Hallo zusammen,
ich haben den Trojaner System Check, wie hier beschrieben, entfernt und möchte nun sichergehen, dass mein PC sauber ist.
Mein Betriebssystem ist Win Vista Home Basic 32-bit.
Ich habe MAM und OTL drüberlaufen lassen, hier die Log-Files:

Code: Alles auswählenAufklappen

ATTFilter

mbam-log-2012-03-24 (21-35-52).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 524635
Laufzeit: 1 Stunde(n), 25 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FeJChgfgRCtr.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\FeJChgfgRCtr.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Daten: grpconv -o -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\FeJChgfgRCtr.exe (Rogue.FakeHDD) -> Keine Aktion durchgeführt.
C:\ProgramData\ZUsTAFPlJWRQaD.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.
C:\Users\XXX\AppData\Local\Temp\9Bf6W1m9CYB4h9.exe.tmp (Rogue.FakeHDD) -> Keine Aktion durchgeführt.
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

(Ende)
         

und

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 24.03.2012 22:41:21 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Jurong Zhuang\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 25,15% Memory free
4,22 Gb Paging File | 2,76 Gb Available in Paging File | 65,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,69 Gb Total Space | 41,48 Gb Free Space | 29,69% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,11 Gb Free Space | 71,65% Space Free | Partition Type: NTFS
Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 9,02% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jurong Zhuang\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Windows\System32\flcdlmsg.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Hewlett-Packard\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Programme\Hewlett-Packard\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ImeDictUpdateService) -- C:\Programme\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (hpqcxs08) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (adfs) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (NETwLv32)     Intel(R) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys ()
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKLM\..\SearchScopes\{D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=wbst
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=wbst&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Users\Jurong Zhuang\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.02.04 11:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.08 23:58:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.15 17:11:18 | 000,000,000 | ---D | M]
 
[2009.05.27 20:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jurong Zhuang\AppData\Roaming\mozilla\Extensions
[2012.03.24 17:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jurong Zhuang\AppData\Roaming\mozilla\Firefox\Profiles\m2mqx4v8.default\extensions
[2010.05.01 00:51:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jurong Zhuang\AppData\Roaming\mozilla\Firefox\Profiles\m2mqx4v8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.14 14:59:55 | 000,000,000 | ---D | M] (CCTV player plugin for Firefox) -- C:\Users\Jurong Zhuang\AppData\Roaming\mozilla\Firefox\Profiles\m2mqx4v8.default\extensions\cctvplayer-plugin@www.cctv.com
[2011.12.02 16:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.04 11:41:31 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\JURONG ZHUANG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M2MQX4V8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.08 23:58:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.09 21:47:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.09 21:47:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.09 21:47:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.10 16:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.01.09 21:47:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.09 21:47:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.09 21:47:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jurong Zhuang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.6.0 (Enabled) = C:\Users\Jurong Zhuang\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jurong Zhuang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Jurong Zhuang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
 
O1 HOSTS File: ([2012.01.24 21:09:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll (CCTVUpdateInstall)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4332A6E-ECFF-42B7-B912-5ABBD69B5F7D}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F74F4327-0CDA-4861-AD5F-CC337801C455}: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7cefc9d6-7a10-11de-a5bc-001f3c849f37}\Shell - "" = AutoRun
O33 - MountPoints2\{7cefc9d6-7a10-11de-a5bc-001f3c849f37}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 19:20:33 | 000,000,000 | ---D | C] -- C:\Users\Jurong Zhuang\AppData\Roaming\Malwarebytes
[2012.03.24 19:04:23 | 000,000,000 | ---D | C] -- C:\Users\Jurong Zhuang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.15 07:00:50 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.15 07:00:49 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.15 07:00:49 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.15 07:00:49 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.15 07:00:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.15 07:00:48 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.15 07:00:38 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.10 12:52:30 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.03.10 12:52:28 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.24 22:12:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.24 21:37:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.24 21:37:25 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 21:37:25 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 21:37:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.24 21:37:13 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.24 21:24:53 | 000,001,356 | ---- | M] () -- C:\Users\Jurong Zhuang\AppData\Local\d3d9caps.dat
[2012.03.24 19:14:36 | 000,000,440 | ---- | M] () -- C:\ProgramData\ZUsTAFPlJWRQaD
[2012.03.24 19:12:02 | 000,000,264 | ---- | M] () -- C:\ProgramData\~ZUsTAFPlJWRQaD
[2012.03.24 19:12:02 | 000,000,176 | ---- | M] () -- C:\ProgramData\~ZUsTAFPlJWRQaDr
[2012.03.24 19:08:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.24 19:04:23 | 000,000,605 | ---- | M] () -- C:\Users\Jurong Zhuang\Desktop\System Check.lnk
[2012.03.24 14:15:42 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.24 14:07:53 | 092,542,613 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.03.24 01:50:50 | 000,000,600 | ---- | M] () -- C:\Users\Jurong Zhuang\AppData\Roaming\winscp.rnd
[2012.03.24 01:50:29 | 000,000,600 | ---- | M] () -- C:\Users\Jurong Zhuang\AppData\Local\PUTTY.RND
[2012.03.24 00:56:11 | 000,001,634 | ---- | M] () -- C:\Users\Jurong Zhuang\Desktop\WinSCP.lnk
[2012.03.23 05:56:10 | 000,695,718 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.23 05:56:10 | 000,651,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.23 05:56:10 | 000,154,194 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.23 05:56:10 | 000,125,282 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.20 18:21:41 | 000,116,218 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.03.17 15:21:47 | 002,379,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.24 21:56:38 | 000,002,463 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.03.24 21:56:38 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2012.03.24 21:56:38 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Solid Edge ST2.lnk
[2012.03.24 21:56:38 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2012.03.24 21:56:38 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.24 21:56:38 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2012.03.24 21:56:38 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.03.24 21:56:38 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.03.24 21:56:38 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.24 21:56:38 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.03.24 21:56:38 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012.03.24 21:56:38 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2012.03.24 21:56:38 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.24 21:56:38 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.03.24 21:56:38 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.24 21:37:13 | 2138,365,952 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.24 19:04:26 | 000,000,264 | ---- | C] () -- C:\ProgramData\~ZUsTAFPlJWRQaD
[2012.03.24 19:04:26 | 000,000,176 | ---- | C] () -- C:\ProgramData\~ZUsTAFPlJWRQaDr
[2012.03.24 19:04:23 | 000,000,605 | ---- | C] () -- C:\Users\Jurong Zhuang\Desktop\System Check.lnk
[2012.03.24 19:04:22 | 000,000,440 | ---- | C] () -- C:\ProgramData\ZUsTAFPlJWRQaD
[2012.01.09 23:04:04 | 000,000,600 | ---- | C] () -- C:\Users\Jurong Zhuang\AppData\Local\PUTTY.RND
[2012.01.09 22:10:58 | 000,000,600 | ---- | C] () -- C:\Users\Jurong Zhuang\AppData\Roaming\winscp.rnd
[2011.12.02 18:12:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.12.02 18:12:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.02 13:59:16 | 000,001,356 | ---- | C] () -- C:\Users\Jurong Zhuang\AppData\Local\d3d9caps.dat
[2010.12.20 20:49:27 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.12.20 20:49:27 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.11.14 15:11:35 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.10.10 13:44:48 | 000,212,992 | ---- | C] () -- C:\Windows\System32\Setup.EXE
[2010.10.10 13:44:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ZCompress.EXE
[2010.10.10 13:44:48 | 000,073,728 | ---- | C] () -- C:\Windows\System32\WinSFX.bin
[2010.10.10 13:44:48 | 000,062,716 | ---- | C] () -- C:\Windows\System32\Uninstall985F.DAT
[2010.10.10 13:44:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.10.10 13:44:46 | 000,516,096 | ---- | C] () -- C:\Windows\System32\BldSetup.EXE
[2010.10.10 13:44:46 | 000,114,688 | ---- | C] () -- C:\Windows\System32\BldDat.EXE
[2010.10.10 13:44:46 | 000,098,304 | ---- | C] () -- C:\Windows\System32\BldOpt.EXE
[2010.10.10 13:44:46 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Dspan.bin
[2010.09.13 11:33:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.09.13 11:33:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.09.13 11:33:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.09.13 11:33:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.04.03 12:31:10 | 000,130,912 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2010.04.03 12:31:10 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2010.03.29 18:00:47 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
 
========== Files - Unicode (All) ==========
[2012.03.08 23:57:17 | 000,000,000 | ---D | M](C:\Users\Jurong Zhuang\from vista\Documents\Outlook ??) -- C:\Users\Jurong Zhuang\from vista\Documents\Outlook 文件
[2012.03.08 23:57:17 | 000,000,000 | ---D | C](C:\Users\Jurong Zhuang\from vista\Documents\Outlook ??) -- C:\Users\Jurong Zhuang\from vista\Documents\Outlook 文件
[2010.12.28 00:22:31 | 000,115,514 | ---- | C] ()(C:\Users\Jurong Zhuang\Desktop\????:?????-????- 4????????.pdf) -- C:\Users\Jurong Zhuang\Desktop\论坛热帖：一巴掌扇醒-大国美梦- 4万亿到底买了些啥.pdf
[2010.12.28 00:22:28 | 000,115,514 | ---- | M] ()(C:\Users\Jurong Zhuang\Desktop\????:?????-????- 4????????.pdf) -- C:\Users\Jurong Zhuang\Desktop\论坛热帖：一巴掌扇醒-大国美梦- 4万亿到底买了些啥.pdf

< End of report >
         

Extras.TXT von OTL:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 24.03.2012 22:41:21 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Jurong Zhuang\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 25,15% Memory free
4,22 Gb Paging File | 2,76 Gb Available in Paging File | 65,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,69 Gb Total Space | 41,48 Gb Free Space | 29,69% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,11 Gb Free Space | 71,65% Space Free | Partition Type: NTFS
Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 9,02% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A952903-58A0-4BFB-A566-4B6CF4F737DB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014F25FB-2851-45D2-A39D-CA0296991E8E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{0DB791BC-F1ED-4EE3-AFAF-4DF008A9EAE7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0F6D1955-83B4-4B8F-9BB1-273773700A83}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{129D776F-FF44-4BF9-BC93-B4C86D6340D2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{1313F4AE-2D47-441C-9601-108CDB445ED3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{14E73C27-8E2B-4EB5-903B-0C823A3EBCE5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{18E178E8-24BC-4E23-9127-F19E2F92B564}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{23DB74FB-4233-41BA-9757-1DB793BDF365}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{2A97ECE6-63B7-4A8D-86E8-5188D347CEB2}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{3306B1DE-CD66-4825-A868-B5EA51D044BD}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{3F03EEA6-F5B2-4683-845A-132A10A30B13}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{45275272-2D5E-40B3-8513-140661C992C7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{69AB1D39-8600-4004-B3A5-5F80862AECDA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{6DFDD46B-914E-4439-AA20-A3E633098821}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{7E784123-F288-4F01-BE70-827C13C2768F}" = protocol=17 | dir=in | app=c:\users\jurong zhuang\downloads\facemoods.exe | 
"{932F4719-DF68-45E7-9139-05479474CBE8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{96D325DE-5EE7-4B72-9326-1CCF26F8B74C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{9F852CA1-66DC-4646-8307-5508CFB520AC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A5DD4060-EB67-4C21-BAC1-A5241D131CD5}" = protocol=6 | dir=in | app=c:\users\jurong zhuang\downloads\facemoods.exe | 
"{A7D831A0-7B00-49D8-A2B4-0F9164A1E480}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{B41D6B34-F5FC-4ACD-AC00-4DBA19CB0501}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{CC60392F-12E0-4E0C-8849-883CD35DC078}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{D5F0CE62-5B8E-40C2-9BE3-BFB8003C8323}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{DD8DF013-CA3B-4254-B243-2A545C24BC9B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{DF71488C-F3E2-4023-8CB7-183DC0F92A2C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{E3AE8F4D-C514-40F8-9E26-CBE1BF0E19CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EC8A4C79-E8B8-4E75-89A8-5B1316730F76}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{F65B6C68-8383-41A7-A812-D6484A405037}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"TCP Query User{6584D7D7-6DAC-4B58-ACE2-188C17AB276B}C:\program files\voipstuntcall\voipstunt.exe" = protocol=6 | dir=in | app=c:\program files\voipstuntcall\voipstunt.exe | 
"TCP Query User{88D089F2-720A-48E6-A14B-3B3A91B1609F}C:\program files\voipstuntcall\voipstunt.exe" = protocol=6 | dir=in | app=c:\program files\voipstuntcall\voipstunt.exe | 
"TCP Query User{E57BB862-7184-4694-9862-41D6C0B71696}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{F0948B1D-6080-4490-8076-D7A539E1F1EA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{007C73CA-72C7-4E58-9E1C-AC54F0833EAA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5B86F2EF-ECD8-40D3-BB6B-7E73214F427D}C:\program files\voipstuntcall\voipstunt.exe" = protocol=17 | dir=in | app=c:\program files\voipstuntcall\voipstunt.exe | 
"UDP Query User{BE7C4342-94DE-4FE1-AFEA-4ED5D86B811C}C:\program files\voipstuntcall\voipstunt.exe" = protocol=17 | dir=in | app=c:\program files\voipstuntcall\voipstunt.exe | 
"UDP Query User{C88F6DF4-2047-46FA-91B3-BBA10BC43D20}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2AAA1310-1A77-472d-A7D2-A5E55B00EF8E}" = Intel(R) Network Connections 15.5.74.0
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0804-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Simplified)) 2010
"{90140000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2010
"{90140000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2010
"{90140000-0019-0804-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Simplified)) 2010
"{90140000-001A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Simplified)) 2010
"{90140000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2010
"{90140000-0044-0804-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Chinese (Simplified)) 2010
"{90140000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2010
"{90140000-00A1-0804-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Simplified)) 2010
"{90140000-00BA-0804-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Chinese (Simplified)) 2010
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC185D10-5C0E-40C3-91F2-63314BB365AF}" = Solid Edge ST2
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"AVG" = AVG 2012
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"DB Screensaver 03" = DB Screensaver 03
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Loksim3D" = Loksim3D
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MyFreeCodec" = MyFreeCodec
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel(R) Network Connections 15.5.74.0
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Train Simulator 1.0" = Microsoft Train Simulator
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 0.9.8a
"VoipStunt_is1" = VoipStunt
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.11.2010 13:34:16 | Computer Name = HomePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 27.11.2010 13:34:16 | Computer Name = HomePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1061
 
Error - 27.11.2010 13:34:16 | Computer Name = HomePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061
 
Error - 27.11.2010 13:34:17 | Computer Name = HomePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 27.11.2010 13:34:17 | Computer Name = HomePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059
 
Error - 27.11.2010 13:34:17 | Computer Name = HomePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059
 
Error - 29.11.2010 13:28:25 | Computer Name = HomePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.11.2010 13:28:25 | Computer Name = HomePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6490
 
Error - 29.11.2010 13:28:25 | Computer Name = HomePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6490
 
Error - 29.11.2010 15:41:56 | Computer Name = HomePC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VGigant.exe, Version 1.0.0.1, Zeitstempel 0x3c05092b,
 fehlerhaftes Modul VGigant.exe, Version 1.0.0.1, Zeitstempel 0x3c05092b, Ausnahmecode
 0xc0000005, Fehleroffset 0x0006e4e9,  Prozess-ID 0x17e4, Anwendungsstartzeit 01cb8ffcab245a40.
 
[ System Events ]
Error - 24.03.2012 14:17:29 | Computer Name = HomePC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 24.03.2012 14:53:11 | Computer Name = HomePC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 24.03.2012 um 19:51:39 unerwartet heruntergefahren.
 
Error - 24.03.2012 14:53:19 | Computer Name = HomePC | Source = Microsoft-Windows-Eventlog | ID = 22
Description = 
 
Error - 24.03.2012 14:53:34 | Computer Name = HomePC | Source = DCOM | ID = 10005
Description = 
 
Error - 24.03.2012 14:53:41 | Computer Name = HomePC | Source = DCOM | ID = 10005
Description = 
 
Error - 24.03.2012 14:53:52 | Computer Name = HomePC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.03.2012 14:53:52 | Computer Name = HomePC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.03.2012 16:37:21 | Computer Name = HomePC | Source = Microsoft-Windows-Eventlog | ID = 22
Description = 
 
Error - 24.03.2012 16:38:21 | Computer Name = HomePC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.03.2012 16:40:11 | Computer Name = HomePC | Source = Service Control Manager | ID = 7009
Description = 
 
[ TuneUp Events ]
Error - 01.01.2012 10:21:40 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 07.01.2012 06:23:35 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.01.2012 07:21:42 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 09.01.2012 15:43:55 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 14.01.2012 06:53:11 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 16.01.2012 05:07:40 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 20.01.2012 16:02:00 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 21.01.2012 08:31:07 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 24.01.2012 15:37:45 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 03.02.2012 09:19:26 | Computer Name = HomePC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         

Außerdem habe ich im Anhang die Attach und DDS Files.
Ich hoffe, ihr könnt mir sagen, ob mein PC rein ist.

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting ( posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade dir bitte Rogue Killer von hier.

• Speichere das Tool auf deinem Desktop !
• Schließe alle laufenden Programme.
• Starte die RogueKiller.exe
• Warte bis Prescan finished erscheint und klicke dann auf Scan.
• Wenn der Scan beendet wurde, klicke auf Report und poste diesen hier.

Schritt 2

Bitte

• alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
• keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
• nichts am Rechner arbeiten,
• nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

• Lade Dir Gmer von dieser Seite herunter
  (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  Vista und Win7 User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system ?

  Unbedingt auf "No" klicken.
• Entferne rechts den Haken bei:

  • IAT/EAT
  • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
  • Show all (sollte abgehackt sein)

• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Danke für die schnelle Antwort!
Ich habe jetzt Rogue Killer und GMER drüber gehen lassen und hier sind die Logs:

Code: Alles auswählenAufklappen

ATTFilter

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: hxxp://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Jurong Zhuang [Admin rights]
Mode: Scan -- Date: 03/25/2012 21:58:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 16 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-60ZCT0 +++++
--- User ---
[MBR] 59a78c50ea3e06ca912927390dee5f08
[BSP] 9a77eec13cdb2f321480ca2fd552b2ca : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143041 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292950016 | Size: 7992 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 309325824 | Size: 1588 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
         

GMER:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-25 23:03:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.12.0
Running: py3wdz42.exe; Driver: C:\Users\JURONG~1\AppData\Local\Temp\uwldipow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xACAF1F3C]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xACAF1FE4]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xACAF2080]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xACAF211C]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                               822F4B74 4 Bytes  [3C, 1F, AF, AC] {CMP AL, 0x1f; SCASD ; LODSB }
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                               822F4DA4 8 Bytes  [E4, 1F, AF, AC, 80, 20, AF, ...] {IN AL, 0x1f; SCASD ; LODSB ; AND BYTE [EAX], 0xaf; LODSB }
.text           ntkrnlpa.exe!KeSetEvent + 681                                                                                               822F4E04 4 Bytes  [1C, 21, AF, AC] {SBB AL, 0x21; SCASD ; LODSB }
.text           C:\Windows\system32\drivers\SSHDRV86.sys                                                                                    section is writeable [0x8DD4B000, 0x26354, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\SSHDRV86.sys                                                                                    entry point in ".pklstb" section [0x8DD80000]
.relo2          C:\Windows\system32\drivers\SSHDRV86.sys                                                                                    unknown last section [0x8DD97000, 0x8E, 0x42000040]
.text           C:\Windows\system32\drivers\ACEDRV09.sys                                                                                    section is writeable [0xAA609000, 0x3326E, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\ACEDRV09.sys                                                                                    entry point in ".pklstb" section [0xAA64E000]
.relo2          C:\Windows\system32\drivers\ACEDRV09.sys                                                                                    unknown last section [0xAA66A000, 0x8E, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3808] USER32.dll!InSendMessageEx + 4C9                  76FFE7C8 7 Bytes  JMP 10031D10 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3808] USER32.dll!CreateIconFromResourceEx + 340         77000E45 7 Bytes  JMP 10031C80 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3808] USER32.dll!DdeQueryStringW + 5CE                  7701FA2D 7 Bytes  JMP 10031CF0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37624b73                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866860f5                                                 
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)                             
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37624b73 (not active ControlSet)                             
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021866860f5 (not active ControlSet)                             

---- EOF - GMER 1.0.15 ----
         

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Okay, hier ist sie

Code: Alles auswählenAufklappen

ATTFilter

C:\$Recycle.Bin\S-1-5-21-838489893-729561516-4164836291-1009\$RUCWCH9.exe	a variant of Win32/SoftonicDownloader.A application
C:\Users\Jurong Zhuang\Downloads\Facemoods.exe	probably a variant of Win32/SweetIM.A application
C:\Users\Jurong Zhuang\software original\free download\dont use it!  QUAD_Registry_Cleaner_Installer.exe	a variant of Win32/Adware.QUADRegClean application
         

Mach den Scan nochmals und setze bei Remove Found Threads ein Hacken

Da war wohl noch was:

Code: Alles auswählenAufklappen

ATTFilter

C:\$Recycle.Bin\S-1-5-21-838489893-729561516-4164836291-1009\$RUCWCH9.exe	a variant of Win32/SoftonicDownloader.A application	cleaned by deleting - quarantined
C:\Users\Jurong Zhuang\Downloads\Facemoods.exe	probably a variant of Win32/SweetIM.A application	cleaned by deleting - quarantined
C:\Users\Jurong Zhuang\software original\free download\dont use it!  QUAD_Registry_Cleaner_Installer.exe	a variant of Win32/Adware.QUADRegClean application	cleaned by deleting - quarantined
         

Ja das gleiche wie vorher nur hast Du es nun gelöscht

Noch Probleme?

Nein, jetzt scheint alles klar zu sein. Kann ich jetzt die Dienste wieder Re-enablen? Vielen Dank