5O euro Trojaner

reggie · 12.03.2012, 19:06

Guten Tag habe mir heute Morgen diesen 50ig Euro Trojaner eingefangen, der Angeblich von Avira und Kapersky ist und den Computer sperrt wegen Sicherheitgefährdenter Internetseiten die besucht wurden..

Hab jetzt mal HijackThis durchlaufen lassen.

Genau wie Malewarebytes.

IM Systemstart hatten sich zwei Programme eingeschlichen! Einmal eine Skype exe, die ich gleich gelöscht habe.
Das andere Programm hat Chinesische Schriftzeichen, auch der Ort ist in Chinesisch so das ich nicht weis wo genau es liegt...

Nunja ich hänge jetzt mal die Logfiles an:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:27:42, on 12.03.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Heiko\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 115.108.177.230:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1189262390\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe

--
End of file - 9119 bytes

Erstes Malewarebytes Log mit funden:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

12.03.2012 17:48:37
mbam-log-2012-03-12 (17-48-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 175212
Laufzeit: 7 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCU\SOFTWARE\MSupdate (Backdoor.CEP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\MSupdate (Backdoor.CEP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zweites LOG ohne Funde:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

12.03.2012 18:09:16
mbam-log-2012-03-12 (18-09-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 175495
Laufzeit: 8 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Habe das alles ohne dieses Bord durchgeführt, da ich es nicht kannte...
Wollte jetzt mal wissen ob alles wieder sauber ist, oder ich weitere Schritte erledigen muss?

gruß reggie

reggie · 12.03.2012, 19:18

Hier mal ein Screenshot, der im Systemstart befindlichen programme, das Skype habe ich bereits gelöscht...

Zudem hatten sich zur gleichen Urzeit als mein Pc gesperrt wurde einige Programme erstellt, die ich sofort gelöscht habe.
Anbei ein Screenshot davon:

cosinus · 12.03.2012, 20:08

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

reggie · 12.03.2012, 20:36

Hier erstmal das Malewarebytes Log, vorherige habe ich ja oben schon gepostet!

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

12.03.2012 20:25:44
mbam-log-2012-03-12 (20-25-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 176028
Laufzeit: 7 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

So jetzt mache ich das mit dem eset!

cosinus · 12.03.2012, 20:40

Du solltest einen Vollscan mti Malwarebytes machen und keinen Quickscan!

reggie · 12.03.2012, 23:43

Sorry nochmal Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

12.03.2012 22:34:29
mbam-log-2012-03-12 (22-34-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 311621
Laufzeit: 1 Stunde(n), 2 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Dann ESET, da wurde was gefunden!

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=32186a663c6ffd4f922973b38a60cb57
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-12 09:33:10
# local_time=2012-03-12 10:33:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 12972637 12972637 0 0
# compatibility_mode=5892 16776573 100 100 13628 169114303 0 0
# compatibility_mode=8192 67108863 100 0 4941 4941 0 0
# scanned=162121
# found=3
# cleaned=0
# scan_time=6414
C:\Program Files\FoxTabAVIConverter\AviConverter.exe	a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Heiko\AppData\Local\Temp\Main.class	Java/TrojanDownloader.Agent.NDQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Heiko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5440888e-4b461876	Java/Agent.EE trojan (unable to clean)	00000000000000000000000000000000	I

reggie · 13.03.2012, 11:09

Hab schonmal OTL drüberlaufen lassen:

Code:

ATTFilter

OTL logfile created on: 13.03.2012 10:30:50 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
893,77 Mb Total Physical Memory | 239,13 Mb Available Physical Memory | 26,76% Memory free
2,16 Gb Paging File | 0,47 Gb Available in Paging File | 21,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,20 Gb Total Space | 24,33 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Drive D: | 112,85 Gb Total Space | 6,22 Gb Free Space | 5,52% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 1,24 Gb Free Space | 33,14% Space Free | Partition Type: FAT32
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - c:\Programme\AOL\AOL Toolbar 4.0\AolTbServer.exe (AOL LLC)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\System32\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Programme\Common Files\aol\1189262390\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Windows\wanmpsvc.exe (America Online, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - c:\Programme\AOL\AOL Toolbar 4.0\apopup.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()
MOD - C:\Programme\ICQLite\ICQLiteShell.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\Windows\wanmpsvc.exe (America Online, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (StkTMini) -- C:\Windows\System32\drivers\StkTMini.sys (Syntek)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)
DRV - (ZD1211U(WLAN)) WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 115.108.177.230:1080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.09 09:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 13:07:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.23 08:00:19 | 000,000,000 | ---D | M]
 
[2009.01.12 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Extensions
[2012.02.01 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions
[2009.09.16 12:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.01 19:04:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.23 07:51:35 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml
[2009.06.01 18:29:41 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml
[2009.08.25 19:40:49 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml
[2009.11.08 17:14:11 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml
[2009.11.27 21:11:32 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml
[2009.12.18 13:24:03 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml
[2010.01.06 19:01:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml
[2010.02.18 20:07:52 | 000,000,961 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml
[2010.03.11 20:53:37 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml
[2010.03.23 20:20:17 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml
[2010.04.03 22:19:05 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml
[2007.10.28 12:52:31 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml
[2010.06.24 20:28:21 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml
[2010.06.28 16:39:24 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml
[2010.07.24 16:18:14 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml
[2010.07.26 19:02:40 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml
[2010.09.09 17:13:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml
[2010.09.16 19:11:59 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml
[2010.10.24 08:51:32 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml
[2010.10.30 10:12:17 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml
[2011.01.02 14:42:46 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml
[2011.03.10 21:06:58 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml
[2007.11.24 12:18:49 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml
[2008.04.16 19:19:24 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml
[2008.04.17 08:21:05 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml
[2008.12.23 20:02:07 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml
[2009.01.12 12:25:55 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml
[2009.01.12 12:46:16 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml
[2009.02.05 10:26:28 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml
[2009.06.07 13:21:06 | 000,000,944 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml
[2012.02.17 12:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.11 10:52:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.02 13:07:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2012.02.02 13:07:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.02 13:07:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.02 13:07:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 13:07:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 13:07:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 13:07:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.21 11:13:20 | 000,430,000 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	babe.the-killer.bz
O1 - Hosts: 127.0.0.1	www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1	babe.k-lined.com
O1 - Hosts: 127.0.0.1	www.babe.k-lined.com
O1 - Hosts: 127.0.0.1	did.i-used.cc
O1 - Hosts: 127.0.0.1	www.did.i-used.cc
O1 - Hosts: 127.0.0.1	coolwwwsearch.com
O1 - Hosts: 127.0.0.1	www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1	coolwebsearch.com
O1 - Hosts: 127.0.0.1	www.coolwebsearch.com
O1 - Hosts: 127.0.0.1	hi.studioaperto.net
O1 - Hosts: 127.0.0.1	www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1	wazzupnet.com
O1 - Hosts: 127.0.0.1	www.wazzupnet.com
O1 - Hosts: 127.0.0.1	gueb.com
O1 - Hosts: 127.0.0.1	www.gueb.com
O1 - Hosts: 127.0.0.1	kabex.com
O1 - Hosts: 127.0.0.1	www.kabex.com
O1 - Hosts: 127.0.0.1	hityou.com
O1 - Hosts: 127.0.0.1	www.hityou.com
O1 - Hosts: 127.0.0.1	miosearch.com
O1 - Hosts: 127.0.0.1	www.miosearch.com
O1 - Hosts: 127.0.0.1	blue-elefant.com
O1 - Hosts: 14814 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1189262390\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [捁牥吠畯r]  File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6B5357-A9D8-4C32-84DC-42ABD529A336}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A1050BE-A6CF-481B-BE23-A0A8E208FAFA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50BB292F-60ED-4692-A710-424913D3F639}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2DEC78-CAD0-46D4-A487-F50F0959DFBA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6A2FB18-98AD-4E0F-9662-5F975372D5FB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFA4E1FF-BFBB-4316-A7ED-DB5B3C572165}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\Desktop\DSC00303.JPG
O24 - Desktop BackupWallPaper: C:\Users\*****\Desktop\DSC00303.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 00:06:48 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe
[2012.03.12 20:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.12 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.03.12 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.12 17:37:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.12 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.12 17:36:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe
[2012.02.27 11:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.23 07:55:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.17 03:01:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.17 03:01:26 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.17 03:01:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.17 03:01:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.17 03:01:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.17 03:01:18 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.16 09:45:06 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 10:01:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 10:01:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 00:06:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.03.12 18:26:25 | 000,204,800 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.12 18:01:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 18:01:06 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.12 17:46:30 | 000,002,078 | ---- | M] () -- C:\Users\*****\Documents\cc_20120312_174619.reg
[2012.03.12 17:37:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 17:34:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe
[2012.03.12 13:36:37 | 000,000,680 | ---- | M] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2012.03.12 13:34:13 | 000,002,228 | ---- | M] () -- C:\Users\*****\Documents\cc_20120312_133407.reg
[2012.03.06 00:00:35 | 000,000,104 | ---- | M] () -- C:\Users\*****\Desktop\Papierkorb - Verknüpfung.lnk
[2012.03.03 22:39:37 | 000,432,883 | ---- | M] () -- C:\Users\*****\Documents\todesminen.pdf
[2012.03.02 22:12:22 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.02 22:12:22 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.02 22:12:22 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.02 22:12:22 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.27 14:39:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.27 11:50:20 | 000,257,668 | ---- | M] () -- C:\Users\*****\Documents\cc_20120227_114646.reg
[2012.02.27 11:36:20 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.23 10:56:05 | 000,000,407 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Checksum.ini
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.23 08:00:19 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.23 07:48:48 | 000,000,152 | ---- | M] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2012.02.17 03:24:38 | 000,270,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.15 19:57:52 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 17:46:23 | 000,002,078 | ---- | C] () -- C:\Users\*****\Documents\cc_20120312_174619.reg
[2012.03.12 17:41:03 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.12 17:37:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 13:36:37 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2012.03.12 13:34:11 | 000,002,228 | ---- | C] () -- C:\Users\*****\Documents\cc_20120312_133407.reg
[2012.03.06 00:00:35 | 000,000,104 | ---- | C] () -- C:\Users\*****\Desktop\Papierkorb - Verknüpfung.lnk
[2012.03.03 22:39:36 | 000,432,883 | ---- | C] () -- C:\Users\*****\Documents\todesminen.pdf
[2012.02.27 11:46:52 | 000,257,668 | ---- | C] () -- C:\Users\*****\Documents\cc_20120227_114646.reg
[2012.02.27 11:36:20 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.23 10:11:49 | 000,000,407 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Checksum.ini
[2012.02.23 08:00:19 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.23 08:00:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.23 07:46:36 | 000,000,152 | ---- | C] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2011.10.30 21:15:03 | 000,001,059 | ---- | C] () -- C:\Users\*****\AppData\Roaming\DVDSubEdit.ini
[2011.10.08 15:33:30 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011.03.27 16:28:44 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Roaming\FixVTS.ini
[2011.03.11 21:28:15 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.11 21:28:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.31 18:33:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.31 17:25:07 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.11.12 08:17:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== LOP Check ==========
 
[2012.02.11 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2010.08.05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2007.09.14 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQLite
[2011.02.03 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Local
[2011.08.15 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mkvtoolnix
[2011.08.06 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2010.01.19 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2012.03.12 17:59:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:59756FA4

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 13.03.2012 10:30:50 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
893,77 Mb Total Physical Memory | 239,13 Mb Available Physical Memory | 26,76% Memory free
2,16 Gb Paging File | 0,47 Gb Available in Paging File | 21,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,20 Gb Total Space | 24,33 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Drive D: | 112,85 Gb Total Space | 6,22 Gb Free Space | 5,52% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 1,24 Gb Free Space | 33,14% Space Free | Partition Type: FAT32
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16151656-9479-4499-BCD3-9F6C1AD4342E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{298DE6E7-3231-4C5A-A81D-DC5FDA973A93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{32E642EF-FB93-48F7-80B3-9E735281D31F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{48BDE921-305C-47C7-B4FF-B80D8745126C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5BF891C3-24C6-4C71-898E-3ACB9BF5840F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5D3F6CD5-180C-4F2E-896E-83FB24162273}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8022DD7C-CE5D-426A-87DD-D4B2119CF848}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{91886A2E-1A55-43D5-BFC5-864A8A35B39E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{99FDF929-22EE-405C-B6DE-C619EC907504}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ABF297D9-7B09-4D95-8770-D920326A13A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{AC453D09-D81F-45B8-A3EA-B32864A2B3AD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B44180F7-47D3-4231-97CE-63B832AEA34A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6435F4E-F006-4A42-9BE7-5C88E485B80A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069F99BF-5BC6-4333-96CF-5189FD2A89B0}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{0BA27B5E-C54E-4B55-9618-0FF7220DC2D1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{0D8CAA3C-61EC-4F8B-84D6-0FF4F946314E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{0E2D3D59-208A-4F74-8768-AEA828F96BFA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{189089C0-45BC-4C22-8E9B-99E7F58B7175}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{19D9B808-F746-490F-9010-5883CE8F3010}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{289CB4E1-815F-462B-BBF0-01C8B3A41583}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{3BAD34E0-589E-477B-8533-C815F2FA2DE2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1189262390\ee\aolsoftware.exe | 
"{3FCE4DCC-281E-491C-A583-0B88E5219DE3}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe | 
"{44295C03-C6D0-4A29-8F22-49A8955B686A}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe | 
"{4A1B6788-0617-4474-B729-C3EEAADFBE41}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe | 
"{51FB9794-B409-4D6B-B010-D45ABFC64F7C}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\update.exe | 
"{57C2586C-D9DE-497E-8FCC-6F3205CF9C02}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{5EB1AFD1-FD11-4B97-A213-5BB9CFFE55A8}" = protocol=6 | dir=in | app=c:\program files\common files\aolshare\sysinfo\sinf.exe | 
"{69B7054F-D4AD-446E-9B68-D554B3A1608B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{7010D6F6-5DE2-449A-B50F-6049E4BDAC9E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{74E03CB3-52EB-46E7-8A9E-A1C0E336C305}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe | 
"{818D0CC8-E5FA-44FD-8A36-7818D3ED063C}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe | 
"{851A7BF6-39F8-4166-9485-D3EFDE4BC411}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{85FF2D39-4205-4B94-898B-B8E59BD28592}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{8B878FED-2ADC-4CAC-88FD-0C851F0E4FE3}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe | 
"{8CFA3349-1CA8-4B62-AB71-3C92430D8F33}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{929FC9C6-7FEF-4662-8A9E-6D4E50AC1E49}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{93435471-75BE-41BE-86FA-2F6C73383396}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe | 
"{A157887B-BA1E-4497-B0A7-E222E8F96B68}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{A6650730-BF1E-4DA8-92E8-2B39CB1BA187}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe | 
"{AED97BBD-4321-4309-85D2-D46B5763C9B3}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe | 
"{B36F4AFD-4062-439B-84C4-C02240E9F018}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{B3A2DD6D-AFF4-444B-A593-11AB7A35892B}" = protocol=6 | dir=out | app=system | 
"{BB37C231-A786-47EA-8438-36A33C9A8792}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{BD4E8989-BEDD-4249-85C2-4576D5255BFF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{BFCCAF4B-933C-46A3-84AE-AA72E799E049}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\update.exe | 
"{BFFEBCDE-26F8-4811-B203-57C6349541F5}" = protocol=17 | dir=in | app=c:\program files\common files\aolshare\sysinfo\sinf.exe | 
"{C9A96EFA-49BD-4AC7-9C4D-A4465F16DC10}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe | 
"{D0C3F5EE-6AFC-42A4-BBE6-46AC0819FF87}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{D2BE195C-11FC-47DE-BEDA-6D8F40D35AEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D57FD54A-A2B4-471C-8482-BB6BEDAE0451}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{D75F59BE-0A40-4DA3-9D89-18A5C60DB45C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1189262390\ee\aolsoftware.exe | 
"{E06555F5-0FC7-4538-9BE3-3F21CCCFFD35}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{E07A494A-2AA0-41AD-8F9A-28E4418E8846}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{ECCFCF74-C86A-43FE-B2FB-30AC2969F788}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F0A04DF1-63B0-484F-BB50-054AADCE47B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{F150FF19-3D43-475A-A3C2-D0DCA6414F4E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{F1CCE602-48B7-47BC-ABD8-21B6CC8A7342}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{F5BEA71C-8E7A-4B05-A227-FC86467E35CE}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"TCP Query User{13DDBAA0-1B59-4783-B578-EF34F5A49914}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{24335CC3-74DD-4ACC-BF8B-E4FF54FE7B86}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{07C542AB-7B93-49D7-828C-EB41F1261964}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{E27EEA51-3D30-4A90-B878-5F0E016A3D3B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 26
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7
"{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{94F5A370-E9E0-E543-E33D-BB80C25967B9}" = ATI Catalyst Control Center Ex
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer Zone SoftDMA
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer Zone MakeDisk
"{B1914510-38B5-4835-83D8-A188073E542F}" = Cheetah Audio Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer Zone MagicDirector
"ActualCoach Bundesliga Manager_is1" = ActualCoach Bundesliga Manager 2.32
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" = 
"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner
"AVIedit 3.39" = AVIedit 3.39
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Collab" = Collab
"DivX Setup" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab" = DVDFab (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.1.3721 [2011-01-07]
"FL Studio 7" = FL Studio 7
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.22.804
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 4.9.0
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MPEG AVI DVD Cutter 1" = MPEG AVI DVD Cutter 1
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Native Instruments Limelite Solo" = Native Instruments Limelite Solo
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SubtitleCreator" = SubtitleCreator
"ViewpointMediaPlayer" = Viewpoint Media Player
"VobSub" = VobSub v2.23 (Remove Only)
"WinRAR archiver" = WinRAR
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

cosinus · 13.03.2012, 17:07

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

reggie · 13.03.2012, 17:10

Vielen, vielen dank dass du mich meiner annimst! Werde ich gleich erledigen!!

reggie · 13.03.2012, 17:48

So hier der OTL text:

Code:

ATTFilter

OTL logfile created on: 13.03.2012 17:16:42 - Run 2
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Heiko\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
893,77 Mb Total Physical Memory | 417,71 Mb Available Physical Memory | 46,74% Memory free
2,37 Gb Paging File | 0,96 Gb Available in Paging File | 40,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,20 Gb Total Space | 24,05 Gb Free Space | 21,25% Space Free | Partition Type: NTFS
Drive D: | 112,85 Gb Total Space | 6,22 Gb Free Space | 5,52% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 1,24 Gb Free Space | 33,14% Space Free | Partition Type: FAT32
 
Computer Name: ***** | User Name: Heiko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Heiko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\System32\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Windows\wanmpsvc.exe (America Online, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()
MOD - C:\Programme\ICQLite\ICQLiteShell.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\Windows\wanmpsvc.exe (America Online, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (StkTMini) -- C:\Windows\System32\drivers\StkTMini.sys (Syntek)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)
DRV - (ZD1211U(WLAN)) WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 115.108.177.230:1080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.09 09:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 13:07:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.13 10:55:15 | 000,000,000 | ---D | M]
 
[2009.01.12 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Extensions
[2012.02.01 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions
[2009.09.16 12:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.01 19:04:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.23 07:51:35 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml
[2009.06.01 18:29:41 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml
[2009.08.25 19:40:49 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml
[2009.11.08 17:14:11 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml
[2009.11.27 21:11:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml
[2009.12.18 13:24:03 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml
[2010.01.06 19:01:48 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml
[2010.02.18 20:07:52 | 000,000,961 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml
[2010.03.11 20:53:37 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml
[2010.03.23 20:20:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml
[2010.04.03 22:19:05 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml
[2007.10.28 12:52:31 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml
[2010.06.24 20:28:21 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml
[2010.06.28 16:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml
[2010.07.24 16:18:14 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml
[2010.07.26 19:02:40 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml
[2010.09.09 17:13:36 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml
[2010.09.16 19:11:59 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml
[2010.10.24 08:51:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml
[2010.10.30 10:12:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml
[2011.01.02 14:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml
[2011.03.10 21:06:58 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml
[2007.11.24 12:18:49 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml
[2008.04.16 19:19:24 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml
[2008.04.17 08:21:05 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml
[2008.12.23 20:02:07 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml
[2009.01.12 12:25:55 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml
[2009.01.12 12:46:16 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml
[2009.02.05 10:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml
[2009.06.07 13:21:06 | 000,000,944 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml
[2012.02.17 12:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.11 10:52:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.02 13:07:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.02 13:07:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.02 13:07:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.02 13:07:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 13:07:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 13:07:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 13:07:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.21 11:13:20 | 000,430,000 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	babe.the-killer.bz
O1 - Hosts: 127.0.0.1	www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1	babe.k-lined.com
O1 - Hosts: 127.0.0.1	www.babe.k-lined.com
O1 - Hosts: 127.0.0.1	did.i-used.cc
O1 - Hosts: 127.0.0.1	www.did.i-used.cc
O1 - Hosts: 127.0.0.1	coolwwwsearch.com
O1 - Hosts: 127.0.0.1	www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1	coolwebsearch.com
O1 - Hosts: 127.0.0.1	www.coolwebsearch.com
O1 - Hosts: 127.0.0.1	hi.studioaperto.net
O1 - Hosts: 127.0.0.1	www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1	wazzupnet.com
O1 - Hosts: 127.0.0.1	www.wazzupnet.com
O1 - Hosts: 127.0.0.1	gueb.com
O1 - Hosts: 127.0.0.1	www.gueb.com
O1 - Hosts: 127.0.0.1	kabex.com
O1 - Hosts: 127.0.0.1	www.kabex.com
O1 - Hosts: 127.0.0.1	hityou.com
O1 - Hosts: 127.0.0.1	www.hityou.com
O1 - Hosts: 127.0.0.1	miosearch.com
O1 - Hosts: 127.0.0.1	www.miosearch.com
O1 - Hosts: 127.0.0.1	blue-elefant.com
O1 - Hosts: 14814 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1189262390\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [捁牥吠畯r]  File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6B5357-A9D8-4C32-84DC-42ABD529A336}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A1050BE-A6CF-481B-BE23-A0A8E208FAFA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50BB292F-60ED-4692-A710-424913D3F639}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2DEC78-CAD0-46D4-A487-F50F0959DFBA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6A2FB18-98AD-4E0F-9662-5F975372D5FB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFA4E1FF-BFBB-4316-A7ED-DB5B3C572165}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Heiko\Desktop\DSC00303.JPG
O24 - Desktop BackupWallPaper: C:\Users\Heiko\Desktop\DSC00303.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: SkypeM - hkey= - key= -  File not found
MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
MsConfig - StartUpReg: 捁牥吠畯⁲敒業摮牥 - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: vidc.x264 - C:\Programme\x264vfw\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 00:06:48 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe
[2012.03.12 20:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.12 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\Heiko\AppData\Roaming\Malwarebytes
[2012.03.12 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.12 17:37:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.12 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.12 17:36:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe
[2012.02.27 11:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.24 11:46:13 | 000,000,000 | ---D | C] -- C:\Users\Heiko\Desktop\bluescreens
[2012.02.23 14:50:11 | 000,000,000 | ---D | C] -- C:\Users\Heiko\Desktop\bootcd
[2012.02.23 07:55:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 16:04:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 16:04:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 00:06:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe
[2012.03.12 18:26:25 | 000,204,800 | ---- | M] () -- C:\Users\Heiko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.12 18:01:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 18:01:06 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.12 17:46:30 | 000,002,078 | ---- | M] () -- C:\Users\Heiko\Documents\cc_20120312_174619.reg
[2012.03.12 17:37:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 17:34:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe
[2012.03.12 13:36:37 | 000,000,680 | ---- | M] () -- C:\Users\Heiko\AppData\Local\d3d9caps.dat
[2012.03.12 13:34:13 | 000,002,228 | ---- | M] () -- C:\Users\Heiko\Documents\cc_20120312_133407.reg
[2012.03.06 00:00:35 | 000,000,104 | ---- | M] () -- C:\Users\Heiko\Desktop\Papierkorb - Verknüpfung.lnk
[2012.03.03 22:39:37 | 000,432,883 | ---- | M] () -- C:\Users\Heiko\Documents\todesminen.pdf
[2012.03.02 22:12:22 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.02 22:12:22 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.02 22:12:22 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.02 22:12:22 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.27 11:50:20 | 000,257,668 | ---- | M] () -- C:\Users\Heiko\Documents\cc_20120227_114646.reg
[2012.02.27 11:36:20 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.23 10:56:05 | 000,000,407 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Checksum.ini
[2012.02.23 08:00:19 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.23 07:48:48 | 000,000,152 | ---- | M] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2012.02.17 03:24:38 | 000,270,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.15 19:57:52 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 17:46:23 | 000,002,078 | ---- | C] () -- C:\Users\Heiko\Documents\cc_20120312_174619.reg
[2012.03.12 17:41:03 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.12 17:37:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 13:36:37 | 000,000,680 | ---- | C] () -- C:\Users\Heiko\AppData\Local\d3d9caps.dat
[2012.03.12 13:34:11 | 000,002,228 | ---- | C] () -- C:\Users\Heiko\Documents\cc_20120312_133407.reg
[2012.03.06 00:00:35 | 000,000,104 | ---- | C] () -- C:\Users\Heiko\Desktop\Papierkorb - Verknüpfung.lnk
[2012.03.03 22:39:36 | 000,432,883 | ---- | C] () -- C:\Users\Heiko\Documents\todesminen.pdf
[2012.02.27 11:46:52 | 000,257,668 | ---- | C] () -- C:\Users\Heiko\Documents\cc_20120227_114646.reg
[2012.02.27 11:36:20 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.23 10:11:49 | 000,000,407 | ---- | C] () -- C:\Users\Heiko\AppData\Roaming\Checksum.ini
[2012.02.23 08:00:19 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.23 08:00:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.23 07:46:36 | 000,000,152 | ---- | C] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2011.10.30 21:15:03 | 000,001,059 | ---- | C] () -- C:\Users\Heiko\AppData\Roaming\DVDSubEdit.ini
[2011.10.08 15:33:30 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011.03.27 16:28:44 | 000,000,120 | ---- | C] () -- C:\Users\Heiko\AppData\Roaming\FixVTS.ini
[2011.03.11 21:28:15 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.11 21:28:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.31 18:33:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.31 17:25:07 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.11.12 08:17:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== LOP Check ==========
 
[2012.02.11 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DVDVideoSoft
[2010.08.05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQ
[2007.09.14 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQLite
[2011.02.03 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Local
[2011.08.15 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\mkvtoolnix
[2011.08.06 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\OpenOffice.org
[2010.01.19 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Ulead Systems
[2012.03.12 17:59:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.23 08:09:11 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Adobe
[2007.09.10 09:19:38 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\AdobeUM
[2010.07.23 19:42:03 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Ahead
[2008.09.08 17:49:21 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\AOL
[2011.10.31 09:22:55 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Apple Computer
[2007.09.08 10:39:07 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ATI
[2011.10.14 17:16:59 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Avira
[2008.08.16 08:54:09 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\AVS4YOU
[2011.02.03 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DivX
[2012.02.11 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DVDVideoSoft
[2010.08.05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQ
[2007.09.14 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQLite
[2007.09.08 10:38:35 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Identities
[2011.12.30 14:53:57 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\InstallShield
[2011.02.03 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Local
[2007.09.08 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Macromedia
[2012.03.12 17:37:38 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Media Center Programs
[2012.02.23 08:09:11 | 000,000,000 | --SD | M] -- C:\Users\Heiko\AppData\Roaming\Microsoft
[2011.08.15 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\mkvtoolnix
[2009.12.22 08:21:47 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Mozilla
[2010.07.23 19:06:54 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Nero
[2011.08.06 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\OpenOffice.org
[2010.01.19 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Ulead Systems
[2007.09.08 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\WinRAR
[2007.09.08 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\You've Got Pictures Screensaver
 
< %APPDATA%\*.exe /s >
[2008.06.14 18:12:07 | 019,900,192 | ---- | M] (                                   ) -- C:\Users\Heiko\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2006.08.14 05:27:02 | 000,117,760 | ---- | M] (ATI Technologies Inc.) MD5=6241F2C3073FEAB1EB1BCEE7EEE7A95A -- C:\DRV\ATI-8.31\8.31\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2006.08.14 05:27:02 | 000,117,760 | ---- | M] (ATI Technologies Inc.) MD5=6241F2C3073FEAB1EB1BCEE7EEE7A95A -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_f6dd3386\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.09.09 02:01:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.09 02:01:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:59756FA4

< End of report >

cosinus · 13.03.2012, 17:59

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://suche.aol.de/suche/web/search.jsp?q={searchTerms}
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 115.108.177.230:1080
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2009.09.16 12:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.01 19:04:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.23 07:51:35 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml
[2009.06.01 18:29:41 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml
[2009.08.25 19:40:49 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml
[2009.11.08 17:14:11 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml
[2009.11.27 21:11:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml
[2009.12.18 13:24:03 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml
[2010.01.06 19:01:48 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml
[2010.02.18 20:07:52 | 000,000,961 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml
[2010.03.11 20:53:37 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml
[2010.03.23 20:20:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml
[2010.04.03 22:19:05 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml
[2007.10.28 12:52:31 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml
[2010.06.24 20:28:21 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml
[2010.06.28 16:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml
[2010.07.24 16:18:14 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml
[2010.07.26 19:02:40 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml
[2010.09.09 17:13:36 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml
[2010.09.16 19:11:59 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml
[2010.10.24 08:51:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml
[2010.10.30 10:12:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml
[2011.01.02 14:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml
[2011.03.10 21:06:58 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml
[2007.11.24 12:18:49 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml
[2008.04.16 19:19:24 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml
[2008.04.17 08:21:05 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml
[2008.12.23 20:02:07 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml
[2009.01.12 12:25:55 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml
[2009.01.12 12:46:16 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml
[2009.02.05 10:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml
[2009.06.07 13:21:06 | 000,000,944 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml
[2009.06.11 10:52:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [捁牥吠畯r]  File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:59756FA4
:Files
c:\Programme\AOL\AOL Toolbar 4.0
C:\Programme\ICQ6Toolbar
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

reggie · 13.03.2012, 18:18

So das hat erstmal geklappt! Danke!

Code:

ATTFilter

All processes killed
========== OTL ==========
Process ICQ Service.exe killed successfully!
No active process named TeaTimer.exe was found!
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully!
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78}\ not found.
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}\ not found.
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Programme\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ deleted successfully.
C:\Windows\System32\eDStoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
File C:\Windows\System32\eDStoolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Run\\捁牥吠畯r deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar-Suche\ deleted successfully.
File Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found.
File C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ not found.
File J:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{419d7449-eec1-11dc-9c12-00040e10bcda}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{419d7449-eec1-11dc-9c12-00040e10bcda}\ not found.
File K:\LaunchU3.exe -a not found.
ADS C:\ProgramData\TEMP:59756FA4 deleted successfully.
========== FILES ==========
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\ui folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\rss folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\buttons folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\ba folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\aimPages folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0 folder moved successfully.
File\Folder C:\Programme\ICQ6Toolbar not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Heiko
->Temp folder emptied: 27690081 bytes
->Temporary Internet Files folder emptied: 74491895 bytes
->Java cache emptied: 15183729 bytes
->FireFox cache emptied: 48911267 bytes
->Flash cache emptied: 2808 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 847872 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526186 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 160,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.3 log created on 03132012_180947

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 13.03.2012, 19:08

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

reggie · 13.03.2012, 19:16

Also hier weiter gehts:

Code:

ATTFilter

19:11:33.0113 2876	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
19:11:33.0503 2876	============================================================
19:11:33.0503 2876	Current date / time: 2012/03/13 19:11:33.0503
19:11:33.0503 2876	SystemInfo:
19:11:33.0503 2876	
19:11:33.0503 2876	OS Version: 6.0.6002 ServicePack: 2.0
19:11:33.0503 2876	Product type: Workstation
19:11:33.0503 2876	ComputerName: HEIKO-PC
19:11:33.0503 2876	UserName: Heiko
19:11:33.0503 2876	Windows directory: C:\Windows
19:11:33.0503 2876	System windows directory: C:\Windows
19:11:33.0503 2876	Processor architecture: Intel x86
19:11:33.0503 2876	Number of processors: 2
19:11:33.0503 2876	Page size: 0x1000
19:11:33.0503 2876	Boot type: Normal boot
19:11:33.0503 2876	============================================================
19:11:35.0250 2876	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:11:35.0359 2876	Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:11:35.0421 2876	\Device\Harddisk0\DR0:
19:11:35.0437 2876	MBR used
19:11:35.0437 2876	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0xDAA87C, BlocksNum 0xE265279
19:11:35.0437 2876	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF00FAF5, BlocksNum 0xE1B4A8C
19:11:35.0437 2876	\Device\Harddisk1\DR1:
19:11:35.0437 2876	MBR used
19:11:35.0437 2876	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD0
19:11:35.0671 2876	Initialize success
19:11:35.0671 2876	============================================================
19:13:02.0407 2552	============================================================
19:13:02.0407 2552	Scan started
19:13:02.0407 2552	Mode: Manual; SigCheck; TDLFS; 
19:13:02.0407 2552	============================================================
19:13:05.0215 2552	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:13:05.0496 2552	ACPI - ok
19:13:05.0667 2552	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:13:05.0777 2552	adp94xx - ok
19:13:05.0964 2552	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:13:06.0026 2552	adpahci - ok
19:13:06.0104 2552	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:13:06.0151 2552	adpu160m - ok
19:13:06.0167 2552	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:13:06.0245 2552	adpu320 - ok
19:13:06.0416 2552	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:13:06.0728 2552	AFD - ok
19:13:06.0853 2552	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:13:06.0915 2552	agp440 - ok
19:13:07.0009 2552	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:13:07.0071 2552	aic78xx - ok
19:13:07.0087 2552	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:13:07.0134 2552	aliide - ok
19:13:07.0305 2552	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:13:07.0352 2552	amdagp - ok
19:13:07.0399 2552	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:13:07.0446 2552	amdide - ok
19:13:07.0571 2552	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:13:07.0805 2552	AmdK7 - ok
19:13:07.0992 2552	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:13:08.0117 2552	AmdK8 - ok
19:13:08.0304 2552	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:13:08.0351 2552	arc - ok
19:13:08.0382 2552	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:13:08.0429 2552	arcsas - ok
19:13:08.0553 2552	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:08.0694 2552	AsyncMac - ok
19:13:08.0803 2552	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:13:08.0819 2552	atapi - ok
19:13:08.0834 2552	AtiPcie         (b44417b29c4760a86f65702fd92ea3d7) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:13:08.0959 2552	AtiPcie - ok
19:13:09.0053 2552	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
19:13:09.0131 2552	avgntflt - ok
19:13:09.0224 2552	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
19:13:09.0271 2552	avipbb - ok
19:13:09.0302 2552	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:13:09.0302 2552	avkmgr - ok
19:13:09.0411 2552	AVMUNET         (74463afc648ad3c2fd4bc25b711fda7f) C:\Windows\system32\DRIVERS\avmunet.sys
19:13:09.0443 2552	AVMUNET ( UnsignedFile.Multi.Generic ) - warning
19:13:09.0443 2552	AVMUNET - detected UnsignedFile.Multi.Generic (1)
19:13:09.0552 2552	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:13:09.0630 2552	Beep - ok
19:13:09.0708 2552	blbdrive - ok
19:13:09.0755 2552	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:13:09.0833 2552	bowser - ok
19:13:09.0926 2552	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:13:10.0082 2552	BrFiltLo - ok
19:13:10.0160 2552	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:13:10.0238 2552	BrFiltUp - ok
19:13:10.0347 2552	Bridge          (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:13:10.0394 2552	Bridge - ok
19:13:10.0410 2552	BridgeMP        (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:13:10.0441 2552	BridgeMP - ok
19:13:10.0472 2552	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:13:10.0581 2552	Brserid - ok
19:13:10.0706 2552	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:13:10.0815 2552	BrSerWdm - ok
19:13:10.0878 2552	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:13:10.0971 2552	BrUsbMdm - ok
19:13:11.0018 2552	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:13:11.0127 2552	BrUsbSer - ok
19:13:11.0237 2552	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:13:11.0346 2552	BTHMODEM - ok
19:13:11.0439 2552	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:13:11.0517 2552	cdfs - ok
19:13:11.0642 2552	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:13:11.0705 2552	cdrom - ok
19:13:11.0814 2552	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
19:13:11.0907 2552	circlass - ok
19:13:11.0954 2552	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:13:12.0017 2552	CLFS - ok
19:13:12.0095 2552	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:13:12.0126 2552	cmdide - ok
19:13:12.0157 2552	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:13:12.0204 2552	Compbatt - ok
19:13:12.0235 2552	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:13:12.0282 2552	crcdisk - ok
19:13:12.0360 2552	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:13:12.0453 2552	Crusoe - ok
19:13:12.0500 2552	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:13:12.0547 2552	DfsC - ok
19:13:12.0656 2552	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:13:12.0687 2552	disk - ok
19:13:12.0828 2552	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:13:12.0890 2552	drmkaud - ok
19:13:12.0999 2552	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:13:13.0046 2552	DXGKrnl - ok
19:13:13.0062 2552	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:13:13.0202 2552	E1G60 - ok
19:13:13.0343 2552	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:13:13.0405 2552	Ecache - ok
19:13:13.0514 2552	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:13:13.0561 2552	elxstor - ok
19:13:13.0655 2552	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:13:13.0717 2552	exfat - ok
19:13:13.0779 2552	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:13:13.0842 2552	fastfat - ok
19:13:13.0904 2552	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:13:13.0967 2552	fdc - ok
19:13:14.0076 2552	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:13:14.0123 2552	FileInfo - ok
19:13:14.0154 2552	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:13:14.0232 2552	Filetrace - ok
19:13:14.0310 2552	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:13:14.0419 2552	flpydisk - ok
19:13:14.0466 2552	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:13:14.0528 2552	FltMgr - ok
19:13:14.0622 2552	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:13:14.0684 2552	Fs_Rec - ok
19:13:14.0715 2552	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:13:14.0762 2552	gagp30kx - ok
19:13:14.0840 2552	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:13:14.0965 2552	HdAudAddService - ok
19:13:15.0027 2552	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:15.0121 2552	HDAudBus - ok
19:13:15.0183 2552	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:13:15.0308 2552	HidBth - ok
19:13:15.0386 2552	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
19:13:15.0464 2552	HidIr - ok
19:13:15.0573 2552	HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
19:13:15.0683 2552	HidUsb - ok
19:13:15.0698 2552	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:13:15.0745 2552	HpCISSs - ok
19:13:15.0854 2552	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:13:16.0010 2552	HTTP - ok
19:13:16.0182 2552	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:13:16.0213 2552	i2omp - ok
19:13:16.0291 2552	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:13:16.0353 2552	i8042prt - ok
19:13:16.0463 2552	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:13:16.0509 2552	iaStorV - ok
19:13:16.0556 2552	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:13:16.0603 2552	iirsp - ok
19:13:16.0681 2552	int15           (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
19:13:16.0712 2552	int15 - ok
19:13:16.0853 2552	IntcAzAudAddService (aef2fa29204056b81bc4cbf30260dee1) C:\Windows\system32\drivers\RTKVHDA.sys
19:13:16.0977 2552	IntcAzAudAddService - ok
19:13:17.0071 2552	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
19:13:17.0118 2552	intelide - ok
19:13:17.0165 2552	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:13:17.0211 2552	intelppm - ok
19:13:17.0336 2552	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:13:17.0414 2552	IpFilterDriver - ok
19:13:17.0492 2552	IpInIp - ok
19:13:17.0539 2552	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:13:17.0648 2552	IPMIDRV - ok
19:13:17.0757 2552	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:13:17.0820 2552	IPNAT - ok
19:13:17.0851 2552	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:13:17.0929 2552	IRENUM - ok
19:13:18.0023 2552	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:13:18.0069 2552	isapnp - ok
19:13:18.0101 2552	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:13:18.0132 2552	iScsiPrt - ok
19:13:18.0225 2552	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:13:18.0272 2552	iteatapi - ok
19:13:18.0303 2552	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:13:18.0319 2552	iteraid - ok
19:13:18.0413 2552	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:13:18.0459 2552	kbdclass - ok
19:13:18.0506 2552	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:13:18.0569 2552	kbdhid - ok
19:13:18.0678 2552	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:13:18.0740 2552	KSecDD - ok
19:13:18.0803 2552	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:13:18.0881 2552	lltdio - ok
19:13:18.0990 2552	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:13:19.0037 2552	LSI_FC - ok
19:13:19.0052 2552	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:13:19.0099 2552	LSI_SAS - ok
19:13:19.0193 2552	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:13:19.0239 2552	LSI_SCSI - ok
19:13:19.0286 2552	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:13:19.0333 2552	luafv - ok
19:13:19.0427 2552	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:13:19.0458 2552	MBAMProtector - ok
19:13:19.0520 2552	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:13:19.0551 2552	megasas - ok
19:13:19.0661 2552	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:13:19.0754 2552	Modem - ok
19:13:19.0863 2552	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:13:19.0910 2552	monitor - ok
19:13:19.0941 2552	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:13:19.0973 2552	mouclass - ok
19:13:20.0066 2552	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:13:20.0144 2552	mouhid - ok
19:13:20.0175 2552	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:13:20.0222 2552	MountMgr - ok
19:13:20.0331 2552	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:13:20.0378 2552	mpio - ok
19:13:20.0409 2552	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:13:20.0472 2552	mpsdrv - ok
19:13:20.0581 2552	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:13:20.0628 2552	Mraid35x - ok
19:13:20.0643 2552	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:13:20.0753 2552	MRxDAV - ok
19:13:20.0862 2552	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:13:20.0924 2552	mrxsmb - ok
19:13:21.0033 2552	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:13:21.0096 2552	mrxsmb10 - ok
19:13:21.0205 2552	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:13:21.0267 2552	mrxsmb20 - ok
19:13:21.0361 2552	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:13:21.0408 2552	msahci - ok
19:13:21.0439 2552	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:13:21.0486 2552	msdsm - ok
19:13:21.0611 2552	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:13:21.0673 2552	Msfs - ok
19:13:21.0782 2552	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:13:21.0829 2552	msisadrv - ok
19:13:21.0860 2552	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:13:21.0938 2552	MSKSSRV - ok
19:13:22.0047 2552	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:13:22.0094 2552	MSPCLOCK - ok
19:13:22.0110 2552	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:13:22.0157 2552	MSPQM - ok
19:13:22.0188 2552	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:13:22.0235 2552	MsRPC - ok
19:13:22.0328 2552	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:13:22.0344 2552	mssmbios - ok
19:13:22.0375 2552	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:13:22.0422 2552	MSTEE - ok
19:13:22.0469 2552	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:13:22.0515 2552	Mup - ok
19:13:22.0625 2552	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:13:22.0703 2552	NativeWifiP - ok
19:13:22.0827 2552	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:13:22.0874 2552	NDIS - ok
19:13:22.0921 2552	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:22.0999 2552	NdisTapi - ok
19:13:23.0093 2552	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:23.0171 2552	Ndisuio - ok
19:13:23.0217 2552	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:23.0264 2552	NdisWan - ok
19:13:23.0373 2552	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:13:23.0451 2552	NDProxy - ok
19:13:23.0545 2552	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:13:23.0623 2552	NetBIOS - ok
19:13:23.0670 2552	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:13:23.0748 2552	netbt - ok
19:13:23.0857 2552	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:13:23.0904 2552	nfrd960 - ok
19:13:23.0951 2552	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:13:24.0029 2552	Npfs - ok
19:13:24.0122 2552	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:13:24.0200 2552	nsiproxy - ok
19:13:24.0263 2552	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:13:24.0356 2552	Ntfs - ok
19:13:24.0465 2552	NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:13:24.0512 2552	NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
19:13:24.0512 2552	NTIDrvr - detected UnsignedFile.Multi.Generic (1)
19:13:24.0590 2552	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:13:24.0699 2552	ntrigdigi - ok
19:13:24.0746 2552	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:13:24.0824 2552	Null - ok
19:13:24.0918 2552	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:13:24.0949 2552	nvraid - ok
19:13:24.0965 2552	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:13:24.0980 2552	nvstor - ok
19:13:25.0011 2552	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:13:25.0027 2552	nv_agp - ok
19:13:25.0043 2552	NwlnkFlt - ok
19:13:25.0058 2552	NwlnkFwd - ok
19:13:25.0167 2552	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:13:25.0199 2552	ohci1394 - ok
19:13:25.0323 2552	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:13:25.0401 2552	Parport - ok
19:13:25.0433 2552	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:13:25.0479 2552	partmgr - ok
19:13:25.0573 2552	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:13:25.0635 2552	Parvdm - ok
19:13:25.0682 2552	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:13:25.0729 2552	pci - ok
19:13:25.0807 2552	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:13:25.0869 2552	pciide - ok
19:13:25.0901 2552	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:13:25.0947 2552	pcmcia - ok
19:13:26.0088 2552	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:13:26.0244 2552	PEAUTH - ok
19:13:26.0415 2552	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:13:26.0478 2552	PptpMiniport - ok
19:13:26.0509 2552	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:13:26.0603 2552	Processor - ok
19:13:26.0712 2552	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:13:26.0774 2552	PSched - ok
19:13:26.0790 2552	PSDFilter       (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys
19:13:26.0837 2552	PSDFilter ( UnsignedFile.Multi.Generic ) - warning
19:13:26.0837 2552	PSDFilter - detected UnsignedFile.Multi.Generic (1)
19:13:26.0915 2552	PSDNServ        (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys
19:13:26.0930 2552	PSDNServ ( UnsignedFile.Multi.Generic ) - warning
19:13:26.0930 2552	PSDNServ - detected UnsignedFile.Multi.Generic (1)
19:13:26.0961 2552	psdvdisk        (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys
19:13:27.0008 2552	psdvdisk ( UnsignedFile.Multi.Generic ) - warning
19:13:27.0008 2552	psdvdisk - detected UnsignedFile.Multi.Generic (1)
19:13:27.0133 2552	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:13:27.0227 2552	ql2300 - ok
19:13:27.0320 2552	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:13:27.0351 2552	ql40xx - ok
19:13:27.0398 2552	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:13:27.0476 2552	QWAVEdrv - ok
19:13:27.0632 2552	R300            (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys
19:13:27.0819 2552	R300 - ok
19:13:27.0913 2552	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:13:27.0960 2552	RasAcd - ok
19:13:28.0053 2552	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:28.0131 2552	Rasl2tp - ok
19:13:28.0178 2552	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:28.0241 2552	RasPppoe - ok
19:13:28.0303 2552	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:13:28.0350 2552	RasSstp - ok
19:13:28.0412 2552	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:13:28.0459 2552	rdbss - ok
19:13:28.0521 2552	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:28.0584 2552	RDPCDD - ok
19:13:28.0646 2552	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:13:28.0755 2552	rdpdr - ok
19:13:28.0833 2552	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:13:28.0911 2552	RDPENCDD - ok
19:13:28.0974 2552	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:13:29.0036 2552	RDPWD - ok
19:13:29.0192 2552	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:13:29.0239 2552	rspndr - ok
19:13:29.0317 2552	RT73            (0ab8d9d7c5ac81fc736d7c208f737570) C:\Windows\system32\DRIVERS\Dr71WU.sys
19:13:29.0411 2552	RT73 - ok
19:13:29.0489 2552	s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
19:13:29.0535 2552	s1018bus - ok
19:13:29.0613 2552	s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
19:13:29.0645 2552	s1018mdfl - ok
19:13:29.0691 2552	s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
19:13:29.0738 2552	s1018mdm - ok
19:13:29.0801 2552	s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
19:13:29.0879 2552	s1018mgmt - ok
19:13:29.0972 2552	s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
19:13:30.0003 2552	s1018nd5 - ok
19:13:30.0050 2552	s1018obex       (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
19:13:30.0097 2552	s1018obex - ok
19:13:30.0191 2552	s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
19:13:30.0237 2552	s1018unic - ok
19:13:30.0284 2552	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:13:30.0315 2552	sbp2port - ok
19:13:30.0425 2552	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:13:30.0549 2552	secdrv - ok
19:13:30.0627 2552	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:13:30.0705 2552	Serenum - ok
19:13:30.0768 2552	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:13:30.0846 2552	Serial - ok
19:13:30.0955 2552	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:13:31.0017 2552	sermouse - ok
19:13:31.0064 2552	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:13:31.0173 2552	sffdisk - ok
19:13:31.0283 2552	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:13:31.0376 2552	sffp_mmc - ok
19:13:31.0392 2552	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:13:31.0501 2552	sffp_sd - ok
19:13:31.0595 2552	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:13:31.0704 2552	sfloppy - ok
19:13:31.0813 2552	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:13:31.0844 2552	sisagp - ok
19:13:31.0875 2552	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:13:31.0907 2552	SiSRaid2 - ok
19:13:32.0016 2552	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:13:32.0047 2552	SiSRaid4 - ok
19:13:32.0109 2552	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:13:32.0187 2552	Smb - ok
19:13:32.0281 2552	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:13:32.0312 2552	spldr - ok
19:13:32.0359 2552	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:13:32.0468 2552	srv - ok
19:13:32.0562 2552	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:13:32.0655 2552	srv2 - ok
19:13:32.0765 2552	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:13:32.0827 2552	srvnet - ok
19:13:32.0889 2552	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:13:32.0921 2552	ssmdrv - ok
19:13:32.0999 2552	StkAMini        (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys
19:13:33.0061 2552	StkAMini ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0061 2552	StkAMini - detected UnsignedFile.Multi.Generic (1)
19:13:33.0155 2552	StkScan         (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys
19:13:33.0201 2552	StkScan ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0201 2552	StkScan - detected UnsignedFile.Multi.Generic (1)
19:13:33.0311 2552	StkTMini        (0933717146e8054f133b5bdb874ef9fa) C:\Windows\system32\Drivers\StkTMini.sys
19:13:33.0404 2552	StkTMini ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0404 2552	StkTMini - detected UnsignedFile.Multi.Generic (1)
19:13:33.0513 2552	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:13:33.0545 2552	swenum - ok
19:13:33.0576 2552	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:13:33.0607 2552	Symc8xx - ok
19:13:33.0623 2552	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:13:33.0669 2552	Sym_hi - ok
19:13:33.0747 2552	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:13:33.0779 2552	Sym_u3 - ok
19:13:33.0841 2552	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
19:13:33.0888 2552	taphss - ok
19:13:34.0013 2552	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:13:34.0075 2552	Tcpip - ok
19:13:34.0231 2552	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:13:34.0309 2552	Tcpip6 - ok
19:13:34.0387 2552	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:13:34.0527 2552	tcpipreg - ok
19:13:34.0637 2552	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:13:34.0683 2552	TDPIPE - ok
19:13:34.0715 2552	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:13:34.0793 2552	TDTCP - ok
19:13:34.0886 2552	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:13:34.0933 2552	tdx - ok
19:13:34.0980 2552	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:13:35.0011 2552	TermDD - ok
19:13:35.0151 2552	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:13:35.0229 2552	tssecsrv - ok
19:13:35.0354 2552	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:13:35.0432 2552	tunmp - ok
19:13:35.0541 2552	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:13:35.0557 2552	tunnel - ok
19:13:35.0588 2552	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:13:35.0635 2552	uagp35 - ok
19:13:35.0713 2552	UBHelper        (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys
19:13:35.0744 2552	UBHelper ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0744 2552	UBHelper - detected UnsignedFile.Multi.Generic (1)
19:13:35.0791 2552	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:13:35.0853 2552	udfs - ok
19:13:35.0963 2552	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:13:35.0994 2552	uliagpkx - ok
19:13:36.0025 2552	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:13:36.0072 2552	uliahci - ok
19:13:36.0165 2552	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:13:36.0197 2552	UlSata - ok
19:13:36.0212 2552	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:13:36.0259 2552	ulsata2 - ok
19:13:36.0306 2552	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:13:36.0384 2552	umbus - ok
19:13:36.0477 2552	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:13:36.0555 2552	usbaudio - ok
19:13:36.0665 2552	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:13:36.0743 2552	usbccgp - ok
19:13:36.0836 2552	usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
19:13:36.0914 2552	usbcir - ok
19:13:37.0023 2552	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:13:37.0101 2552	usbehci - ok
19:13:37.0195 2552	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:13:37.0273 2552	usbhub - ok
19:13:37.0382 2552	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:13:37.0445 2552	usbohci - ok
19:13:37.0476 2552	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:13:37.0554 2552	usbprint - ok
19:13:37.0647 2552	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:13:37.0710 2552	USBSTOR - ok
19:13:37.0741 2552	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
19:13:37.0819 2552	usbuhci - ok
19:13:37.0944 2552	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:13:38.0053 2552	vga - ok
19:13:38.0162 2552	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:13:38.0225 2552	VgaSave - ok
19:13:38.0256 2552	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:13:38.0287 2552	viaagp - ok
19:13:38.0381 2552	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:13:38.0459 2552	ViaC7 - ok
19:13:38.0537 2552	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:13:38.0568 2552	viaide - ok
19:13:38.0615 2552	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:13:38.0646 2552	volmgr - ok
19:13:38.0693 2552	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:13:38.0739 2552	volmgrx - ok
19:13:38.0849 2552	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:13:38.0864 2552	volsnap - ok
19:13:38.0895 2552	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:13:38.0927 2552	vsmraid - ok
19:13:39.0036 2552	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:13:39.0129 2552	WacomPen - ok
19:13:39.0161 2552	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:39.0223 2552	Wanarp - ok
19:13:39.0223 2552	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:39.0254 2552	Wanarpv6 - ok
19:13:39.0348 2552	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
19:13:39.0410 2552	wanatw - ok
19:13:39.0519 2552	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:13:39.0551 2552	Wd - ok
19:13:39.0597 2552	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:13:39.0675 2552	Wdf01000 - ok
19:13:39.0847 2552	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:13:39.0941 2552	WmiAcpi - ok
19:13:40.0050 2552	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
19:13:40.0112 2552	WpdUsb - ok
19:13:40.0159 2552	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:13:40.0206 2552	ws2ifsl - ok
19:13:40.0315 2552	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:13:40.0393 2552	WUDFRd - ok
19:13:40.0518 2552	yukonwlh        (bfab14d10543963dbda7128adabfa51d) C:\Windows\system32\DRIVERS\yk60x86.sys
19:13:40.0580 2552	yukonwlh - ok
19:13:40.0705 2552	ZD1211U(WLAN)   (36eb7336d06acfc684ca7e148f802412) C:\Windows\system32\DRIVERS\zd1211u.sys
19:13:40.0736 2552	ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0736 2552	ZD1211U(WLAN) - detected UnsignedFile.Multi.Generic (1)
19:13:40.0814 2552	MBR (0x1B8)     (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
19:13:44.0137 2552	\Device\Harddisk0\DR0 - ok
19:13:44.0137 2552	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:13:47.0756 2552	\Device\Harddisk1\DR1 - ok
19:13:47.0772 2552	Boot (0x1200)   (b75d6da48db55056aadd5f911bd22ceb) \Device\Harddisk0\DR0\Partition0
19:13:47.0772 2552	\Device\Harddisk0\DR0\Partition0 - ok
19:13:47.0787 2552	Boot (0x1200)   (8a8c3ac651297fa93013038e302101c0) \Device\Harddisk0\DR0\Partition1
19:13:47.0787 2552	\Device\Harddisk0\DR0\Partition1 - ok
19:13:47.0787 2552	Boot (0x1200)   (94a31c74a3ad021e0a156985fb3109de) \Device\Harddisk1\DR1\Partition0
19:13:47.0787 2552	\Device\Harddisk1\DR1\Partition0 - ok
19:13:47.0803 2552	============================================================
19:13:47.0803 2552	Scan finished
19:13:47.0803 2552	============================================================
19:13:47.0819 4848	Detected object count: 10
19:13:47.0819 4848	Actual detected object count: 10
19:14:11.0983 4848	AVMUNET ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0983 4848	AVMUNET ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:11.0983 4848	NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0983 4848	NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:11.0983 4848	PSDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0983 4848	PSDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:11.0983 4848	PSDNServ ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0983 4848	PSDNServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:11.0999 4848	psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0999 4848	psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:11.0999 4848	StkAMini ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0999 4848	StkAMini ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:11.0999 4848	StkScan ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0999 4848	StkScan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:11.0999 4848	StkTMini ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0999 4848	StkTMini ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:12.0014 4848	UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:12.0014 4848	UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:14:12.0014 4848	ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:12.0014 4848	ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 13.03.2012, 19:17

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

12.03.2012, 20:40	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	5O euro Trojaner Du solltest einen Vollscan mti Malwarebytes machen und keinen Quickscan! __________________ Logfiles bitte immer in CODE-Tags posten

5O euro Trojaner

Log-Analyse und Auswertung: 5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

5O euro Trojaner

Ähnliche Themen: 5O euro Trojaner

12.03.2012, 19:18	#2
reggie	5O euro Trojaner Hier mal ein Screenshot, der im Systemstart befindlichen programme, das Skype habe ich bereits gelöscht... Zudem hatten sich zur gleichen Urzeit als mein Pc gesperrt wurde einige Programme erstellt, die ich sofort gelöscht habe. Anbei ein Screenshot davon: __________________

13.03.2012, 17:10	#9
reggie	5O euro Trojaner Vielen, vielen dank dass du mich meiner annimst! Werde ich gleich erledigen!!