Hallo!
Ich habe hier ein kleines Problem, dass ich ohne eure Hilfe leider nicht lösen kann. Ich hab schon den ganzen gestrigen Abend damit verbracht bei Google zu suchen, aber leider nichts entsprechendes gefunden. Außerdem habe ich versucht .Net Framework Funktionen über "Windows Funktionen ein- oder ausschalten" zu deaktivieren und wieder zu aktivieren aber leider auch ohne Erfolg.

Ich habe einen ACER-Aspire AS3810T-354G32n Laptop mit Vista Home Premium (32) und folgendes Problem. Nach Eingabe meines Passworts und starten von Windows erscheint 2 (einmal auch 3mal) die Fehlermeldung "svchost.exe - Fehler beim Initialisieren von .NET Framework." Es konnte keine Version der Laufzeit zum Ausführen dieser Anwendung gefunden werden.

Seit gestern findet Spybot "CoolWWWsearch.svchost32" und eine svchost.exe Datei befindet sich in C:\Users\****\AppData\Local\Temp. Ich kann die Datei aber nicht löschen. Wenn ich es versuche erhalte ich die Mitteilung, ich sei dazu nicht berechtigt. Ich vermute es liegt daran, dass mein (absolut beschissener, unfähiger, dämlicher.... andere Geschichte) Couchsurfing Host einen USB Stick in meinen Laptop gesteckt hat und irgendeine Hotfile leeching software ausgeführt hat, die zwar nicht funktionierte, aber anscheinend diesen svchost.exe Fehler hinterlassen hat.


Und wie startet man Vista Premium im Abgesicherten Modus? Früher konnte man da relativ unproblematisch die Dateien löschen, die im normalen Modus nicht löschbar waren.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:27 a.m., on 26/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Users\****\AppData\Local\Temp\svchost.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\SupportAppXL\AutoDect.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\****\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0110&m=aspire_3810t
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.snotr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0110&m=aspire_3810t
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0110&m=aspire_3810t
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [autodetect] C:\Windows\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [svchost.exe] C:\Users\****\AppData\Local\Temp\svchost.exe
O4 - HKCU\..\Run: [Cerberus] C:\Users\****\AppData\Roaming\system32\winlogon.exe.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: QQ - C:\Program Files\QQ\Bin\AddEmotion.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD43CA0-8496-4BF2-85DE-9ADC93F518B0}: NameServer = 202.96.128.86,210.21.4.130
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe

Ich hoffe, es kennt jemand ein Programm mit dem ich svchost und wwwcoolsearch32 löschen kann, ohne großartig mein System zu verändern. Ich hab nämlich keine Backupmöglichkeit und müsste mir erst eine externe Festplatte kaufen und die sind in Neuseeland leider nicht so günstig.

Grad noch mit Malwarebytes folgendes Ergebnis gehabt:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4036

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

26/04/2010 10:42:03 a.m.
mbam-log-2010-04-26 (10-42-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 105771
Laufzeit: 5 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{vdan18c5-wo64-8c76-p2x2-etf8guy70321} (Generic.Bot.H) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Achja... abgesehen von diesen Fehlermeldungen, läuft eigentlich alles normal. Aber ich muss Gewissheit haben, das mein Laptop sauber ist und ich ihn ohne Gefahr für Onlinebanking etc. verwenden kann.

Danke im Voraus für eure Hilfe und Ideen.

Grüße aus Auckland
Spike

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Hier das Ergebnis von Malware


Datenbank Version: 4036

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

27/04/2010 12:47:16 a.m.
mbam-log-2010-04-27 (00-47-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 244232
Laufzeit: 1 Stunde(n), 27 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\****\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> No action taken.


wollte es dann löschen, musste dafür aber neustarten. Dann wurde Malware vom Windowsdefender geblockt, aber dafür konnte ich dann svchost über den Windowsdefender aus dem Autostart löschen, hab aber noch nicht wieder neugestartet, werde jetzt Oldtimer scannen lassen und dann hier posten und dann ins Bett gehen. ;-)
So noch mal neu gestartet und immer noch die Fehlermeldung.

OTL logfile created on: 27/04/2010 12:59:44 a.m. - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\****\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001409 | Country: Neuseeland | Language: ENZ | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.09 Gb Total Space | 123.57 Gb Free Space | 43.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ****
Current User Name: ****
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\****\AppData\Local\Temp\svchost.exe ()
PRC - C:\Users\****\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\SupportAppXL\AutoDect.exe ()
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\****\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (GoogleDesktopManager-092308-165331) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (Aspi32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Snotr : The ultimate place for great videos!
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/22 13:11:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 12:28:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 11:06:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Thunderbird\components [2010/04/17 20:44:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Thunderbird\plugins

[2010/01/04 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010/01/04 20:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/27 00:19:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\eyi3nbme.default\extensions
[2010/01/05 16:00:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\eyi3nbme.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/26 17:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\eyi3nbme.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/03/14 09:57:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\eyi3nbme.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/17 11:07:05 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/04/17 11:07:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/09 09:43:19 | 000,001,538 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/09 09:43:19 | 000,000,947 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/09 09:43:19 | 000,000,769 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/09 09:43:20 | 000,001,135 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/25 11:28:33 | 000,392,729 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 Proben bei 1000Gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 w*w.100888290cs.com
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 w*w.1-2005-search.com
O1 - Hosts: 13565 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (FlashGet(??)-Best Download Manager)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (FlashGet(??)-Best Download Manager)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [autodetect] C:\Windows\System32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Cerberus] C:\Users\****\AppData\Roaming\system32\winlogon.exe.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O8 - Extra context menu item: &Download All with FlashGet - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: QQ - C:\Programme\QQ\Bin\AddEmotion.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([ht*p] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} ht*p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ht*p://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ht*p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h*tp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.27.158.40 202.27.156.72
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 09:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{762de822-0d84-11df-8e12-001e331e486d}\Shell - "" = AutoRun
O33 - MountPoints2\{762de822-0d84-11df-8e12-001e331e486d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a0f035bd-5004-11df-b7a5-87563538670e}\Shell - "" = AutoRun
O33 - MountPoints2\{a0f035bd-5004-11df-b7a5-87563538670e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c51fa628-3131-11df-8e4f-e6ed084068b8}\Shell - "" = AutoRun
O33 - MountPoints2\{c51fa628-3131-11df-8e4f-e6ed084068b8}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e245bd93-f9b4-11de-ad72-001e331e486d}\Shell - "" = AutoRun
O33 - MountPoints2\{e245bd93-f9b4-11de-ad72-001e331e486d}\Shell\AutoRun\command - "" = D:\catan_sur_install.exe -- File not found
O33 - MountPoints2\{f6ed3842-4a5c-11df-9dc4-9bfa7dea3e38}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 11:16:47 | 000,000,000 | ---D | C] -- C:\Users\****\Problem
[2010/04/26 10:29:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010/04/26 10:29:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/26 10:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/26 10:29:41 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 10:29:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/04/26 09:45:05 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010/04/26 08:01:56 | 000,000,000 | ---D | C] -- C:\Programme\RegCleaner
[2010/04/25 22:30:39 | 000,000,000 | ---D | C] -- C:\inetpub
[2010/04/25 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\system32
[2010/04/17 22:24:39 | 000,000,000 | ---D | C] -- C:\Programme\Combined Community Codec Pack
[2010/04/17 11:06:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/17 11:06:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/17 11:06:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/17 11:06:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/15 15:00:17 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/15 15:00:12 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/15 15:00:11 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/15 14:59:19 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/15 14:59:19 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/11 21:45:25 | 000,000,000 | ---D | C] -- C:\Programme\Oldgames
[2010/04/03 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Ascaron Entertainment
[2010/04/03 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Ascaron Entertainment
[2010/04/03 20:29:52 | 000,000,000 | ---D | C] -- C:\Programme\GOG.com
[2010/03/31 13:31:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/03/31 12:47:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 12:47:56 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 12:47:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 12:47:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 12:47:55 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 12:47:55 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 12:47:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/31 12:47:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/31 12:47:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/31 12:47:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/31 12:47:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/31 12:47:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 12:47:54 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/31 12:47:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 12:47:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 07:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/31 07:26:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2009/06/12 07:09:36 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/04/27 00:59:27 | 006,291,456 | -HS- | M] () -- C:\Users\****\ntuser.dat
[2010/04/27 00:57:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/27 00:57:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/27 00:56:30 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/27 00:56:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/27 00:56:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/27 00:55:59 | 3119,353,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/27 00:55:10 | 000,524,288 | -HS- | M] () -- C:\Users\****\ntuser.dat{407b9711-1362-11df-8dc3-001e331e486d}.TMContainer00000000000000000001.regtrans-ms
[2010/04/27 00:55:10 | 000,065,536 | -HS- | M] () -- C:\Users\****\ntuser.dat{407b9711-1362-11df-8dc3-001e331e486d}.TM.blf
[2010/04/27 00:55:09 | 002,984,067 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db
[2010/04/26 17:26:41 | 001,502,132 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/26 17:26:41 | 000,657,764 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/04/26 17:26:41 | 000,627,322 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/26 17:26:41 | 000,144,964 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/04/26 17:26:41 | 000,119,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/25 11:28:33 | 000,392,729 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/24 19:59:31 | 000,122,368 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 22:03:23 | 000,000,212 | ---- | M] () -- C:\Windows\AlienNations_usa.ini
[2010/04/15 17:31:23 | 000,391,971 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100425-112833.backup
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/06 13:38:56 | 000,380,983 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100415-173123.backup
[2010/04/02 19:43:52 | 000,000,375 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========


[2010/04/26 12:25:15 | 000,001,423 | ---- | C] () -- C:\Users\****\Icecream.txt
[2010/04/25 17:17:28 | 001,249,792 | -H-- | C] () -- C:\Windows\System32\winlogon.exe.exe
[2010/04/17 22:03:23 | 000,000,212 | ---- | C] () -- C:\Windows\AlienNations_usa.ini
[2010/01/29 00:12:17 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2010/01/28 12:45:25 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/01/05 16:28:42 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/01/05 13:55:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/04 21:55:14 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010/01/04 21:55:13 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010/01/04 21:50:38 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/09/24 10:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/12 07:08:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/05/30 12:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 12:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/09/13 02:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/09/04 22:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/06 06:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/03 00:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 19:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8750DCE4
< End of report >

Habe eben noch mal neugstartet und svchost war wieder da. :\
Hoffe du wirst daraus was erkennen können, ... vielen Dank für deine Hilfe.

Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code: Alles auswählenAufklappen

ATTFilter

:OTL
PRC - C:\Users\****\AppData\Local\Temp\svchost.exe ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [Cerberus] C:\Users\****\AppData\Roaming\system32\winlogon.exe.exe ()
O8 - Extra context menu item: QQ - C:\Programme\QQ\Bin\AddEmotion.htm ()
[2010/04/03 20:29:52 | 000,000,000 | ---D | C] -- C:\Programme\GOG.com
[2010/03/31 13:31:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/04/27 00:56:30 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/25 17:17:28 | 001,249,792 | -H-- | C] () -- C:\Windows\System32\winlogon.exe.exe
:Commands
[resethosts]
[emptytemp]
         

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.

Vielen Dank!!! Die Fehlermeldung und die svchost.exe Datei sind weg!!!

Hier die Logfile, die nach dem Neustart angezeigt wurde.

All processes killed
========== OTL ==========
Process svchost.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Cerberus deleted successfully.
C:\Users\****\AppData\Roaming\system32\winlogon.exe.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\QQ\ deleted successfully.
C:\Programme\QQ\Bin\AddEmotion.htm moved successfully.
C:\Programme\GOG.com\Port Royale 2\Videos\innenraeume folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Videos\aufstieg folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Videos\#neu folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Videos folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Savegame folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\voice folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\Video folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\Seabattle folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\Scores folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\popups folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\Mainmenu folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\Jingles folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\Event folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\Buildings folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music\Atmo folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Music folder moved successfully.
C:\Programme\GOG.com\Port Royale 2\Map folder moved successfully.
C:\Programme\GOG.com\Port Royale 2 folder moved successfully.
C:\Programme\GOG.com\Alien Nations\Savegames folder moved successfully.
C:\Programme\GOG.com\Alien Nations\Data\Sound\mentor folder moved successfully.
C:\Programme\GOG.com\Alien Nations\Data\Sound folder moved successfully.
C:\Programme\GOG.com\Alien Nations\Data\Sajiki folder moved successfully.
C:\Programme\GOG.com\Alien Nations\Data\Pimons folder moved successfully.
C:\Programme\GOG.com\Alien Nations\Data\Amazons folder moved successfully.
C:\Programme\GOG.com\Alien Nations\Data folder moved successfully.
C:\Programme\GOG.com\Alien Nations\Bin folder moved successfully.
C:\Programme\GOG.com\Alien Nations folder moved successfully.
Folder move failed. C:\Programme\GOG.com scheduled to be moved on reboot.
C:\Windows\System32\x64 folder moved successfully.
C:\Windows\System32\Ikeext.etl moved successfully.
C:\Windows\System32\winlogon.exe.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: ****
->Temp folder emptied: 1454995 bytes
->Temporary Internet Files folder emptied: 13490934 bytes
->Java cache emptied: 12899354 bytes
->FireFox cache emptied: 95972270 bytes
->Flash cache emptied: 49174 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54410 bytes
RecycleBin emptied: 1864143 bytes

Total Files Cleaned = 120.00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 04272010_090120

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\GOG.com scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Mit Gog.com hat das aber eigentlich nichts zu tun?? Was hat das Programm da gemacht?

Anyway, die paar Spiele sind nicht so wichtig wie ein funktionierender Laptop!!

Vielen Dank nochmal für die schnelle Hilfe!!!

Sehr schön. Und - Asche auf mein Haupt - den Ordner gog.com kannst Du wiederherstellen, OTL legt Sicherheitskopieren im Ordner C:\_OTL an.
Verschieb das gog.com wieder nach c:\programme. Danach bitte mal den _OTL-Ordner mit einem Packprogramm zippen oder (raren ) und auf File-Upload.net hochladen und hier verlinken, ich vermute da rel. neue Malware.

hxxp://w*w.file-upload.net/download-2469008/_OTL.zip.html

Hoffe so ists richtig. Btw QQ ist ein Messanger, zwar aus China, aber ich hoffe der ist nicht das Problem. Mit Winlogon.exe.exe kann ich aber nichts anfangen? Ist das vllt der Auslöser?

Danke noch mal!

Ok. Dann mach bitte jetzt nochmal nen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Ich hoffe du wirst daraus schlau Ich hab allerdings wieder den Benutzernamen in **** umgewandelt. Hoffe, das hat dem restlichen Text nicht weiter geschadet. CCleaner benutze ich ohnehin regelmäßg.
Mich würde allerdings interessieren, wieso MCafee immernoch was laufen hat, das Abo ist abgelaufen und der Scanner "offiziell" nicht mehr aktiv.

Danke nochmal

ComboFix 10-04-26.05 - **** 28/04/2010 9:10.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.64.1031.18.2974.2267 [GMT 12:00]
Running from: c:\users\****\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4165543004-2937897990-2899903473-500
c:\users\****\AppData\Roaming\system32
c:\users\****\AppData\Roaming\system32\database.dat
c:\windows\system32\%appdata%

.
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 21:22 . 2010-04-27 21:24 -------- d-----w- c:\users\****\AppData\Local\temp
2010-04-27 21:22 . 2010-04-27 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-26 21:01 . 2010-04-26 21:01 -------- d-----w- C:\_OTL
2010-04-25 23:16 . 2010-04-26 21:20 -------- d-----w- c:\users\****\Problem
2010-04-25 22:29 . 2010-04-25 22:29 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes
2010-04-25 22:29 . 2010-03-29 03:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 22:29 . 2010-04-25 22:29 -------- d-----w- c:\programdata\Malwarebytes
2010-04-25 22:29 . 2010-03-29 03:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 22:29 . 2010-04-25 22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 21:45 . 2010-04-25 21:45 -------- d-----w- c:\program files\Trend Micro
2010-04-25 20:01 . 2010-04-25 20:01 -------- d-----w- c:\program files\RegCleaner
2010-04-25 10:30 . 2010-04-25 10:30 -------- d-----w- C:\inetpub
2010-04-17 10:24 . 2010-04-17 10:31 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-04-16 23:06 . 2010-04-12 05:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 03:00 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 03:00 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 03:00 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 03:00 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 03:00 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 03:00 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 02:59 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 02:59 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 02:59 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 09:43 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 09:43 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-11 09:45 . 2010-04-11 09:45 -------- d-----w- c:\program files\Oldgames
2010-04-03 08:32 . 2010-04-03 08:32 -------- d-----w- c:\users\****\AppData\Roaming\Ascaron Entertainment
2010-03-30 19:26 . 2010-03-30 19:26 -------- d-----w- c:\program files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 21:17 . 2008-01-21 07:15 657764 ----a-w- c:\windows\system32\perfh007.dat
2010-04-27 21:17 . 2008-01-21 07:15 144964 ----a-w- c:\windows\system32\perfc007.dat
2010-04-27 21:05 . 2010-01-04 08:55 -------- d-----w- c:\users\****\AppData\Roaming\Skype
2010-04-27 11:46 . 2010-01-05 01:53 -------- d-----w- c:\users\****\AppData\Roaming\vlc
2010-04-25 21:50 . 2010-01-04 05:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-25 10:45 . 2010-01-05 04:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-24 10:58 . 2010-04-24 10:58 18718 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2010-04-24 10:58 . 2010-04-24 10:58 18718 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2010-04-24 10:58 . 2010-04-24 10:58 106496 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2010-04-24 10:58 . 2010-04-24 10:58 106496 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2010-04-24 10:58 . 2010-04-24 10:58 106496 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2010-04-24 10:58 . 2010-01-28 12:14 -------- d-----w- c:\program files\QQ
2010-04-17 08:44 . 2010-01-04 08:57 -------- d-----w- c:\program files\Thunderbird
2010-04-16 23:06 . 2010-01-26 04:59 -------- d-----w- c:\program files\Java
2010-04-15 04:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 10:06 . 2010-02-03 23:37 1 ----a-w- c:\users\****\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-11 09:45 . 2010-01-05 04:53 -------- d-----w- c:\program files\Games
2010-03-28 09:49 . 2010-02-28 08:11 165232 ---ha-w- c:\users\****\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-03-26 02:05 . 2010-02-26 18:51 -------- d-----w- c:\program files\JDownloader
2010-03-19 04:09 . 2010-03-19 04:09 -------- d-----w- c:\programdata\WindowsSearch
2010-03-09 10:47 . 2010-03-09 10:47 6080 ----a-w- c:\users\****\AppData\Local\d3d9caps.dat
2010-03-04 10:17 . 2010-01-25 00:14 -------- d-----w- c:\users\****\AppData\Roaming\ICQ
2010-02-28 23:07 . 2010-02-28 23:07 -------- d-----w- c:\program files\Free Create-Burn ISO Image
2010-02-28 22:51 . 2010-02-28 22:48 -------- d-----w- c:\program files\Alcohol 120
2010-02-28 12:17 . 2010-02-28 12:17 -------- d-----w- c:\users\****\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2010-02-28 12:17 . 2010-02-28 12:17 -------- d-----w- c:\program files\Gog
2010-02-28 12:16 . 2010-02-28 12:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-28 08:09 . 2010-02-28 08:09 -------- d-----w- c:\program files\Microsoft Virtual PC
2010-02-28 07:15 . 2010-02-20 01:50 -------- d-----w- c:\program files\Download
2010-02-26 06:06 . 2010-02-26 05:43 344506040 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ }\Manager_10_Update_3.exe
2010-02-23 23:26 . 2010-01-04 09:52 89552 ----a-w- c:\users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 22:16 . 2010-01-25 04:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 00:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 00:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 00:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 00:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 02:00 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 02:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-03 21:01 . 2010-02-24 02:34 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-03 21:01 . 2010-02-24 02:34 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-03 21:01 . 2010-02-24 02:34 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-03 21:01 . 2010-02-24 02:34 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-28 20:04 . 2010-01-28 12:18 31048 ------w- c:\users\****\AppData\Roaming\Tencent\QQ\SafeBase\selfupdate.exe
2010-01-28 12:13 . 2010-01-28 12:12 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AlcoholAutomount"="c:\program files\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-10 6957600]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-08 1067528]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2009-03-16 91648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-17 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-19 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-19 153624]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-04-01 19:06 249600 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Games\FM 10\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):1a,4b,a6,6c,b9,8d,ca,01

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-11-12 57344]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-09-11 9216]
R4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-06-11 30192]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-05 691696]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-04-10 117256]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-01 54528]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-04 112640]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-16 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-04 23:22]

2010-02-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-04 23:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.snotr.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0110&m=aspire_3810t
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: QQ
TCP: {BAD43CA0-8496-4BF2-85DE-9ADC93F518B0} = 202.96.128.86,210.21.4.130
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\eyi3nbme.default\
FF - prefs.js: browser.startup.homepage -
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Cerberus - c:\windows\system32\winlogon.exe.exe
MSConfigStartUp-svchost - c:\users\****\AppData\Local\Temp\svchost.exe
AddRemove-Alien Nations - c:\program files\GOG.com\Alien Nations\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-28 09:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spmn.sys hal.dll >>UNKNOWN [0x857FF938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8339ed24
\Driver\ACPI -> acpi.sys @ 0x807b8d68
\Driver\atapi -> 0x858441f8
\Driver\iaStor -> iaStor.sys @ 0x826c20b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3677950678-2748283930-745290211-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,83,f0,88,bc,e8,c5,e3,41,b5,cb,77,e3,41,f0,f8,c7,e8,9b,20,4c,
b8,c1,42,f1,db,9b,43,25,49,79,f2,a8,04,58,bc,98,e7,28,58,f6,bc,07,4d,88,17,\
"rkeysecu"=hex:0d,c1,bf,e6,bd,46,af,db,d1,70,3a,55,49,91,82,c4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2940)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-04-28 09:32:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-27 21:32

Pre-Run: 10 Verzeichnis(se), 132,384,247,808 Bytes frei
Post-Run: 16 Verzeichnis(se), 132,219,588,608 Bytes frei

- - End Of File - - E46E2E849BFE38C4B6D346770C215EF3

Die von Dir gefundene Fake-svchost ist nun aber weg oder? Rechner auch wieder nromal?
Von McAfee hab ich einige Einträge noch gefunden, hast Du es denn komplett deinstalliert?

Mach zur Kontrolle bitte nochmal Logs mit OSAM Und GMER und poste sie.

Ja hab mcaffee deinstalliert aber Windows hält ja gern an sowas fest. Was ich bei Spybot allerdings regelmäßig finde ist "Right Media" aber ich hab gelesen, das es ein Partnerprodukt von Yahoo ist und es sich immer wieder installiert, wenn man den Yahoomessanger benutzt.

Svchost ist weg und alles läuft wieder sehr gut! Die logs folgen alsbald möglich.

Hier das Osam Log

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:46:45 on 28.04.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"McQcTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"McDefragTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\Windows\system32\AxSWindC.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a343brt1" (a343brt1) - "Microsoft Corporation" - C:\Windows\system32\drivers\a343brt1.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Aspi32" (Aspi32) - "Adaptec" - C:\Windows\System32\drivers\aspi32.sys
"atdu39cb" (atdu39cb) - "Microsoft Corporation" - C:\Windows\system32\drivers\atdu39cb.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc. mferkdk" (mferkdk) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdk.sys
"McAfee Inc. mfesmfk" (mfesmfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfesmfk.sys
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
"Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\Windows\system32\Drivers\vmm.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension" - ? - (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"FlashGet" - "FlashGet.com" - C:\Program Files\FlashGet\FlashGet.exe
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} "FGCatchUrl" - "www.flashget.com" - C:\Program Files\FlashGet\jccatch.dll
{F156768E-81EF-470C-9057-481BA8380DBA} "FlashGet GetFlash Class" - "www.flashget.com" - C:\Program Files\FlashGet\getflash.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB} "McAfee Phishing Filter" - ? - c:\PROGRA~1\mcafee\msk\mskapbho.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan\scriptsn.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Program Files\Alcohol 120\AxAutoMntSrv.exe" -automount
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"autodetect" - ? - C:\Windows\system32\SupportAppXL\AutoDect.exe
"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files\Launch Manager\dsiwmis.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"McAfee Real-time Scanner" (McShield) - "McAfee, Inc." - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===
Mir wurde mitgeteilt, dass Autodetect.exe noch nicht bekannt ist. Es gehört zu meinem Mobile-Broadband USB Stick von der neuseeländischen Telecom.

Wenn ich GMER scannen lassen, gibt es irgendwann einen Bluescreen. Hab aber die Anleitung befolgt.

Dann geh mal nach der Anleitung von OSAM vor um folgende Einträge zu fixen. Damit killen wir auch die restlichen McAfee Einträge:

Zitat:

"McQcTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"McDefragTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc. mferkdk" (mferkdk) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdk.sys
"McAfee Inc. mfesmfk" (mfesmfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfesmfk.sys
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB} "McAfee Phishing Filter" - ? - c:\PROGRA~1\mcafee\msk\mskapbho.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan\scriptsn.dll
"McAfee Real-time Scanner" (McShield) - "McAfee, Inc." - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

Danke noch mal für die schnelle Hilfe. Gut zu wissen, dass man das Internet auch für sinnvolle Dinge benutzen kann.
Schönes Wochenende!!!

Log folgt morgen, kann grad nicht neustarten.

Schön. Dann prüf mal abschließend die wichtigsten Updates wenn das Log durch ist, schädliche Einträge waren da nicht mehr zu sehen.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

OSAM log noch mal:

Läuft aber jetzt alles rund. Updates hab ich auch schon runtergeladen.
Hab jetzt sowieso erstmal kein Internet mehr, kann mir in der nächsten Zeit also auch nichts neues einfangen. Danke nochmal.

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://w'w.online-solutions.ru/en/
Saved at 13:41:07 on 02.05.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
(Disabled) "McQcTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
(Disabled) "McDefragTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\Windows\system32\AxSWindC.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a7nf88bx" (a7nf88bx) - "Microsoft Corporation" - C:\Windows\system32\drivers\a7nf88bx.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"aaryrxwz" (aaryrxwz) - "Microsoft Corporation" - C:\Windows\system32\drivers\aaryrxwz.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Aspi32" (Aspi32) - "Adaptec" - C:\Windows\System32\drivers\aspi32.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
"Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\Windows\system32\Drivers\vmm.sys
(Disabled) "McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
(Disabled) "McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
(Disabled) "McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
(Disabled) "McAfee Inc. mferkdk" (mferkdk) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdk.sys
(Disabled) "McAfee Inc. mfesmfk" (mfesmfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfesmfk.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
(Disabled) {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
(Disabled) {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension" - ? - (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"FlashGet" - "FlashGet.com" - C:\Program Files\FlashGet\FlashGet.exe
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} "FGCatchUrl" - "www.flashget.com" - C:\Program Files\FlashGet\jccatch.dll
{F156768E-81EF-470C-9057-481BA8380DBA} "FlashGet GetFlash Class" - "www.flashget.com" - C:\Program Files\FlashGet\getflash.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB} "McAfee Phishing Filter" - ? - c:\PROGRA~1\mcafee\msk\mskapbho.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan\scriptsn.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Program Files\Alcohol 120\AxAutoMntSrv.exe" -automount
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"autodetect" - ? - C:\Windows\system32\SupportAppXL\AutoDect.exe
"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files\Launch Manager\dsiwmis.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Disabled) "McAfee Real-time Scanner" (McShield) - "McAfee, Inc." - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

===[ Logfile end ]=========================================[ Logfile end ]===