000,407 | ---- | C] () -- C:\Users\Heiko\AppData\Roaming\Checksum.ini

[2012.02.23 08:00:19 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.02.23 08:00:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.02.23 07:46:36 | 000,000,152 | ---- | C] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta

[2011.10.30 21:15:03 | 000,001,059 | ---- | C] () -- C:\Users\Heiko\AppData\Roaming\DVDSubEdit.ini

[2011.10.08 15:33:30 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini

[2011.03.27 16:28:44 | 000,000,120 | ---- | C] () -- C:\Users\Heiko\AppData\Roaming\FixVTS.ini

[2011.03.11 21:28:15 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011.03.11 21:28:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011.01.31 18:33:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011.01.31 17:25:07 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe

[2010.11.12 08:17:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

 
 ========== LOP Check ==========

 

[2012.02.11 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DVDVideoSoft

[2010.08.05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQ

[2007.09.14 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQLite

[2011.02.03 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Local

[2011.08.15 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\mkvtoolnix

[2011.08.06 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\OpenOffice.org

[2010.01.19 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Ulead Systems

[2012.03.12 17:59:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.02.23 08:09:11 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Adobe

[2007.09.10 09:19:38 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\AdobeUM

[2010.07.23 19:42:03 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Ahead

[2008.09.08 17:49:21 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\AOL

[2011.10.31 09:22:55 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Apple Computer

[2007.09.08 10:39:07 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ATI

[2011.10.14 17:16:59 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Avira

[2008.08.16 08:54:09 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\AVS4YOU

[2011.02.03 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DivX

[2012.02.11 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DVDVideoSoft

[2010.08.05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQ

[2007.09.14 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQLite

[2007.09.08 10:38:35 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Identities

[2011.12.30 14:53:57 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\InstallShield

[2011.02.03 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Local

[2007.09.08 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Macromedia

[2012.03.12 17:37:38 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Media Center Programs

[2012.02.23 08:09:11 | 000,000,000 | --SD | M] -- C:\Users\Heiko\AppData\Roaming\Microsoft

[2011.08.15 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\mkvtoolnix

[2009.12.22 08:21:47 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Mozilla

[2010.07.23 19:06:54 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Nero

[2011.08.06 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\OpenOffice.org

[2010.01.19 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Ulead Systems

[2007.09.08 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\WinRAR

[2007.09.08 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\You've Got Pictures Screensaver

 
 < %APPDATA%\*.exe /s >

[2008.06.14 18:12:07 | 019,900,192 | ---- | M] (                                   ) -- C:\Users\Heiko\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: AHCIX86S.SYS  >

[2006.08.14 05:27:02 | 000,117,760 | ---- | M] (ATI Technologies Inc.) MD5=6241F2C3073FEAB1EB1BCEE7EEE7A95A -- C:\DRV\ATI-8.31\8.31\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys

[2006.08.14 05:27:02 | 000,117,760 | ---- | M] (ATI Technologies Inc.) MD5=6241F2C3073FEAB1EB1BCEE7EEE7A95A -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_f6dd3386\ahcix86s.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.09.09 02:01:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2007.09.09 02:01:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:59756FA4
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://suche.aol.de/suche/web/search.jsp?q={searchTerms}

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 115.108.177.230:1080

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

[2009.09.16 12:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.02.01 19:04:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.02.23 07:51:35 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml

[2009.06.01 18:29:41 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml

[2009.08.25 19:40:49 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml

[2009.11.08 17:14:11 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml

[2009.11.27 21:11:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml

[2009.12.18 13:24:03 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml

[2010.01.06 19:01:48 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml

[2010.02.18 20:07:52 | 000,000,961 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml

[2010.03.11 20:53:37 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml

[2010.03.23 20:20:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml

[2010.04.03 22:19:05 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml

[2007.10.28 12:52:31 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml

[2010.06.24 20:28:21 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml

[2010.06.28 16:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml

[2010.07.24 16:18:14 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml

[2010.07.26 19:02:40 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml

[2010.09.09 17:13:36 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml

[2010.09.16 19:11:59 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml

[2010.10.24 08:51:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml

[2010.10.30 10:12:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml

[2011.01.02 14:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml

[2011.03.10 21:06:58 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml

[2007.11.24 12:18:49 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml

[2008.04.16 19:19:24 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml

[2008.04.17 08:21:05 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml

[2008.12.23 20:02:07 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml

[2009.01.12 12:25:55 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml

[2009.01.12 12:46:16 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml

[2009.02.05 10:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml

[2009.06.07 13:21:06 | 000,000,944 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml

[2009.06.11 10:52:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [捁牥吠畯r]  File not found

O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell - "" = AutoRun

O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell\AutoRun\command - "" = J:\Startme.exe

O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell - "" = AutoRun

O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:59756FA4

:Files

c:\Programme\AOL\AOL Toolbar 4.0

C:\Programme\ICQ6Toolbar

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So das hat erstmal geklappt! Danke!

Code:

All processes killed

========== OTL ==========

Process ICQ Service.exe killed successfully!

No active process named TeaTimer.exe was found!

Service ICQ Service stopped successfully!

Service ICQ Service deleted successfully!

C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully!

HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!

HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!

HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78}\ not found.

Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.

Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}\ not found.

Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.

HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.

C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml moved successfully.

C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.

C:\Programme\Spybot - Search & Destroy\SDHelper.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.

C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ deleted successfully.

C:\Windows\System32\eDStoolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.

C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.

File C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.

File C:\Windows\System32\eDStoolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.

C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Run\\捁牥吠畯r deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar-Suche\ deleted successfully.

File Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found.

File C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ not found.

File J:\Startme.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{419d7449-eec1-11dc-9c12-00040e10bcda}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{419d7449-eec1-11dc-9c12-00040e10bcda}\ not found.

File K:\LaunchU3.exe -a not found.

ADS C:\ProgramData\TEMP:59756FA4 deleted successfully.

========== FILES ==========

c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\ui folder moved successfully.

c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\rss folder moved successfully.

c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local folder moved successfully.

c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\buttons folder moved successfully.

c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\ba folder moved successfully.

c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\aimPages folder moved successfully.

c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE folder moved successfully.

c:\Programme\AOL\AOL Toolbar 4.0\resources folder moved successfully.

c:\Programme\AOL\AOL Toolbar 4.0 folder moved successfully.

File\Folder C:\Programme\ICQ6Toolbar not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Heiko

->Temp folder emptied: 27690081 bytes

->Temporary Internet Files folder emptied: 74491895 bytes

->Java cache emptied: 15183729 bytes

->FireFox cache emptied: 48911267 bytes

->Flash cache emptied: 2808 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 847872 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 526186 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 160,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.36.3 log created on 03132012_180947
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Also hier weiter gehts:

Code:

19:11:33.0113 2876        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43

19:11:33.0503 2876        ============================================================

19:11:33.0503 2876        Current date / time: 2012/03/13 19:11:33.0503

19:11:33.0503 2876        SystemInfo:

19:11:33.0503 2876        

19:11:33.0503 2876        OS Version: 6.0.6002 ServicePack: 2.0

19:11:33.0503 2876        Product type: Workstation

19:11:33.0503 2876        ComputerName: HEIKO-PC

19:11:33.0503 2876        UserName: Heiko

19:11:33.0503 2876        Windows directory: C:\Windows

19:11:33.0503 2876        System windows directory: C:\Windows

19:11:33.0503 2876        Processor architecture: Intel x86

19:11:33.0503 2876        Number of processors: 2

19:11:33.0503 2876        Page size: 0x1000

19:11:33.0503 2876        Boot type: Normal boot

19:11:33.0503 2876        ============================================================

19:11:35.0250 2876        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

19:11:35.0359 2876        Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

19:11:35.0421 2876        \Device\Harddisk0\DR0:

19:11:35.0437 2876        MBR used

19:11:35.0437 2876        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0xDAA87C, BlocksNum 0xE265279

19:11:35.0437 2876        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF00FAF5, BlocksNum 0xE1B4A8C

19:11:35.0437 2876        \Device\Harddisk1\DR1:

19:11:35.0437 2876        MBR used

19:11:35.0437 2876        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD0

19:11:35.0671 2876        Initialize success

19:11:35.0671 2876        ============================================================

19:13:02.0407 2552        ============================================================

19:13:02.0407 2552        Scan started

19:13:02.0407 2552        Mode: Manual; SigCheck; TDLFS; 

19:13:02.0407 2552        ============================================================

19:13:05.0215 2552        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

19:13:05.0496 2552        ACPI - ok

19:13:05.0667 2552        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

19:13:05.0777 2552        adp94xx - ok

19:13:05.0964 2552        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

19:13:06.0026 2552        adpahci - ok

19:13:06.0104 2552        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

19:13:06.0151 2552        adpu160m - ok

19:13:06.0167 2552        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

19:13:06.0245 2552        adpu320 - ok

19:13:06.0416 2552        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

19:13:06.0728 2552        AFD - ok

19:13:06.0853 2552        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

19:13:06.0915 2552        agp440 - ok

19:13:07.0009 2552        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

19:13:07.0071 2552        aic78xx - ok

19:13:07.0087 2552        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

19:13:07.0134 2552        aliide - ok

19:13:07.0305 2552        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

19:13:07.0352 2552        amdagp - ok

19:13:07.0399 2552        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

19:13:07.0446 2552        amdide - ok

19:13:07.0571 2552        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

19:13:07.0805 2552        AmdK7 - ok

19:13:07.0992 2552        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

19:13:08.0117 2552        AmdK8 - ok

19:13:08.0304 2552        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

19:13:08.0351 2552        arc - ok

19:13:08.0382 2552        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

19:13:08.0429 2552        arcsas - ok

19:13:08.0553 2552        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

19:13:08.0694 2552        AsyncMac - ok

19:13:08.0803 2552        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

19:13:08.0819 2552        atapi - ok

19:13:08.0834 2552        AtiPcie         (b44417b29c4760a86f65702fd92ea3d7) C:\Windows\system32\DRIVERS\AtiPcie.sys

19:13:08.0959 2552        AtiPcie - ok

19:13:09.0053 2552        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

19:13:09.0131 2552        avgntflt - ok

19:13:09.0224 2552        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

19:13:09.0271 2552        avipbb - ok

19:13:09.0302 2552        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

19:13:09.0302 2552        avkmgr - ok

19:13:09.0411 2552        AVMUNET         (74463afc648ad3c2fd4bc25b711fda7f) C:\Windows\system32\DRIVERS\avmunet.sys

19:13:09.0443 2552        AVMUNET ( UnsignedFile.Multi.Generic ) - warning

19:13:09.0443 2552        AVMUNET - detected UnsignedFile.Multi.Generic (1)

19:13:09.0552 2552        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

19:13:09.0630 2552        Beep - ok

19:13:09.0708 2552        blbdrive - ok

19:13:09.0755 2552        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

19:13:09.0833 2552        bowser - ok

19:13:09.0926 2552        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

19:13:10.0082 2552        BrFiltLo - ok

19:13:10.0160 2552        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

19:13:10.0238 2552        BrFiltUp - ok

19:13:10.0347 2552        Bridge          (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys

19:13:10.0394 2552        Bridge - ok

19:13:10.0410 2552        BridgeMP        (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys

19:13:10.0441 2552        BridgeMP - ok

19:13:10.0472 2552        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

19:13:10.0581 2552        Brserid - ok

19:13:10.0706 2552        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

19:13:10.0815 2552        BrSerWdm - ok

19:13:10.0878 2552        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

19:13:10.0971 2552        BrUsbMdm - ok

19:13:11.0018 2552        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

19:13:11.0127 2552        BrUsbSer - ok

19:13:11.0237 2552        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

19:13:11.0346 2552        BTHMODEM - ok

19:13:11.0439 2552        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

19:13:11.0517 2552        cdfs - ok

19:13:11.0642 2552        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

19:13:11.0705 2552        cdrom - ok

19:13:11.0814 2552        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

19:13:11.0907 2552        circlass - ok

19:13:11.0954 2552        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

19:13:12.0017 2552        CLFS - ok

19:13:12.0095 2552        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

19:13:12.0126 2552        cmdide - ok

19:13:12.0157 2552        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

19:13:12.0204 2552        Compbatt - ok

19:13:12.0235 2552        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

19:13:12.0282 2552        crcdisk - ok

19:13:12.0360 2552        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

19:13:12.0453 2552        Crusoe - ok

19:13:12.0500 2552        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

19:13:12.0547 2552        DfsC - ok

19:13:12.0656 2552        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

19:13:12.0687 2552        disk - ok

19:13:12.0828 2552        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

19:13:12.0890 2552        drmkaud - ok

19:13:12.0999 2552        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

19:13:13.0046 2552        DXGKrnl - ok

19:13:13.0062 2552        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

19:13:13.0202 2552        E1G60 - ok

19:13:13.0343 2552        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

19:13:13.0405 2552        Ecache - ok

19:13:13.0514 2552        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

19:13:13.0561 2552        elxstor - ok

19:13:13.0655 2552        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

19:13:13.0717 2552        exfat - ok

19:13:13.0779 2552        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

19:13:13.0842 2552        fastfat - ok

19:13:13.0904 2552        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

19:13:13.0967 2552        fdc - ok

19:13:14.0076 2552        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

19:13:14.0123 2552        FileInfo - ok

19:13:14.0154 2552        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

19:13:14.0232 2552        Filetrace - ok

19:13:14.0310 2552        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

19:13:14.0419 2552        flpydisk - ok

19:13:14.0466 2552        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

19:13:14.0528 2552        FltMgr - ok

19:13:14.0622 2552        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

19:13:14.0684 2552        Fs_Rec - ok

19:13:14.0715 2552        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

19:13:14.0762 2552        gagp30kx - ok

19:13:14.0840 2552        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

19:13:14.0965 2552        HdAudAddService - ok

19:13:15.0027 2552        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:13:15.0121 2552        HDAudBus - ok

19:13:15.0183 2552        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

19:13:15.0308 2552        HidBth - ok

19:13:15.0386 2552        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

19:13:15.0464 2552        HidIr - ok

19:13:15.0573 2552        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

19:13:15.0683 2552        HidUsb - ok

19:13:15.0698 2552        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

19:13:15.0745 2552        HpCISSs - ok

19:13:15.0854 2552        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

19:13:16.0010 2552        HTTP - ok

19:13:16.0182 2552        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

19:13:16.0213 2552        i2omp - ok

19:13:16.0291 2552        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

19:13:16.0353 2552        i8042prt - ok

19:13:16.0463 2552        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

19:13:16.0509 2552        iaStorV - ok

19:13:16.0556 2552        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

19:13:16.0603 2552        iirsp - ok

19:13:16.0681 2552        int15           (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys

19:13:16.0712 2552        int15 - ok

19:13:16.0853 2552        IntcAzAudAddService (aef2fa29204056b81bc4cbf30260dee1) C:\Windows\system32\drivers\RTKVHDA.sys

19:13:16.0977 2552        IntcAzAudAddService - ok

19:13:17.0071 2552        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

19:13:17.0118 2552        intelide - ok

19:13:17.0165 2552        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

19:13:17.0211 2552        intelppm - ok

19:13:17.0336 2552        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:13:17.0414 2552        IpFilterDriver - ok

19:13:17.0492 2552        IpInIp - ok

19:13:17.0539 2552        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

19:13:17.0648 2552        IPMIDRV - ok

19:13:17.0757 2552        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

19:13:17.0820 2552        IPNAT - ok

19:13:17.0851 2552        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

19:13:17.0929 2552        IRENUM - ok

19:13:18.0023 2552        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

19:13:18.0069 2552        isapnp - ok

19:13:18.0101 2552        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

19:13:18.0132 2552        iScsiPrt - ok

19:13:18.0225 2552        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

19:13:18.0272 2552        iteatapi - ok

19:13:18.0303 2552        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

19:13:18.0319 2552        iteraid - ok

19:13:18.0413 2552        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

19:13:18.0459 2552        kbdclass - ok

19:13:18.0506 2552        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

19:13:18.0569 2552        kbdhid - ok

19:13:18.0678 2552        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

19:13:18.0740 2552        KSecDD - ok

19:13:18.0803 2552        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

19:13:18.0881 2552        lltdio - ok

19:13:18.0990 2552        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

19:13:19.0037 2552        LSI_FC - ok

19:13:19.0052 2552        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

19:13:19.0099 2552        LSI_SAS - ok

19:13:19.0193 2552        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

19:13:19.0239 2552        LSI_SCSI - ok

19:13:19.0286 2552        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

19:13:19.0333 2552        luafv - ok

19:13:19.0427 2552        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

19:13:19.0458 2552        MBAMProtector - ok

19:13:19.0520 2552        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

19:13:19.0551 2552        megasas - ok

19:13:19.0661 2552        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

19:13:19.0754 2552        Modem - ok

19:13:19.0863 2552        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

19:13:19.0910 2552        monitor - ok

19:13:19.0941 2552        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

19:13:19.0973 2552        mouclass - ok

19:13:20.0066 2552        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

19:13:20.0144 2552        mouhid - ok

19:13:20.0175 2552        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

19:13:20.0222 2552        MountMgr - ok

19:13:20.0331 2552        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

19:13:20.0378 2552        mpio - ok

19:13:20.0409 2552        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

19:13:20.0472 2552        mpsdrv - ok

19:13:20.0581 2552        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

19:13:20.0628 2552        Mraid35x - ok

19:13:20.0643 2552        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

19:13:20.0753 2552        MRxDAV - ok

19:13:20.0862 2552        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:13:20.0924 2552        mrxsmb - ok

19:13:21.0033 2552        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:13:21.0096 2552        mrxsmb10 - ok

19:13:21.0205 2552        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:13:21.0267 2552        mrxsmb20 - ok

19:13:21.0361 2552        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

19:13:21.0408 2552        msahci - ok

19:13:21.0439 2552        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

19:13:21.0486 2552        msdsm - ok

19:13:21.0611 2552        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

19:13:21.0673 2552        Msfs - ok

19:13:21.0782 2552        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

19:13:21.0829 2552        msisadrv - ok

19:13:21.0860 2552        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

19:13:21.0938 2552        MSKSSRV - ok

19:13:22.0047 2552        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

19:13:22.0094 2552        MSPCLOCK - ok

19:13:22.0110 2552        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

19:13:22.0157 2552        MSPQM - ok

19:13:22.0188 2552        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

19:13:22.0235 2552        MsRPC - ok

19:13:22.0328 2552        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

19:13:22.0344 2552        mssmbios - ok

19:13:22.0375 2552        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

19:13:22.0422 2552        MSTEE - ok

19:13:22.0469 2552        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

19:13:22.0515 2552        Mup - ok

19:13:22.0625 2552        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

19:13:22.0703 2552        NativeWifiP - ok

19:13:22.0827 2552        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

19:13:22.0874 2552        NDIS - ok

19:13:22.0921 2552        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

19:13:22.0999 2552        NdisTapi - ok

19:13:23.0093 2552        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

19:13:23.0171 2552        Ndisuio - ok

19:13:23.0217 2552        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:13:23.0264 2552        NdisWan - ok

19:13:23.0373 2552        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

19:13:23.0451 2552        NDProxy - ok

19:13:23.0545 2552        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

19:13:23.0623 2552        NetBIOS - ok

19:13:23.0670 2552        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

19:13:23.0748 2552        netbt - ok

19:13:23.0857 2552        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

19:13:23.0904 2552        nfrd960 - ok

19:13:23.0951 2552        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

19:13:24.0029 2552        Npfs - ok

19:13:24.0122 2552        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

19:13:24.0200 2552        nsiproxy - ok

19:13:24.0263 2552        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

19:13:24.0356 2552        Ntfs - ok

19:13:24.0465 2552        NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

19:13:24.0512 2552        NTIDrvr ( UnsignedFile.Multi.Generic ) - warning

19:13:24.0512 2552        NTIDrvr - detected UnsignedFile.Multi.Generic (1)

19:13:24.0590 2552        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

19:13:24.0699 2552        ntrigdigi - ok

19:13:24.0746 2552        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

19:13:24.0824 2552        Null - ok

19:13:24.0918 2552        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

19:13:24.0949 2552        nvraid - ok

19:13:24.0965 2552        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

19:13:24.0980 2552        nvstor - ok

19:13:25.0011 2552        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

19:13:25.0027 2552        nv_agp - ok

19:13:25.0043 2552        NwlnkFlt - ok

19:13:25.0058 2552        NwlnkFwd - ok

19:13:25.0167 2552        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

19:13:25.0199 2552        ohci1394 - ok

19:13:25.0323 2552        Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

19:13:25.0401 2552        Parport - ok

19:13:25.0433 2552        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

19:13:25.0479 2552        partmgr - ok

19:13:25.0573 2552        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

19:13:25.0635 2552        Parvdm - ok

19:13:25.0682 2552        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

19:13:25.0729 2552        pci - ok

19:13:25.0807 2552        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

19:13:25.0869 2552        pciide - ok

19:13:25.0901 2552        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

19:13:25.0947 2552        pcmcia - ok

19:13:26.0088 2552        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

19:13:26.0244 2552        PEAUTH - ok

19:13:26.0415 2552        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

19:13:26.0478 2552        PptpMiniport - ok

19:13:26.0509 2552        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

19:13:26.0603 2552        Processor - ok

19:13:26.0712 2552        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

19:13:26.0774 2552        PSched - ok

19:13:26.0790 2552        PSDFilter       (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys

19:13:26.0837 2552        PSDFilter ( UnsignedFile.Multi.Generic ) - warning

19:13:26.0837 2552        PSDFilter - detected UnsignedFile.Multi.Generic (1)

19:13:26.0915 2552        PSDNServ        (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys

19:13:26.0930 2552        PSDNServ ( UnsignedFile.Multi.Generic ) - warning

19:13:26.0930 2552        PSDNServ - detected UnsignedFile.Multi.Generic (1)

19:13:26.0961 2552        psdvdisk        (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys

19:13:27.0008 2552        psdvdisk ( UnsignedFile.Multi.Generic ) - warning

19:13:27.0008 2552        psdvdisk - detected UnsignedFile.Multi.Generic (1)

19:13:27.0133 2552        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

19:13:27.0227 2552        ql2300 - ok

19:13:27.0320 2552        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

19:13:27.0351 2552        ql40xx - ok

19:13:27.0398 2552        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

19:13:27.0476 2552        QWAVEdrv - ok

19:13:27.0632 2552        R300            (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys

19:13:27.0819 2552        R300 - ok

19:13:27.0913 2552        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

19:13:27.0960 2552        RasAcd - ok

19:13:28.0053 2552        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:13:28.0131 2552        Rasl2tp - ok

19:13:28.0178 2552        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

19:13:28.0241 2552        RasPppoe - ok

19:13:28.0303 2552        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

19:13:28.0350 2552        RasSstp - ok

19:13:28.0412 2552        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

19:13:28.0459 2552        rdbss - ok

19:13:28.0521 2552        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:13:28.0584 2552        RDPCDD - ok

19:13:28.0646 2552        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

19:13:28.0755 2552        rdpdr - ok

19:13:28.0833 2552        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

19:13:28.0911 2552        RDPENCDD - ok

19:13:28.0974 2552        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

19:13:29.0036 2552        RDPWD - ok

19:13:29.0192 2552        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

19:13:29.0239 2552        rspndr - ok

19:13:29.0317 2552        RT73            (0ab8d9d7c5ac81fc736d7c208f737570) C:\Windows\system32\DRIVERS\Dr71WU.sys

19:13:29.0411 2552        RT73 - ok

19:13:29.0489 2552        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys

19:13:29.0535 2552        s1018bus - ok

19:13:29.0613 2552        s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys

19:13:29.0645 2552        s1018mdfl - ok

19:13:29.0691 2552        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys

19:13:29.0738 2552        s1018mdm - ok

19:13:29.0801 2552        s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys

19:13:29.0879 2552        s1018mgmt - ok

19:13:29.0972 2552        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys

19:13:30.0003 2552        s1018nd5 - ok

19:13:30.0050 2552        s1018obex       (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys

19:13:30.0097 2552        s1018obex - ok

19:13:30.0191 2552        s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys

19:13:30.0237 2552        s1018unic - ok

19:13:30.0284 2552        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

19:13:30.0315 2552        sbp2port - ok

19:13:30.0425 2552        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

19:13:30.0549 2552        secdrv - ok

19:13:30.0627 2552        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

19:13:30.0705 2552        Serenum - ok

19:13:30.0768 2552        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

19:13:30.0846 2552        Serial - ok

19:13:30.0955 2552        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

19:13:31.0017 2552        sermouse - ok

19:13:31.0064 2552        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

19:13:31.0173 2552        sffdisk - ok

19:13:31.0283 2552        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

19:13:31.0376 2552        sffp_mmc - ok

19:13:31.0392 2552        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

19:13:31.0501 2552        sffp_sd - ok

19:13:31.0595 2552        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

19:13:31.0704 2552        sfloppy - ok

19:13:31.0813 2552        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

19:13:31.0844 2552        sisagp - ok

19:13:31.0875 2552        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

19:13:31.0907 2552        SiSRaid2 - ok

19:13:32.0016 2552        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

19:13:32.0047 2552        SiSRaid4 - ok

19:13:32.0109 2552        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

19:13:32.0187 2552        Smb - ok

19:13:32.0281 2552        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

19:13:32.0312 2552        spldr - ok

19:13:32.0359 2552        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

19:13:32.0468 2552        srv - ok

19:13:32.0562 2552        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

19:13:32.0655 2552        srv2 - ok

19:13:32.0765 2552        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

19:13:32.0827 2552        srvnet - ok

19:13:32.0889 2552        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

19:13:32.0921 2552        ssmdrv - ok

19:13:32.0999 2552        StkAMini        (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys

19:13:33.0061 2552        StkAMini ( UnsignedFile.Multi.Generic ) - warning

19:13:33.0061 2552        StkAMini - detected UnsignedFile.Multi.Generic (1)

19:13:33.0155 2552        StkScan         (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys

19:13:33.0201 2552        StkScan ( UnsignedFile.Multi.Generic ) - warning

19:13:33.0201 2552        StkScan - detected UnsignedFile.Multi.Generic (1)

19:13:33.0311 2552        StkTMini        (0933717146e8054f133b5bdb874ef9fa) C:\Windows\system32\Drivers\StkTMini.sys

19:13:33.0404 2552        StkTMini ( UnsignedFile.Multi.Generic ) - warning

19:13:33.0404 2552        StkTMini - detected UnsignedFile.Multi.Generic (1)

19:13:33.0513 2552        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

19:13:33.0545 2552        swenum - ok

19:13:33.0576 2552        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

19:13:33.0607 2552        Symc8xx - ok

19:13:33.0623 2552        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

19:13:33.0669 2552        Sym_hi - ok

19:13:33.0747 2552        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

19:13:33.0779 2552        Sym_u3 - ok

19:13:33.0841 2552        taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys

19:13:33.0888 2552        taphss - ok

19:13:34.0013 2552        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

19:13:34.0075 2552        Tcpip - ok

19:13:34.0231 2552        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

19:13:34.0309 2552        Tcpip6 - ok

19:13:34.0387 2552        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

19:13:34.0527 2552        tcpipreg - ok

19:13:34.0637 2552        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

19:13:34.0683 2552        TDPIPE - ok

19:13:34.0715 2552        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

19:13:34.0793 2552        TDTCP - ok

19:13:34.0886 2552        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

19:13:34.0933 2552        tdx - ok

19:13:34.0980 2552        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

19:13:35.0011 2552        TermDD - ok

19:13:35.0151 2552        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:13:35.0229 2552        tssecsrv - ok

19:13:35.0354 2552        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

19:13:35.0432 2552        tunmp - ok

19:13:35.0541 2552        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

19:13:35.0557 2552        tunnel - ok

19:13:35.0588 2552        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

19:13:35.0635 2552        uagp35 - ok

19:13:35.0713 2552        UBHelper        (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys

19:13:35.0744 2552        UBHelper ( UnsignedFile.Multi.Generic ) - warning

19:13:35.0744 2552        UBHelper - detected UnsignedFile.Multi.Generic (1)

19:13:35.0791 2552        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

19:13:35.0853 2552        udfs - ok

19:13:35.0963 2552        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

19:13:35.0994 2552        uliagpkx - ok

19:13:36.0025 2552        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

19:13:36.0072 2552        uliahci - ok

19:13:36.0165 2552        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

19:13:36.0197 2552        UlSata - ok

19:13:36.0212 2552        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

19:13:36.0259 2552        ulsata2 - ok

19:13:36.0306 2552        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

19:13:36.0384 2552        umbus - ok

19:13:36.0477 2552        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

19:13:36.0555 2552        usbaudio - ok

19:13:36.0665 2552        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

19:13:36.0743 2552        usbccgp - ok

19:13:36.0836 2552        usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys

19:13:36.0914 2552        usbcir - ok

19:13:37.0023 2552        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

19:13:37.0101 2552        usbehci - ok

19:13:37.0195 2552        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

19:13:37.0273 2552        usbhub - ok

19:13:37.0382 2552        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

19:13:37.0445 2552        usbohci - ok

19:13:37.0476 2552        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

19:13:37.0554 2552        usbprint - ok

19:13:37.0647 2552        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:13:37.0710 2552        USBSTOR - ok

19:13:37.0741 2552        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

19:13:37.0819 2552        usbuhci - ok

19:13:37.0944 2552        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

19:13:38.0053 2552        vga - ok

19:13:38.0162 2552        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

19:13:38.0225 2552        VgaSave - ok

19:13:38.0256 2552        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

19:13:38.0287 2552        viaagp - ok

19:13:38.0381 2552        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

19:13:38.0459 2552        ViaC7 - ok

19:13:38.0537 2552        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

19:13:38.0568 2552        viaide - ok

19:13:38.0615 2552        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

19:13:38.0646 2552        volmgr - ok

19:13:38.0693 2552        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

19:13:38.0739 2552        volmgrx - ok

19:13:38.0849 2552        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

19:13:38.0864 2552        volsnap - ok

19:13:38.0895 2552        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

19:13:38.0927 2552        vsmraid - ok

19:13:39.0036 2552        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

19:13:39.0129 2552        WacomPen - ok

19:13:39.0161 2552        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:13:39.0223 2552        Wanarp - ok

19:13:39.0223 2552        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:13:39.0254 2552        Wanarpv6 - ok

19:13:39.0348 2552        wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

19:13:39.0410 2552        wanatw - ok

19:13:39.0519 2552        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

19:13:39.0551 2552        Wd - ok

19:13:39.0597 2552        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

19:13:39.0675 2552        Wdf01000 - ok

19:13:39.0847 2552        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

19:13:39.0941 2552        WmiAcpi - ok

19:13:40.0050 2552        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

19:13:40.0112 2552        WpdUsb - ok

19:13:40.0159 2552        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

19:13:40.0206 2552        ws2ifsl - ok

19:13:40.0315 2552        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:13:40.0393 2552        WUDFRd - ok

19:13:40.0518 2552        yukonwlh        (bfab14d10543963dbda7128adabfa51d) C:\Windows\system32\DRIVERS\yk60x86.sys

19:13:40.0580 2552        yukonwlh - ok

19:13:40.0705 2552        ZD1211U(WLAN)   (36eb7336d06acfc684ca7e148f802412) C:\Windows\system32\DRIVERS\zd1211u.sys

19:13:40.0736 2552        ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - warning

19:13:40.0736 2552        ZD1211U(WLAN) - detected UnsignedFile.Multi.Generic (1)

19:13:40.0814 2552        MBR (0x1B8)     (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0

19:13:44.0137 2552        \Device\Harddisk0\DR0 - ok

19:13:44.0137 2552        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

19:13:47.0756 2552        \Device\Harddisk1\DR1 - ok

19:13:47.0772 2552        Boot (0x1200)   (b75d6da48db55056aadd5f911bd22ceb) \Device\Harddisk0\DR0\Partition0

19:13:47.0772 2552        \Device\Harddisk0\DR0\Partition0 - ok

19:13:47.0787 2552        Boot (0x1200)   (8a8c3ac651297fa93013038e302101c0) \Device\Harddisk0\DR0\Partition1

19:13:47.0787 2552        \Device\Harddisk0\DR0\Partition1 - ok

19:13:47.0787 2552        Boot (0x1200)   (94a31c74a3ad021e0a156985fb3109de) \Device\Harddisk1\DR1\Partition0

19:13:47.0787 2552        \Device\Harddisk1\DR1\Partition0 - ok

19:13:47.0803 2552        ============================================================

19:13:47.0803 2552        Scan finished

19:13:47.0803 2552        ============================================================

19:13:47.0819 4848        Detected object count: 10

19:13:47.0819 4848        Actual detected object count: 10

19:14:11.0983 4848        AVMUNET ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:11.0983 4848        AVMUNET ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:14:11.0983 4848        NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:11.0983 4848        NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:14:11.0983 4848        PSDFilter ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:11.0983 4848        PSDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:14:11.0983 4848        PSDNServ ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:11.0983 4848        PSDNServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:14:11.0999 4848        psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:11.0999 4848        psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:14:11.0999 4848        StkAMini ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:11.0999 4848        StkAMini ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:14:11.0999 4848        StkScan ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:11.0999 4848        StkScan ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:14:11.0999 4848        StkTMini ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:11.0999 4848        StkTMini ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:14:12.0014 4848        UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:12.0014 4848        UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:14:12.0014 4848        ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - skipped by user

19:14:12.0014 4848        ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

So hier der Kombofix

Code:

ComboFix 12-03-13.01 - Heiko 13.03.2012  19:41:27.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.894.295 [GMT 1:00]

ausgeführt von:: c:\users\Heiko\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Heiko\AppData\Roaming\DVDSubEditLastFile0.txt

c:\users\Heiko\AppData\Roaming\Local

c:\users\Heiko\AppData\Roaming\Local\Temp\DDM\Settings\138494.avi.ddr

c:\users\Heiko\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\138494.avi.ddp

c:\windows\system32\jgaw400.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))

.

.

2012-03-13 18:52 . 2012-03-13 18:58        --------        d-----w-        c:\users\Heiko\AppData\Local\temp

2012-03-13 18:52 . 2012-03-13 18:52        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-03-13 17:09 . 2012-03-13 17:09        --------        d-----w-        C:\_OTL

2012-03-12 19:23 . 2012-03-12 19:23        --------        d-----w-        c:\program files\ESET

2012-03-12 16:37 . 2012-03-12 16:37        --------        d-----w-        c:\users\Heiko\AppData\Roaming\Malwarebytes

2012-03-12 16:37 . 2012-03-12 16:37        --------        d-----w-        c:\programdata\Malwarebytes

2012-03-12 16:37 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-12 16:37 . 2012-03-12 16:37        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-02-27 10:36 . 2012-02-27 10:36        --------        d-----w-        c:\program files\CCleaner

2012-02-16 08:45 . 2011-12-14 16:17        680448        ----a-w-        c:\windows\system32\msvcrt.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-27 13:39 . 2011-05-16 16:27        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2009-12-19 12:52        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-15 18:57 . 2011-10-14 16:15        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-02-08 06:03 . 2012-03-09 16:56        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{13FB42D0-E59C-4D54-9079-DE65A90FA27E}\mpengine.dll

2012-01-12 19:52 . 2012-02-16 08:45        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-02-02 12:07 . 2011-07-08 08:25        121816        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]

"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"HostManager"="c:\program files\Common Files\AOL\1189262390\ee\AOLSoftware.exe" [2006-09-26 50736]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-12 528384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]

??????????????e [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]

2009-12-08 12:51        774144        ----a-w-        c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

.

------- Zusätzlicher Suchlauf -------

.

uSearchMigratedDefaultURL = 

mStart Page = 

uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

MSConfigStartUp-SkypeM - c:\users\Heiko\AppData\Local\Skype\Skype.exe

AddRemove-AOL Toolbar 4.0 - c:\program files\AOL\AOL Toolbar 4.0\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-03-13 19:59

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\StkASv2K.exe

c:\windows\wanmpsvc.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\windows\system32\iashost.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.EXE

c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\windows\system32\lpremove.exe

c:\windows\system32\RacAgent.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-13  20:11:33 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-13 19:10

.

Vor Suchlauf: 18 Verzeichnis(se), 25.829.949.440 Bytes frei

Nach Suchlauf: 22 Verzeichnis(se), 25.380.245.504 Bytes frei

.

- - End Of File - - 37039091CC43C4EE154CD415DA2D7297

So wie schauts aus?

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

So hier erstmal das Gmer log, werde jetzt mit osram weiter machen...

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-03-13 21:09:30

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HDT722525DLA380 rev.V44OA96A

Running: zpxktv20.exe; Driver: C:\Users\Heiko\AppData\Local\Temp\fwdoipoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            885189D6                                                                                                                                             ZwCreateSection

SSDT            885189E0                                                                                                                                             ZwRequestWaitReplyPort

SSDT            885189DB                                                                                                                                             ZwSetContextThread

SSDT            885189E5                                                                                                                                             ZwSetSecurityObject

SSDT            885189EA                                                                                                                                             ZwSystemDebugControl

SSDT            88518977                                                                                                                                             ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                                                        820C0998 4 Bytes  [D6, 89, 51, 88] {SALC ; MOV [ECX-0x78], EDX}

.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                                                        820C0CBC 4 Bytes  [E0, 89, 51, 88]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                                                        820C0CF0 4 Bytes  [DB, 89, 51, 88]

.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                                                        820C0D54 4 Bytes  [E5, 89, 51, 88]

.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                                                        820C0D9C 4 Bytes  [EA, 89, 51, 88]

.text           ...                                                                                                                                                  
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[328] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                [74367817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                 [743BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                             [7436BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                       [7435F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                 [743675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                              [7435E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                  [74398395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                     [7436DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                             [7435FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                              [7435FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                               [743571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                       [743ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                          [7438C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                             [7435D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                       [74356853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                      [7435687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                         [74362AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT             C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe[3640] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:20:44 on 13.03.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 9.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"AVM FRITZ!Box SL" (AVMUNET) - "AVM GmbH" - C:\Windows\System32\DRIVERS\avmunet.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"fwdoipoc" (fwdoipoc) - ? - C:\Users\Heiko\AppData\Local\Temp\fwdoipoc.sys  (Hidden registry entry, rootkit activity | File not found)

"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys

"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys

"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"Syntek STK1150" (StkAMini) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkAMini.sys

"Syntek STK1150 Filter Driver" (StkScan) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkScan.sys

"UBHelper" (UBHelper) - ? - C:\Windows\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)

"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys

"WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN)" (ZD1211U(WLAN)) - "ZyDAS Technology Corporation" - C:\Windows\System32\DRIVERS\zd1211u.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Program Files\ICQLite\ICQLiteShell.dll

{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{DBD8E168-244D-448C-9922-25508950D1DC} "Ulead UDF Driver" - ? -   (File not found | COM-object registry key not found)

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)

"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acer Empowering Technology Monitor" - ? - C:\Windows\system32\SysMonitor.exe

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"ATICCC" - ? - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"  (File found, but it contains no detailed information)

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

"HostManager" - "America Online, Inc." - C:\Program Files\Common Files\AOL\1189262390\ee\AOLSoftware.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

"ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

"Syntek STK1150 Service" (StkASSrv) - "Syntek America Inc." - C:\Windows\System32\StkASv2K.exe

"WAN Miniport (ATW) Service" (WANMiniportService) - "America Online, Inc." - C:\Windows\wanmpsvc.exe
 

[Winlogon]

-----( HKCU\Control Panel\Desktop )-----

"SCRNSAVE.EXE" - ? - C:\Windows\ACER(N~1.SCR  (File found, but it contains no detailed information)
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-13 21:24:49

-----------------------------

21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2

21:24:49.753    Number of processors: 2 586 0xF02

21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko

21:25:04.854    Initialize success

21:30:29.650    AVAST engine defs: 12031300

21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3

21:31:02.472    Disk 0 MBR read successfully

21:31:02.472    Disk 0 MBR scan

21:31:02.628    Disk 0 unknown MBR code

21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63

21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980

21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485

21:31:02.878    Disk 0 scanning sectors +488392065

21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers

21:32:04.763    Service scanning

21:32:31.720    Modules scanning

21:33:34.479    Disk 0 trace - called modules:

21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 

21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]

21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]

21:33:35.540    AVAST engine scan C:\Windows

21:34:06.225    AVAST engine scan C:\Windows\system32

21:40:44.696    AVAST engine scan C:\Windows\system32\drivers

21:41:00.623    AVAST engine scan C:\Users\Heiko

22:06:29.536    AVAST engine scan C:\ProgramData

22:15:01.325    Scan finished successfully

22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
 
 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-13 21:24:49

-----------------------------

21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2

21:24:49.753    Number of processors: 2 586 0xF02

21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko

21:25:04.854    Initialize success

21:30:29.650    AVAST engine defs: 12031300

21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3

21:31:02.472    Disk 0 MBR read successfully

21:31:02.472    Disk 0 MBR scan

21:31:02.628    Disk 0 unknown MBR code

21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63

21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980

21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485

21:31:02.878    Disk 0 scanning sectors +488392065

21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers

21:32:04.763    Service scanning

21:32:31.720    Modules scanning

21:33:34.479    Disk 0 trace - called modules:

21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 

21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]

21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]

21:33:35.540    AVAST engine scan C:\Windows

21:34:06.225    AVAST engine scan C:\Windows\system32

21:40:44.696    AVAST engine scan C:\Windows\system32\drivers

21:41:00.623    AVAST engine scan C:\Users\Heiko

22:06:29.536    AVAST engine scan C:\ProgramData

22:15:01.325    Scan finished successfully

22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"

22:34:48.559    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:34:48.567    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
 
 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-13 21:24:49

-----------------------------

21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2

21:24:49.753    Number of processors: 2 586 0xF02

21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko

21:25:04.854    Initialize success

21:30:29.650    AVAST engine defs: 12031300

21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3

21:31:02.472    Disk 0 MBR read successfully

21:31:02.472    Disk 0 MBR scan

21:31:02.628    Disk 0 unknown MBR code

21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63

21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980

21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485

21:31:02.878    Disk 0 scanning sectors +488392065

21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers

21:32:04.763    Service scanning

21:32:31.720    Modules scanning

21:33:34.479    Disk 0 trace - called modules:

21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 

21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]

21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]

21:33:35.540    AVAST engine scan C:\Windows

21:34:06.225    AVAST engine scan C:\Windows\system32

21:40:44.696    AVAST engine scan C:\Windows\system32\drivers

21:41:00.623    AVAST engine scan C:\Users\Heiko

22:06:29.536    AVAST engine scan C:\ProgramData

22:15:01.325    Scan finished successfully

22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Hoffe das hat geklappt, ging mir sehr schnell das ganze..
Disk0 Windows 600MBR Fixed Successfully

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-13 21:24:49

-----------------------------

21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2

21:24:49.753    Number of processors: 2 586 0xF02

21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko

21:25:04.854    Initialize success

21:30:29.650    AVAST engine defs: 12031300

21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3

21:31:02.472    Disk 0 MBR read successfully

21:31:02.472    Disk 0 MBR scan

21:31:02.628    Disk 0 unknown MBR code

21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63

21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980

21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485

21:31:02.878    Disk 0 scanning sectors +488392065

21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers

21:32:04.763    Service scanning

21:32:31.720    Modules scanning

21:33:34.479    Disk 0 trace - called modules:

21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 

21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]

21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]

21:33:35.540    AVAST engine scan C:\Windows

21:34:06.225    AVAST engine scan C:\Windows\system32

21:40:44.696    AVAST engine scan C:\Windows\system32\drivers

21:41:00.623    AVAST engine scan C:\Users\Heiko

22:06:29.536    AVAST engine scan C:\ProgramData

22:15:01.325    Scan finished successfully

22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
 
 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-13 21:24:49

-----------------------------

21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2

21:24:49.753    Number of processors: 2 586 0xF02

21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko

21:25:04.854    Initialize success

21:30:29.650    AVAST engine defs: 12031300

21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3

21:31:02.472    Disk 0 MBR read successfully

21:31:02.472    Disk 0 MBR scan

21:31:02.628    Disk 0 unknown MBR code

21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63

21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980

21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485

21:31:02.878    Disk 0 scanning sectors +488392065

21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers

21:32:04.763    Service scanning

21:32:31.720    Modules scanning

21:33:34.479    Disk 0 trace - called modules:

21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 

21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]

21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]

21:33:35.540    AVAST engine scan C:\Windows

21:34:06.225    AVAST engine scan C:\Windows\system32

21:40:44.696    AVAST engine scan C:\Windows\system32\drivers

21:41:00.623    AVAST engine scan C:\Users\Heiko

22:06:29.536    AVAST engine scan C:\ProgramData

22:15:01.325    Scan finished successfully

22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"

22:34:48.559    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:34:48.567    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
 
 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-13 21:24:49

-----------------------------

21:24:49.753    OS Version: Windows 6.0.6002 Service Pack 2

21:24:49.753    Number of processors: 2 586 0xF02

21:24:49.753    ComputerName: HEIKO-PC  UserName: Heiko

21:25:04.854    Initialize success

21:30:29.650    AVAST engine defs: 12031300

21:31:02.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:31:02.223    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3

21:31:02.472    Disk 0 MBR read successfully

21:31:02.472    Disk 0 MBR scan

21:31:02.628    Disk 0 unknown MBR code

21:31:02.644    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63

21:31:02.738    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980

21:31:02.784    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485

21:31:02.878    Disk 0 scanning sectors +488392065

21:31:03.190    Disk 0 scanning C:\Windows\system32\drivers

21:32:04.763    Service scanning

21:32:31.720    Modules scanning

21:33:34.479    Disk 0 trace - called modules:

21:33:34.526    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 

21:33:34.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a1cac8]

21:33:34.541    3 CLASSPNP.SYS[865be8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e45e0]

21:33:35.540    AVAST engine scan C:\Windows

21:34:06.225    AVAST engine scan C:\Windows\system32

21:40:44.696    AVAST engine scan C:\Windows\system32\drivers

21:41:00.623    AVAST engine scan C:\Users\Heiko

22:06:29.536    AVAST engine scan C:\ProgramData

22:15:01.325    Scan finished successfully

22:34:18.200    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:34:18.215    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"

22:34:48.559    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:34:48.567    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"

22:36:05.948    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

22:36:05.957    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"
 
 
 
 
 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-14 18:49:40

-----------------------------

18:49:40.598    OS Version: Windows 6.0.6002 Service Pack 2

18:49:40.598    Number of processors: 2 586 0xF02

18:49:40.598    ComputerName: HEIKO-PC  UserName: Heiko

18:50:29.832    Initialize success

18:50:54.698    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"

Ja und jetzt ein neues Log mit aswMBR machen wie ich gepostet habe

Irgendwas ging da wohl gestern schief mit dem log:wtf:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-15 17:50:41

-----------------------------

17:50:41.839    OS Version: Windows 6.0.6002 Service Pack 2

17:50:41.839    Number of processors: 2 586 0xF02

17:50:41.839    ComputerName: HEIKO-PC  UserName: Heiko

17:50:45.131    Initialize success

17:56:15.577    AVAST engine defs: 12031401

17:57:08.101    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"

17:58:37.026    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

17:58:37.041    Disk 0 Vendor: HDT722525DLA380 V44OA96A Size: 238475MB BusType: 3

17:58:37.072    Disk 0 MBR read successfully

17:58:37.088    Disk 0 MBR scan

17:58:39.288    Disk 0 Windows VISTA default MBR code

17:58:39.303    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6997 MB offset 63

17:58:39.553    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       115914 MB offset 14329980

17:58:39.631    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       115561 MB offset 251722485

17:58:39.678    Disk 0 scanning sectors +488392065

17:58:39.958    Disk 0 scanning C:\Windows\system32\drivers

17:59:03.904    Service scanning

17:59:51.469    Modules scanning

17:59:58.754    Disk 0 trace - called modules:

17:59:58.785    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 

17:59:58.785    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84903030]

17:59:58.801    3 CLASSPNP.SYS[865b58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848d85e0]

18:00:00.392    AVAST engine scan C:\Windows

18:00:17.802    AVAST engine scan C:\Windows\system32

18:05:22.501    AVAST engine scan C:\Windows\system32\drivers

18:05:39.224    AVAST engine scan C:\Users\Heiko

18:13:45.236    AVAST engine scan C:\ProgramData

18:16:04.968    Scan finished successfully

18:18:18.966    Disk 0 MBR has been saved successfully to "C:\Users\Heiko\Desktop\MBR.dat"

18:18:19.006    The log file has been saved successfully to "C:\Users\Heiko\Desktop\aswMBR.txt"

Ich hofe mal jetzt passts?

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

So hier schonmal das erste log, weiter gehts mit dem nächsten..

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.16.03
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Heiko :: HEIKO-PC [Administrator]
 

Schutz: Aktiviert
 

16.03.2012 17:53:27

mbam-log-2012-03-16 (17-53-27).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 318964

Laufzeit: 1 Stunde(n), 15 Minute(n), 4 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 03/16/2012 at 09:54 PM
 

Application Version : 5.0.1146
 

Core Rules Database Version : 8344

Trace Rules Database Version: 6156
 

Scan type       : Complete Scan

Total Scan Time : 02:08:56
 

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Administrator
 

Memory items scanned      : 884

Memory threats detected   : 0

Registry items scanned    : 34743

Registry threats detected : 0

File items scanned        : 209586

File threats detected     : 0

Super schaut doch gut aus! Dank dir!:applaus:

Jetzt ist glaub ich alles Hinüber :(

Gestern gings noch einwandfrei, heute Morgen wollte ich den Pc anschmeisen. Geht nicht an ein hoher langezogener Piepton erklingt, kurze pause wieder der Piepton, das piept ständig. (Hab schon mal auf listen nachgesehen, glaube aber nicht das es dies ist?)

Also nochmal einschalten wollen geht nicht. Etwas gewartet dann gings, stand ne Meldung da PC Konte nicht gestarten werden. Soll Pc normal gestartet werden oder als System Repair (oder so ähnlich), hierbei wird festgestellt warum der Pc nicht gestartet werden konnte, dabei wurden einige Aktionen durchgeführt und es gab auch einen Log.
An den bin ich aber nicht rangekommen, da pc wieder abstürzte..
Erneut hochgefahren, nach den Problemen geschaut, numero eins war das ein neuer Treiber für irgendwas von AMD benötigt würde...
Nummero 2 das der PC automatisch neugestartet wurde weil Antivirus ein Problem gemeldet hatte, das warscheinlich mit einem anderen Virenprogramm zusammenhängen würde...

Waren noch 3 weitere Probleme da zu sehen , aber dann ist er mir wieder abgestürzt..

Bei dem erneuten hochfahren kam wieder ein neuer Bildschirm den ich noch nie sah, dort Stand das Windows die Digitale Signatur dieser Datei nicht überprüfen konnte!
0xc0000428

Solle eine Windows cd einlegen und reparieren, ist ein Kauf Pc und ich habe keine Windows Cd nur so eine Anytime Upgrade, die mir aber nichts nützen wird...
Habe noch zwei Datensicherungs Cds, die ich damals als ich den Pc neu hatte erstellt habe, nützen die was???

Ansonsten habe ich nur noch einige Recovery Cds von Acer ?

Soderle was mache ich nun am besten??

Hab jetzt mal Avira deinstalliert, so erstmal läuft der Computer wieder...

Hier mal die Fehlermeldungen die ich finden konnte:

Fehler:

Code:

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Application Error" /> 

  <EventID Qualifiers="0">1000</EventID> 

  <Level>2</Level> 

  <Task>100</Task> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-17T10:25:55.000Z" /> 

  <EventRecordID>531116</EventRecordID> 

  <Channel>Application</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

- <EventData>

  <Data>ACER(N~1.SCR</Data> 

  <Data>0.0.0.0</Data> 

  <Data>2a425e19</Data> 

  <Data>kernel32.dll</Data> 

  <Data>6.0.6002.18005</Data> 

  <Data>49e037dd</Data> 

  <Data>0eedfade</Data> 

  <Data>0003fbae</Data> 

  <Data>38c</Data> 

  <Data>01cd042855678e80</Data> 

  </EventData>

  </Event>

Code:

 <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="volsnap" /> 

  <EventID Qualifiers="49158">35</EventID> 

  <Level>2</Level> 

  <Task>0</Task> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-11T22:53:41.780Z" /> 

  <EventRecordID>458213</EventRecordID> 

  <Channel>System</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

- <EventData>

  <Data>\Device\HarddiskVolumeShadowCopy17</Data> 

  <Data>C:</Data> 

  <Binary>000000000200300000000000230006C000000000000000000E000000000000000000000000000000</Binary> 

  </EventData>

  </Event>

Code:

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" /> 

  <EventID Qualifiers="49152">4609</EventID> 

  <Version>0</Version> 

  <Level>2</Level> 

  <Task>16</Task> 

  <Opcode>0</Opcode> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-17T10:26:57.000Z" /> 

  <EventRecordID>531122</EventRecordID> 

  <Correlation /> 

  <Execution ProcessID="0" ThreadID="0" /> 

  <Channel>Application</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

- <EventData>

  <Data Name="param1">d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp</Data> 

  <Data Name="param2">45</Data> 

  <Data Name="param3">8007043c</Data> 

  </EventData>

  </Event>

Code:

Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" /> 

  <EventID Qualifiers="49152">4609</EventID> 

  <Version>0</Version> 

  <Level>2</Level> 

  <Task>16</Task> 

  <Opcode>0</Opcode> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-17T09:33:31.000Z" /> 

  <EventRecordID>531108</EventRecordID> 

  <Correlation /> 

  <Execution ProcessID="0" ThreadID="0" /> 

  <Channel>Application</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

- <EventData>

  <Data Name="param1">d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp</Data> 

  <Data Name="param2">45</Data> 

  <Data Name="param3">8007043c</Data> 

  </EventData>

  </Event>

Dieser Fehler gleich 11Mal:

Code:

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> 

  <EventID Qualifiers="49152">10005</EventID> 

  <Version>0</Version> 

  <Level>2</Level> 

  <Task>0</Task> 

  <Opcode>0</Opcode> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-17T10:34:15.000Z" /> 

  <EventRecordID>461992</EventRecordID> 

  <Correlation /> 

  <Execution ProcessID="0" ThreadID="0" /> 

  <Channel>System</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

- <EventData>

  <Data Name="param1">1068</Data> 

  <Data Name="param2">BITS</Data> 

  <Data Name="param3" /> 

  <Data Name="param4">{4991D34B-80A1-4291-83B6-3328366B9097}</Data> 

  </EventData>

  </Event>

Warnungen:

Code:

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Microsoft-Windows-RasSstp" Guid="{6c260f2c-049a-43d8-bf4d-d350a4e6611a}" EventSourceName="RasSstp" /> 

  <EventID Qualifiers="0">18</EventID> 

  <Version>0</Version> 

  <Level>3</Level> 

  <Task>0</Task> 

  <Opcode>0</Opcode> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-17T10:36:09.000Z" /> 

  <EventRecordID>462079</EventRecordID> 

  <Correlation /> 

  <Execution ProcessID="0" ThreadID="0" /> 

  <Channel>System</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

- <EventData>

  <Data Name="Error Message">Das System kann die angegebene Datei nicht finden.</Data> 

  </EventData>

  </Event>

Code:

 <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="cdrom" /> 

  <EventID Qualifiers="32772">51</EventID> 

  <Level>3</Level> 

  <Task>0</Task> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-16T21:32:20.719Z" /> 

  <EventRecordID>461658</EventRecordID> 

  <Channel>System</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

- <EventData>

  <Data>\Device\CdRom0</Data> 

  <Binary>0F0068000100000000000000330004802D010000150000C000000000000000000000000000000000DC2C010000000000FFFFFFFF01000000400000C40200000000200A1248020040000000000401000000000000F012798500000000C004718548BC09840000000028000000000000000200000000000000700005000000000A00000000210000000000000000000000</Binary> 

  </EventData>

  </Event>

Code:

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="RemoteAccess" /> 

  <EventID Qualifiers="0">20192</EventID> 

  <Level>3</Level> 

  <Task>0</Task> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-17T10:36:18.000Z" /> 

  <EventRecordID>462089</EventRecordID> 

  <Channel>System</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

  <EventData /> 

  </Event>

Fehler:

Code:

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" /> 

  <EventID Qualifiers="49152">7026</EventID> 

  <Version>0</Version> 

  <Level>2</Level> 

  <Task>0</Task> 

  <Opcode>0</Opcode> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-17T10:17:14.000Z" /> 

  <EventRecordID>461983</EventRecordID> 

  <Correlation /> 

  <Execution ProcessID="0" ThreadID="0" /> 

  <Channel>System</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

- <EventData>

  <Data Name="param1">avipbb avkmgr spldr ssmdrv Wanarpv6</Data> 

  </EventData>

  </Event>

Code:

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" /> 

  <EventID Qualifiers="49152">4609</EventID> 

  <Version>0</Version> 

  <Level>2</Level> 

  <Task>16</Task> 

  <Opcode>0</Opcode> 

  <Keywords>0x80000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-17T10:26:57.000Z" /> 

  <EventRecordID>531122</EventRecordID> 

  <Correlation /> 

  <Execution ProcessID="0" ThreadID="0" /> 

  <Channel>Application</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security /> 

  </System>

- <EventData>

  <Data Name="param1">d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp</Data> 

  <Data Name="param2">45</Data> 

  <Data Name="param3">8007043c</Data> 

  </EventData>

  </Event>

Code:

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Microsoft-Windows-CodeIntegrity" Guid="{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}" /> 

  <EventID>3001</EventID> 

  <Version>0</Version> 

  <Level>3</Level> 

  <Task>1</Task> 

  <Opcode>101</Opcode> 

  <Keywords>0x8000000000000000</Keywords> 

  <TimeCreated SystemTime="2012-03-17T10:35:46.910Z" /> 

  <EventRecordID>19815</EventRecordID> 

  <Correlation /> 

  <Execution ProcessID="4" ThreadID="8" /> 

  <Channel>Microsoft-Windows-CodeIntegrity/Operational</Channel> 

  <Computer>Heiko-PC</Computer> 

  <Security UserID="S-1-5-18" /> 

  </System>

- <EventData>

  <Data Name="FileNameLength">30</Data> 

  <Data Name="FileNameBuffer">system32\drivers\PSDNServ.sys</Data> 

  </EventData>

  </Event>

Im ACEEventlog gibts noch ettliche informationen von Fehlern heute...

Das eine log von diesem System Repair konnte ich aber nicht finden..

Im moment geht der PC weider

Hab jetzt das eine Log gefunden:

Code:

Startup Repair diagnosis and repair log

---------------------------

Last successful boot time: 3/16/2012 9:13:38 PM (GMT)

Number of repair attempts: 1
 

Session details

---------------------------

System Disk = \Device\Harddisk0

Windows directory = C:\Windows

AutoChk Run = 0

Number of root causes = 1
 

Test Performed: 

---------------------------

Name: Check for updates

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms
 

Test Performed: 

---------------------------

Name: System disk test

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms
 

Test Performed: 

---------------------------

Name: Disk failure diagnosis

Result: Completed successfully. Error code =  0x0

Time taken = 218 ms
 

Test Performed: 

---------------------------

Name: Disk metadata test

Result: Completed successfully. Error code =  0x0

Time taken = 16 ms
 

Test Performed: 

---------------------------

Name: Target OS test

Result: Completed successfully. Error code =  0x0

Time taken = 140 ms
 

Test Performed: 

---------------------------

Name: Volume content check

Result: Completed successfully. Error code =  0x0

Time taken = 219 ms
 

Test Performed: 

---------------------------

Name: Boot manager diagnosis

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms
 

Test Performed: 

---------------------------

Name: System boot log diagnosis

Result: Completed successfully. Error code =  0x0

Time taken = 15 ms
 

Test Performed: 

---------------------------

Name: Event log diagnosis

Result: Completed successfully. Error code =  0x0

Time taken = 578 ms
 

Test Performed: 

---------------------------

Name: Internal state check

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms
 

Test Performed: 

---------------------------

Name: Boot status test

Result: Completed successfully. Error code =  0x0

Time taken = 15 ms
 

Test Performed: 

---------------------------

Name: Setup state check

Result: Completed successfully. Error code =  0x0

Time taken = 952 ms
 

Test Performed: 

---------------------------

Name: Registry hives test

Result: Completed successfully. Error code =  0x0

Time taken = 3120 ms
 

Test Performed: 

---------------------------

Name: Windows boot log diagnosis

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms
 

Test Performed: 

---------------------------

Name: Bugcheck analysis

Result: Completed successfully. Error code =  0x0

Time taken = 1154 ms
 

Test Performed: 

---------------------------

Name: Access control test

Result: Completed successfully. Error code =  0x0

Time taken = 27035 ms
 

Test Performed: 

---------------------------

Name: File system test (chkdsk)

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms
 

Test Performed: 

---------------------------

Name: Software installation log diagnosis

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms
 

Test Performed: 

---------------------------

Name: Fallback diagnosis

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms
 

Root cause found: 

---------------------------

Unspecified changes to system configuration might have caused the problem.
 

Repair action: System Restore

Result: Completed successfully. Error code =  0x0

Time taken = 68125 ms
 

---------------------------

---------------------------

Komisch im Log steht 16.3 obwohl doch heute der 17.3 ist ???? Datum und Uhrzeit des PC stimmt...

Ich kann mit diesen Logs nicht viel anfangen.
Was genau ist jetzt noch an Problemen offen

Im moment läuft der PC wieder, nur heute Morgen wollte er halt nicht anspringen hat wie beschrieben nur gepeept...
Ausserdem ist er ein paar mal abgestürzt.... Gab auch mal nen Bluescreen, dachte dieser wir im Minidump ordner gespeichert aber da ist nichts...
Kann man herrausfinden was daran schuld war das er abgesürzt ist??? So das vl. auch du verstehst woran es gelegen hat???

ps. von NTFS.sys stand da was...

Code:

Modul kernel32.dll, Version 6.0.6002, Zeitstempel 0x49e037dd, Ausnahmecode 0x0eedfade,

Fehleroffsett 0x0003fbae, Prozess-ID 0x38c, Anwendungsstartzeit 01cd042855678e80

habs mal abgeschrieben, copieren lässt es sich nicht....

Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen.

So kann man sehen ob sich da ein Hardwareproblem abzeichnet oder der Fehler eher in der Konfig in Windows und/oder im Dateisystem ist.

Lad dir mal sowas wie Knoppix oder Ubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon.
Teste dann mal ausgiebig das System unter Linux und berichte ob es dort normal läuft.

Danke werde ich mal austesten! Vorhin ging er wieder nicht an und Windows hat ein Startuprepair gemacht dann ging er...
Hab mir eine "Ultimate Boot CD" gebrannt, hab da anderswo von Gelesen und mit der mal so alles gemacht was ging, RAMTEST und Speicher geprüft, fehler wurden keine festgestellt, scheint alles ok zu sein...

Habe jetzt mal mit der Linux Cd probiert, das erstemal hat sie sich aufgehangen, aber dann ging sie konnte alles mache, hab etwas rumprobiert nichts ist abgestürzt oder so...

Danach bin ich auf Neustart und dann fuhr der Pc normal hoch. Er geht jetzt auch wieder nur blendet er ab und an eine Fehlermeldung in der Taskleiste ein. Datenträger C: dateisystemstruktur defekt und unbraucbar führen sie CHKDSK aus. Das kommt immer wenn ich ein Programm starte, sonst funktioniert alles...

Was heist das???

Hab jetzt mal das Laufwerk überprüft wie in der Meldung stand, hat so einiges repariert, mal sehen ob der PC nun stabil bleibt...

Code:

Dateisystem auf C: wird überprüft. Der Typ des Dateisystems ist NTFS. Die Volumebezeichnung lautet ACER. Einer der Datenträger muss auf Konsistenz überprüft werden. Sie können die Datenträgerüberprüfung abbrechen, aber es wird ausdrücklich empfohlen, den Vorgang fortzusetzen. Die Datenträgerüberprüfung wird jetzt ausgeführt. 190592 Datensätze verarbeitet. 2319 große Datensätze verarbeitet. 0 ungültige Datensätze verarbeitet. 0 E/A-Datensätze verarbeitet. 69 Analysedatensätze verarbeitet. 239890 Indexeinträge verarbeitet. CHKDSK stellt verlorene Dateien wieder her. 2 nicht indizierte Dateien verarbeitet. Verwaiste Datei WUREDI~1.BAK (37742) wird in Verzeichnisdatei 14308 wiederhergestellt. Verwaiste Datei wuredir.cab.bak (37742) wird in Verzeichnisdatei 14308 wiederhergestellt. 190592 Sicherheitsbeschreibungen verarbeitet. 199 nicht verwendete Indexeinträge aus Index $SII der Datei 0x9 werden aufgeräumt. 199 nicht verwendete Indexeinträge aus Index $SDH der Datei 0x9 werden aufgeräumt. 199 nicht verwendete Sicherheitsbeschreibungen werden aufgeräumt. 24650 Datendateien verarbeitet. CHKDSK überprüft USN-Journal... 37314520 USN-Bytes verarbeitet. Die Überprüfung von USN-Journal ist abgeschlossen. CHKDSK überprüft Dateidaten (Phase 4 von 5)... 190576 Dateien verarbeitet. Dateidatenüberprüfung beendet. CHKDSK überprüft freien Speicherplatz (Phase 5 von 5)... 6708882 freie Cluster verarbeitet. Verifizierung freien Speicherplatzes ist beendet. Fehler im Attribut BITMAP der Masterdateitabelle (MFT) werden berichtigt. Fehler in Volumebitmap werden berichtigt. Windows hat Probleme im Dateisystem behoben. 118696252 KB Speicherplatz auf dem Datenträger insgesamt 91489172 KB in 134050 Dateien 77320 KB in 24652 Indizes 0 KB in fehlerhaften Sektoren 294232 KB vom System benutzt 49520 KB von der Protokolldatei belegt 26835528 KB auf dem Datenträger verfügbar 4096 Bytes in jeder Zuordnungseinheit 29674063 Zuordnungseinheiten auf dem Datenträger insgesamt 6708882 Zuordnungseinheiten auf dem Datenträger verfügbar Interne Informationen: 80 e8 02 00 f9 6b 02 00 f2 3d 04 00 00 00 00 00 .....k...=...... 78 03 00 00 45 00 00 00 00 00 00 00 00 00 00 00 x...E........... 42 00 00 00 a2 73 e2 76 b0 83 3b 00 b0 7b 3b 00 B....s.v..;..{;. Die Überprüfung des Datenträgers wurde abgeschlossen. Bitte warten Sie bis der Computer neu gestartet wurde.

Du kannst nochmal ein Intensiv-CHKDSK machen

chkdsk der Systempartition unter Windows Vista und 7

1. Klick mit rechts auf einen freien Bereich auf dem Desktop und sag "Neu, Verknüpfung erstellen"
2. Tipp als Ziel cmd.exe ein und bestätige mit OK, eine neue Verknüpfung zur Konsole auf dem Desktop müsste sich nun befinden
3. Falls dem so ist, diese neue Verknüpfung rechtsklicken => Als Administrator ausführen => Sicherheitsabfrage von Vista Benutzerkontensteuerung ggf. bestätigen => schwarze Eingabeaufforderung öffnet sich
4. Tipp dort ein: chkdsk c: /f /r /v und bestätige mit enter.
5. Die folgende Abfrage mit j bestätigen und enter drücken.
6. Windows neu starten, es sollte ein Hinweis auf eine geplante Datenträgerüberprüfung erscheinen - die Zeit verstreichen lassen, keine Taste drücken!!
7. Abwarten bis der Vorgang abgeschlossen ist. Bei großen Partitionen kann es u.U. recht lange dauern. Windows bootet automatisch neu.

Habs wie beschriebe erledigt:

Code:

 Dateisystem auf C: wird überprüft. Der Typ des Dateisystems ist NTFS. Die Volumebezeichnung lautet ACER. Eine Datenträgerüberprüfung ist geplant. Die Datenträgerüberprüfung wird jetzt ausgeführt. 190592 Datensätze verarbeitet. 6393 große Datensätze verarbeitet. 0 ungültige Datensätze verarbeitet. 0 E/A-Datensätze verarbeitet. 69 Analysedatensätze verarbeitet. 244432 Indexeinträge verarbeitet. 0 nicht indizierte Dateien verarbeitet. 190592 Sicherheitsbeschreibungen verarbeitet. 241 nicht verwendete Indexeinträge aus Index $SII der Datei 0x9 werden aufgeräumt. 241 nicht verwendete Indexeinträge aus Index $SDH der Datei 0x9 werden aufgeräumt. 241 nicht verwendete Sicherheitsbeschreibungen werden aufgeräumt. 26921 Datendateien verarbeitet. CHKDSK überprüft USN-Journal... 35067136 USN-Bytes verarbeitet. Die Überprüfung von USN-Journal ist abgeschlossen. CHKDSK überprüft Dateidaten (Phase 4 von 5)... 190576 Dateien verarbeitet. Dateidatenüberprüfung beendet. CHKDSK überprüft freien Speicherplatz (Phase 5 von 5)... 14979070 freie Cluster verarbeitet. Verifizierung freien Speicherplatzes ist beendet. CHKDSK hat freien Speicher gefunden, der in der MFT-Bitmap (Master File Table) als zugeordnet gekennzeichnet ist. Windows hat Probleme im Dateisystem behoben. 118696252 KB Speicherplatz auf dem Datenträger insgesamt 58403600 KB in 142160 Dateien 83828 KB in 26922 Indizes 0 KB in fehlerhaften Sektoren 292544 KB vom System benutzt 49520 KB von der Protokolldatei belegt 59916280 KB auf dem Datenträger verfügbar 4096 Bytes in jeder Zuordnungseinheit 29674063 Zuordnungseinheiten auf dem Datenträger insgesamt 14979070 Zuordnungseinheiten auf dem Datenträger verfügbar Interne Informationen: 80 e8 02 00 86 94 02 00 0b 8c 04 00 00 00 00 00 ................ 99 03 00 00 45 00 00 00 00 00 00 00 00 00 00 00 ....E........... 42 00 00 00 a2 73 a9 77 40 85 0f 00 40 7d 0f 00 B....s.w@...@}.. Die Überprüfung des Datenträgers wurde abgeschlossen. Bitte warten Sie bis der Computer neu gestartet wurde.

Und nun? Läuft das System unter Windows jetzt besser?

Habe herrausgefunden, das wenn er kalt Startet irgend was schief läuft, er stürzt ab. Muss es paar mal starten dann geht er.
Ist er dann ne zeitlang gelaufen, das heist warm, kann ich ihn ohne Probleme starten.

Er läuft seitdem auf jedenfall besser.

Habe aber immer noch einige Fehleranzeigen in der Ereignissanzeige...
Viel zu viele:wtf:

Warum gibts nich einfach eine Cd die ich einlege und mir dann alles repariert??:crazy:

Was kann ich weiter probieren???

Hast du die Kaltstart oder nennen wir es mal "Kaltbetrieb" Probleme nur mit Windows oder auch mit Live-Linux?

Tag hab jetzt mal gestet, probleme gibts mit Live Linux nicht! Hab gestern gleich mal den Pc Kaltgestartet mit der Knoppix Cd. Ging , kurz laufen lassen und neu gestartet den Pc und da fuhr der Pc ohne Probleme hoch kein Absturz nichts!!!
Heute auch gleich nochmal mit der Knoppix Cd gestartet, funzte einwandfrei, danach Neustart und wieder geht der Pc einwandfrei!

Vorher hatte ich jeden Tag nach dem Starten von Windows einen Absturz, nach dem Vierten neustart ging der Pc dann ohne Probleme. Jeden tag das gleiche problem aber nach dem Viertnmal ging er wieder. Er ist auch immer genau zum gleichen zeitpunkt abgestürzt...

Ich werde morgen jetzt mal testen gleich mit Windows zu starten, mal sehen ob er wieder abstürzt.

Will auch mal testen wenn ich gleich einen Neustart mache, ohne mich bei Windows anzumelden, ob er dann läuft...

Hatte ich auch einmal gemacht dann ging er, aber vl. war das ja nur zufall...

Irgendwie glaube ich nun nimmer an einen Hardwaredefekt oder???

Na, Hardwaredefekt wird es wohl eher nicht sein. Aber frag mich nicht was genau da in Windows nicht richtig konfiguriert ist. Evtl. könnte mal ein Treiberupdate unter Windows helfen.

Tag , nach ein paar tagen ruhe wieder das gleiche...

Schuld ist eine gewisse ntkrnlpa.exe...

Code:

ntkrnlpa.exe        ntkrnlpa.exe+7d1c7        0x82202000        0x825bc000        0x003ba000        0x4ea6b87e        25.10.2011 15:24:14        Microsoft® Windows® Operating System        NT Kernel & System        6.0.6002.18533 (vistasp2_gdr.111025-0338)        Microsoft Corporation        C:\Windows\system32\ntkrnlpa.exe

Mal sehen ob es für dies Exe irgend nen Treiber gibt der nen update benötigt... oder sonstiges...

Wie stelle ich übrigens ein Windows Treiberupdate an?? Hab mal bei den Hardware geräten geschaut, dort sagts mir das die Treiber auf dem neuesten Stand sind...

Dann bietet dir Windows-Update keine neuen Treiber an. Da muss man dann manuell nach neuen Treibern auf der Herstellerseite nachsehen

Ok bedanke ich mich mal. Muss ich wohl durch und alle Treiber checken:rolleyes:
Das ganze Ostewochenende wieder verplant:rolleyes:

Musst du ja nicht am WE machen :D

Nochmal vielen dank! Der PC läuft jetzt wieder, was der Fehler war weiss ich nicht. Paar treiber neu, Windows updates??? Jetzt ist es auch wieder von natur wärmer, kein plan an was es gelegen hat..

Will dich auch nicht weiter belästigen, nur noch eine kleinigkeit...

Hab mir nun vor kurzem nach der Anleitung hier Google Chrome drauf gemacht und das Proggi Sandboxi.

Das komische wenn ich Google in der Sandbox wegixe kommt ein Fenster das Google nicht mehr Funktioniert und ob ich es neu starten möchte. Klicke ich auf nein kommt beim nächsten Start, "Chrome wurde nicht richtig beendet bla...."
Wie beende ich Chrome richtig:confused:

Desweiteren hatte ich die Freigabe ins Internet nur wenigen Programmen gewährt u.a. auch der Chrome.exe, funktionierte auch super. Bis vor kurzem wollte Sandboxie Chrome nicht mehr ins internet lassen obwohl die Chrome.exe freigegeben ist...
Habe dann eine neue Sandbox erstellt in der alles Freigegeben ist da funktioniert es, anders lässt er die Chrome.exe nicht rein obwohl die Freigegeben ist:confused:

Hoffe das ich dir bald ruhe gönnen kann:daumenhoc

Mit Sandboxie kann ich leider nicht weiterhelfen, ich nutze das Tool nicht. Meine Strategie mit eingeschränkten Rechten usw. ging bisher immer auf - zu Hause arbeitet eh fast nur mit Linux

Vllt kannst du zu Sandboxie einen separaten Strang zu machen

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Vielen Dank! Alle Punkte ausgeführt, somit dürften wir nun durch sein! ;)