Tr/Kazy.mekml.1 Windows-Recovery

Selvren · 22.04.2011, 22:33

Guten Abend,

ich habe mir heute Abend den Trojaner Windows Recovery eingefangen. Gleiche Symptome wie bei anderen Usern/vorhergehenden Threads.

Von mir bereits ausgeführt:

- rkill
- vollständigen Scan mit Malwarebytes Anti-Malware
- OTL scan

Vielen Dank im Vorraus schonmal.

Code:

ATTFilter

OTL logfile created on: 22.04.2011 23:23:20 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 383,70 Gb Free Space | 85,06% Space Free | Partition Type: NTFS
 
Computer Name: XPS-*** | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (SearchAnonymizer) -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (EMP_NSWLSV) -- C:\Program Files (x86)\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.08 13:24:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.14 08:45:59 | 000,000,000 | ---D | M]
 
[2011.04.08 13:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.07 15:01:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 13:00:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20101117175949.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101117175949.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter]  File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 22:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.04.22 21:48:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.04.22 21:47:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.22 21:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.22 21:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.22 21:47:48 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.22 21:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.22 18:52:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor
[2011.04.18 18:58:16 | 000,081,008 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011.04.18 18:58:14 | 000,068,720 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011.04.18 18:57:47 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011.04.18 18:57:43 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011.04.18 18:57:43 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011.04.18 18:57:40 | 000,968,816 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011.04.18 18:57:19 | 000,031,856 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2011.04.18 18:57:18 | 000,038,512 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011.04.18 18:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011.04.18 18:56:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\VMware
[2011.04.18 18:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2011.04.18 09:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
[2011.04.18 09:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON Projector
[2011.04.18 09:38:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\SEIKO EPSON CORPORATION
[2011.04.18 09:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON Projector
[2011.04.15 09:26:05 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.04.15 09:26:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.15 09:26:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.04.15 09:26:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.04.15 09:26:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.15 09:26:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.15 09:26:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.04.15 09:26:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.15 09:26:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.04.15 09:26:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.15 09:26:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.15 09:26:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.15 09:26:04 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.04.15 09:26:04 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.15 09:06:48 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.04.15 09:06:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.04.15 09:06:47 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.04.15 09:06:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.15 09:06:47 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.04.15 09:06:44 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.04.15 09:06:44 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.04.15 09:06:43 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.15 09:06:43 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.15 09:06:36 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.04.15 09:06:36 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.15 09:06:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.04.15 09:06:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.15 09:05:59 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.04.15 09:05:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.15 09:05:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.15 09:05:54 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.04.15 09:05:54 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.04.15 09:05:54 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.04.15 09:05:54 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.04.15 09:05:54 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.04.15 09:05:54 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.04.15 09:05:54 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.04.15 09:05:52 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011.04.14 08:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.04.14 08:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011.04.14 08:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011.04.14 08:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.04.14 08:42:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Help
[2011.04.14 08:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.04.14 08:32:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2011.04.14 08:32:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.04.13 09:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.04.13 09:26:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe
[2011.03.26 20:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X3 Editor 2
[2011.03.25 22:04:54 | 000,000,000 | -H-D | C] -- C:\X3 Editor 2
[2011.03.25 22:00:54 | 000,252,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnc.dll
[2011.03.25 21:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X3 Editor TC
[2011.03.25 20:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X Plugin Manager
[2011.03.25 20:04:58 | 000,056,880 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2011.03.25 20:04:58 | 000,055,344 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2011.03.25 20:04:58 | 000,045,104 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2011.03.25 20:04:58 | 000,024,112 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2011.03.25 20:04:58 | 000,020,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[2011.03.25 17:25:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X-Tended - Terran Conflict
[2011.03.25 16:14:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\X3 Editor 2
[2011.03.25 16:14:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\X3 Editor 2
[2011.03.25 15:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egosoft
[2011.03.25 14:21:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2011.03.25 13:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EGOSOFT
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 23:06:13 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 23:06:13 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 23:03:09 | 001,508,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.22 23:03:09 | 000,657,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.22 23:03:09 | 000,619,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.22 23:03:09 | 000,131,402 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.22 23:03:09 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.22 22:58:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 22:58:17 | 3010,695,168 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.22 22:57:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.04.22 21:04:58 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~46915336
[2011.04.22 20:28:11 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.04.22 18:52:33 | 000,000,987 | ---- | M] () -- C:\Users\Admin\Desktop\Razor.lnk
[2011.04.22 09:04:42 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.04.18 18:57:15 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011.04.18 18:57:12 | 001,528,524 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.15 15:28:02 | 000,436,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.14 08:34:06 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.04.08 09:36:14 | 498,676,190 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011.03.25 23:27:34 | 000,968,816 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011.03.25 22:00:54 | 000,252,528 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWow64\vmnc.dll
[2011.03.25 20:04:58 | 000,056,880 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2011.03.25 20:04:58 | 000,055,344 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\vnetinst.dll
[2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2011.03.25 20:04:58 | 000,024,112 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
 
========== Files Created - No Company Name ==========
 
[2011.04.22 21:04:58 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~46915336
[2011.04.22 18:52:33 | 000,000,987 | ---- | C] () -- C:\Users\Admin\Desktop\Razor.lnk
[2011.04.18 18:57:15 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011.04.14 08:34:06 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.04.13 09:27:10 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.04.08 13:24:09 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.02.20 23:45:46 | 000,048,475 | ---- | C] () -- C:\Programme\neue_items.scp
[2011.02.13 20:11:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.26 17:42:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\msfeedsd.dll
[2010.12.19 23:20:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.12.09 21:58:19 | 000,172,032 | ---- | C] () -- C:\Windows\UOUninst.exe
[2010.11.24 10:59:47 | 001,528,524 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.29 18:19:52 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.09.29 18:19:52 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.09.29 18:19:52 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.09.29 18:19:52 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.09.29 18:19:48 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.04.14 08:32:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2011.04.17 22:14:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.02.10 19:10:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PCDr
[2011.03.25 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\X3 Editor 2
[2011.04.22 09:04:42 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.04.09 10:07:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.22 20:28:11 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 22.04.2011 23:23:20 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 383,70 Gb Free Space | 85,06% Space Free | Partition Type: NTFS
 
Computer Name: XPS-*** | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A515955-A3D4-4FE6-98C0-E7987FF3279A}" = EMP NS Connection V2.50
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7.3
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}" = Die Siedler 2 - Die nächste Generation
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"720C2B09-106C-4B57-B72F-12C36465CC5D" = X-Tended - Terran Conflict
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Axis" = Axis (remove only)
"Axis2" = Axis2 (remove only)
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"MSC" = McAfee Security Center
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Plants vs. Zombies" = Plants vs. Zombies
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tunngle beta_is1" = Tunngle beta
"UltimaOnline" = Ultima Online 2D
"VLC media player" = VLC media player 1.1.5
"VMware_Player" = VMware Player
"WinLiveSuite" = Windows Live Essentials
"X3 Editor 2" = X3 Editor 2
"X3 Editor TC" = X3 Editor TC
"X3 ModManager" = X3 ModManager
"X3TC Bonuspaket_is1" = X3TC Bonuspaket 4.1.01
"X3TerranConflict_is1" = X3 Terran Conflict v3.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.04.2011 16:37:37 | Computer Name = XPS-*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Name des fehlerhaften Moduls: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ee6  ID des fehlerhaften Prozesses:
 0x1b58  Startzeit der fehlerhaften Anwendung: 0x01cbfd3f1a89505c  Pfad der fehlerhaften
 Anwendung: C:\Program Files\UO\Ultima Online 2D\client.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\UO\Ultima Online 2D\client.exe  Berichtskennung: 87594217-6932-11e0-9a6f-f04da255f9de
 
Error - 17.04.2011 16:52:07 | Computer Name = XPS-*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Name des fehlerhaften Moduls: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ee6  ID des fehlerhaften Prozesses:
 0x2c0  Startzeit der fehlerhaften Anwendung: 0x01cbfd3f794641eb  Pfad der fehlerhaften
 Anwendung: C:\Program Files\UO\Ultima Online 2D\client.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\UO\Ultima Online 2D\client.exe  Berichtskennung: 8e5332f2-6934-11e0-9a6f-f04da255f9de
 
Error - 17.04.2011 16:54:06 | Computer Name = XPS-*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Name des fehlerhaften Moduls: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ee6  ID des fehlerhaften Prozesses:
 0x1618  Startzeit der fehlerhaften Anwendung: 0x01cbfd4155c2ce60  Pfad der fehlerhaften
 Anwendung: C:\Program Files\UO\Ultima Online 2D\client.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\UO\Ultima Online 2D\client.exe  Berichtskennung: d50416fd-6934-11e0-9a6f-f04da255f9de
 
Error - 17.04.2011 16:54:19 | Computer Name = XPS-*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Name des fehlerhaften Moduls: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ee6  ID des fehlerhaften Prozesses:
 0x1990  Startzeit der fehlerhaften Anwendung: 0x01cbfd4198e80d61  Pfad der fehlerhaften
 Anwendung: C:\Program Files\UO\Ultima Online 2D\client.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\UO\Ultima Online 2D\client.exe  Berichtskennung: dcb66ad7-6934-11e0-9a6f-f04da255f9de
 
Error - 17.04.2011 17:03:03 | Computer Name = XPS-*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Name des fehlerhaften Moduls: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ee6  ID des fehlerhaften Prozesses:
 0x18ec  Startzeit der fehlerhaften Anwendung: 0x01cbfd41a0d1c5ba  Pfad der fehlerhaften
 Anwendung: C:\Program Files\UO\Ultima Online 2D\client.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\UO\Ultima Online 2D\client.exe  Berichtskennung: 15523022-6936-11e0-9a6f-f04da255f9de
 
Error - 17.04.2011 18:26:22 | Computer Name = XPS-*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Name des fehlerhaften Moduls: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ee6  ID des fehlerhaften Prozesses:
 0xf9c  Startzeit der fehlerhaften Anwendung: 0x01cbfd42d91641ff  Pfad der fehlerhaften
 Anwendung: C:\Program Files\UO\Ultima Online 2D\client.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\UO\Ultima Online 2D\client.exe  Berichtskennung: b8fafe49-6941-11e0-9a6f-f04da255f9de
 
Error - 17.04.2011 18:26:48 | Computer Name = XPS-*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Name des fehlerhaften Moduls: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ee6  ID des fehlerhaften Prozesses:
 0x140c  Startzeit der fehlerhaften Anwendung: 0x01cbfd4e84a8534d  Pfad der fehlerhaften
 Anwendung: C:\Program Files\UO\Ultima Online 2D\client.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\UO\Ultima Online 2D\client.exe  Berichtskennung: c8626527-6941-11e0-9a6f-f04da255f9de
 
Error - 17.04.2011 18:27:05 | Computer Name = XPS-*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Name des fehlerhaften Moduls: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ee6  ID des fehlerhaften Prozesses:
 0x498  Startzeit der fehlerhaften Anwendung: 0x01cbfd4e8d1176b4  Pfad der fehlerhaften
 Anwendung: C:\Program Files\UO\Ultima Online 2D\client.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\UO\Ultima Online 2D\client.exe  Berichtskennung: d2880c20-6941-11e0-9a6f-f04da255f9de
 
Error - 17.04.2011 18:46:47 | Computer Name = XPS-*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Name des fehlerhaften Moduls: client.exe, Version: 6.0.1.4, Zeitstempel:
 0x4671aeac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ee6  ID des fehlerhaften Prozesses:
 0xbe4  Startzeit der fehlerhaften Anwendung: 0x01cbfd4ea371c9c5  Pfad der fehlerhaften
 Anwendung: C:\Program Files\UO\Ultima Online 2D\client.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\UO\Ultima Online 2D\client.exe  Berichtskennung: 931e976c-6944-11e0-9a6f-f04da255f9de
 
Error - 17.04.2011 19:20:00 | Computer Name = XPS-*** | Source = EventSystem | ID = 4621
Description = 
 
[ Dell Events ]
Error - 24.11.2010 12:17:14 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 24.11.2010 13:50:50 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 24.11.2010 13:50:50 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 24.11.2010 15:16:39 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 24.11.2010 15:16:39 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 01.12.2010 03:08:58 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 01.12.2010 03:08:58 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 15.12.2010 13:33:01 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 15.12.2010 13:33:01 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 22.04.2011 16:00:35 | Computer Name = XPS-*** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 21.02.2011 08:48:26 | Computer Name = XPS-*** | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 21.02.2011 16:52:04 | Computer Name = XPS-*** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?02.?2011 um 21:50:28 unerwartet heruntergefahren.
 
Error - 21.02.2011 16:52:25 | Computer Name = XPS-*** | Source = BugCheck | ID = 1001
Description = 
 
Error - 21.02.2011 20:33:21 | Computer Name = XPS-*** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 25.02.2011 04:10:57 | Computer Name = XPS-*** | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 25.02.2011 04:10:57 | Computer Name = XPS-*** | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 27.02.2011 06:28:27 | Computer Name = XPS-*** | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 01.03.2011 19:30:03 | Computer Name = XPS-*** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?03.?2011 um 19:17:25 unerwartet heruntergefahren.
 
Error - 05.03.2011 13:52:23 | Computer Name = XPS-*** | Source = DCOM | ID = 10010
Description = 
 
Error - 07.03.2011 06:53:34 | Computer Name = XPS-*** | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

*edit*
Hatte den Malwarebyzes Log vergessen. Der erste Log ist, warum auch immer nicht mehr da. Beim ersten mal hat das Programm 5 infizierte Dateien gefunden und gelöscht.
Hab eben nochmal einen vollständigen Scan gemacht:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.04.2011 00:22:49
mbam-log-2011-04-23 (00-22-49).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 274645
Time elapsed: 41 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cosinus · 25.04.2011, 14:47

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Selvren · 25.04.2011, 23:08

Hab noch einige Logs am nächsten Tag gemacht. Hatte mir dann aber wohl nochmals den Trojaner eingefangen, warsch. der selbe Download..
Hatte da nochmals das Tutorial aus dem Forum abgearbeitet.
Hier noch alle weiteren Malewarebytes logs:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.04.2011 23:07:55
mbam-log-2011-04-22 (23-07-55).txt

Scan type: Quick scan
Objects scanned: 145728
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.04.2011 00:22:49
mbam-log-2011-04-23 (00-22-49).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 274645
Time elapsed: 41 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hier jetzt die Logs nachdem ich den PC nochmals infiziert hatte und danach "gesäubert" habe:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25.04.2011 01:17:47
mbam-log-2011-04-25 (01-17-47).txt

Scan type: Quick scan
Objects scanned: 145776
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
c:\Users\Seibert\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\NJ6PR6YA\info[1].exe (Trojan.FakeAlert) -> 1356 -> Unloaded process successfully.
c:\programdata\rfxxnmedljbla.exe (Trojan.FakeAlert) -> 2484 -> Unloaded process successfully.
c:\programdata\46456584.exe (Trojan.FakeAlert) -> 808 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfxXnMEdlJbla (Trojan.FakeAlert) -> Value: rfxXnMEdlJbla -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Seibert\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Seibert\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\NJ6PR6YA\info[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\rfxxnmedljbla.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\46456584.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Seibert\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Seibert\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Seibert\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Seibert\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25.04.2011 02:23:45
mbam-log-2011-04-25 (02-23-45).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 278650
Time elapsed: 1 hour(s), 1 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cosinus · 26.04.2011, 11:16

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2011.04.22 21:04:58 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~46915336
[2011.02.10 19:10:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PCDr
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Selvren · 26.04.2011, 15:06

Habe den OTL-Fix wie angegeben durchgeführt. Hier nun der Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\ProgramData\~46915336 moved successfully.
C:\Users\Admin\AppData\Roaming\PCDr\Update\Logs folder moved successfully.
C:\Users\Admin\AppData\Roaming\PCDr\Update folder moved successfully.
C:\Users\Admin\AppData\Roaming\PCDr folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 15692562 bytes
->Temporary Internet Files folder emptied: 28506544 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 573 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 185381794 bytes
->Temporary Internet Files folder emptied: 155732158 bytes
->Java cache emptied: 4522132 bytes
->FireFox cache emptied: 109469220 bytes
->Flash cache emptied: 65188 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32054162 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 71321 bytes
RecycleBin emptied: 53939871 bytes
 
Total Files Cleaned = 558,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04262011_153756

Files\Folders moved on Reboot...
File move failed. C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2424.log moved successfully.

Registry entries deleted on Reboot...

cosinus · 26.04.2011, 17:24

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Selvren · 27.04.2011, 11:36

Programm TDSSKiller wurde ausgeführt, eine Datei gefunden und entfernt. TDSSKiller nochmals ausgeführt, keine weitere Datei gefunden.
Danach wie angegeben einen Malwarebytesscan durchgeführt, hier der Log.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.04.2011 11:09:12
mbam-log-2011-04-27 (11-09-12).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 264827
Time elapsed: 52 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Unhide ausgeführt, alles wieder sichtbar.

Ich hoffe das war es jetzt

.
In diesem Sinne möchte ich euch und besonders dir cosinus für die schnelle Hilfe danken.

cosinus · 27.04.2011, 11:58

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Selvren · 27.04.2011, 12:44

CCleaner durchgeführt, danach Cofi.exe ausgeführt. Hier der entsprechende Log:

Code:

ATTFilter

ComboFix 11-04-26.03 - Admin 27.04.2011  13:35:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3828.2470 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\5744\Downloads\162088e9-0b41-471a-947d-e6bfb7774266.dll
c:\programdata\PCDr\5744\Downloads\2da1393a-9d2c-436b-a660-c3dd133e9836.dll
c:\programdata\PCDr\5744\Downloads\3060b7ae-c612-4b71-be9a-0721727ba831.dll
c:\programdata\PCDr\5744\Downloads\38db339b-86cf-40c4-86da-57495513b374.dll
c:\programdata\PCDr\5744\Downloads\5f66a5f6-96e8-487a-b1da-d49f4e9f0813.dll
c:\programdata\PCDr\5744\Downloads\61963b16-da7a-4faf-ba6b-14eb102d0df8.dll
c:\programdata\PCDr\5744\Downloads\69bf7709-6da5-40eb-b648-3731ebda143c.dll
c:\programdata\PCDr\5744\Downloads\70b66070-48fe-4fad-ac33-5f17042d5ee7.dll
c:\programdata\PCDr\5744\Downloads\890823c6-b297-4c5e-8839-80468e0508dc.dll
c:\programdata\PCDr\5744\Downloads\a2f393bb-92a1-4fda-a382-66896efa06dd.dll
c:\programdata\PCDr\5744\Downloads\b0ad9f03-890a-4558-bcd7-38c10ea44def.dll
c:\programdata\PCDr\5744\Downloads\db760e79-da96-4a2b-a687-8256c6e72fb6.dll
c:\programdata\PCDr\5744\Downloads\f6b10855-5837-4857-9c20-c7b6a6dc2589.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-27 bis 2011-04-27  ))))))))))))))))))))))))))))))
.
.
2011-04-27 11:39 . 2011-04-27 11:39	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-04-27 11:39 . 2011-04-27 11:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-27 11:39 . 2011-04-27 11:39	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2011-04-27 11:32 . 2011-04-27 11:32	--------	d-----w-	c:\users\Admin\AppData\Local\DataSafeOnline
2011-04-27 11:22 . 2011-04-27 11:22	--------	d-----w-	c:\program files\CCleaner
2011-04-27 07:56 . 2011-04-27 07:56	--------	d-----w-	c:\users\***\AppData\Local\{008E2035-1509-47DA-A0AF-569AC7542F29}
2011-04-26 14:15 . 2011-04-26 14:15	--------	d-----w-	c:\users\Admin\AppData\Roaming\PCDr
2011-04-26 13:37 . 2011-04-26 13:37	--------	d-----w-	C:\_OTL
2011-04-26 08:31 . 2011-04-26 08:33	--------	d-----w-	c:\users\***\AppData\Local\{24745303-F1B7-4FCB-B1A7-A26B10B3DFF4}
2011-04-25 16:55 . 2011-04-25 16:55	--------	d-----w-	c:\users\***\AppData\Local\{8F0DECFE-E0F1-4F11-888A-96B9FDC96CA0}
2011-04-24 23:20 . 2011-04-24 23:20	--------	d-----w-	c:\users\***\AppData\Local\{4F535413-8E1F-4523-A849-CDD02DBB0E4D}
2011-04-24 09:26 . 2011-04-24 09:27	--------	d-----w-	c:\users\***\AppData\Local\{097113EA-9B21-4FAC-991B-E739E4C6E9F6}
2011-04-23 08:05 . 2011-04-23 08:06	--------	d-----w-	c:\users\***\AppData\Local\{03A04FD9-6655-434F-B9B2-E1DB78B50313}
2011-04-22 20:59 . 2011-04-22 20:59	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-04-22 19:48 . 2011-04-22 19:48	--------	d-----w-	c:\users\Admin\AppData\Roaming\Malwarebytes
2011-04-22 19:47 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-22 19:47 . 2011-04-22 19:47	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-22 19:47 . 2011-04-22 19:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-22 19:47 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-22 19:11 . 2011-04-22 19:12	--------	d-----w-	c:\users\***\AppData\Local\{9CFD95B6-16A7-43FD-975D-B14ADE40A30E}
2011-04-22 07:07 . 2011-04-22 07:11	--------	d-----w-	c:\users\***\AppData\Local\{42B4991A-065C-4A75-A2C6-4B9CDAE722D4}
2011-04-19 07:46 . 2011-04-19 07:46	--------	d-----w-	c:\users\***\AppData\Local\{5BEF0744-F553-47FA-ACD6-A7951D09CBB7}
2011-04-18 19:13 . 2011-04-18 19:13	--------	d-----w-	c:\users\***\AppData\Local\{EE573AE5-4AD9-4E35-86DF-BBA7E37D03AA}
2011-04-18 18:59 . 2011-04-18 19:03	--------	d-----w-	c:\users\***\AppData\Local\VMware
2011-04-18 18:57 . 2011-04-18 19:01	--------	d-----w-	c:\users\***\AppData\Roaming\VMware
2011-04-18 16:58 . 2011-03-25 21:27	81008	----a-w-	c:\windows\system32\drivers\vmci.sys
2011-04-18 16:58 . 2011-03-25 21:27	68720	----a-w-	c:\windows\system32\drivers\vmx86.sys
2011-04-18 16:57 . 2011-03-25 21:26	334448	----a-w-	c:\windows\SysWow64\vmnetdhcp.exe
2011-04-18 16:57 . 2011-03-25 21:26	404080	----a-w-	c:\windows\SysWow64\vmnat.exe
2011-04-18 16:57 . 2011-03-25 21:25	30320	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2011-04-18 16:57 . 2011-03-25 21:27	968816	----a-w-	c:\windows\system32\vnetlib64.dll
2011-04-18 16:57 . 2011-03-25 21:25	31856	----a-w-	c:\windows\system32\drivers\VMkbd.sys
2011-04-18 16:57 . 2011-03-25 20:27	38512	----a-w-	c:\windows\system32\drivers\hcmon.sys
2011-04-18 16:57 . 2011-04-18 16:57	--------	d-----w-	c:\program files (x86)\Common Files\VMware
2011-04-18 16:56 . 2011-04-27 08:14	--------	d-----w-	c:\programdata\VMware
2011-04-18 16:56 . 2011-04-18 16:56	--------	d-----w-	c:\program files (x86)\VMware
2011-04-18 07:38 . 2011-04-18 07:38	--------	d-----w-	c:\program files (x86)\Common Files\EPSON Projector
2011-04-18 07:38 . 2011-04-18 07:38	--------	d-----w-	c:\programdata\SEIKO EPSON CORPORATION
2011-04-18 07:38 . 2011-04-18 07:38	--------	d-----w-	c:\program files (x86)\EPSON Projector
2011-04-18 07:36 . 2011-04-18 07:36	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-04-18 07:36 . 2003-02-27 14:12	696320	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-04-18 07:36 . 2002-12-05 12:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-04-18 07:36 . 2002-12-02 13:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-04-18 07:36 . 2002-12-02 11:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-04-18 07:36 . 2002-12-02 11:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-04-18 07:36 . 2011-04-18 07:36	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-04-17 20:10 . 2011-04-17 20:11	--------	d-----w-	c:\users\***\AppData\Local\{0508ABFB-1A8C-4096-8FA9-7BFED9C59D14}
2011-04-15 13:30 . 2011-04-15 13:30	--------	d-----w-	c:\users\***\AppData\Local\{771FA79F-6B2B-4123-9354-5006DA48F003}
2011-04-15 09:22 . 2011-04-15 09:22	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-04-15 07:06 . 2011-02-24 06:30	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-14 06:45 . 2011-04-14 06:48	--------	d-----w-	c:\program files (x86)\Microsoft Works
2011-04-14 06:43 . 2011-04-14 06:43	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2011-04-14 06:42 . 2011-04-14 06:42	--------	d-----w-	c:\users\Admin\AppData\Local\Microsoft Help
2011-04-14 06:40 . 2011-04-14 06:40	--------	d-----w-	c:\users\***\AppData\Roaming\DAEMON Tools Lite
2011-04-14 06:33 . 2011-04-14 06:34	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2011-04-14 06:32 . 2011-04-14 06:32	--------	d-----w-	c:\users\Admin\AppData\Roaming\DAEMON Tools Lite
2011-04-14 06:32 . 2011-04-14 06:32	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2011-04-13 21:31 . 2011-04-13 21:31	--------	d-----w-	c:\users\***\AppData\Local\{55519980-F425-403E-81AB-44067A6E4721}
2011-04-13 07:26 . 2011-04-13 07:26	--------	d-----w-	c:\users\Admin\AppData\Local\Adobe
2011-04-13 06:04 . 2011-04-13 06:04	--------	d-----w-	c:\users\***\AppData\Local\{C0CBAE2C-5408-438E-AB50-96CA9A1A28DA}
2011-04-12 11:20 . 2011-04-12 11:20	--------	d-----w-	c:\users\***\AppData\Local\{7EC5D86F-606F-4353-BE96-2476CB906263}
2011-04-09 08:07 . 2011-04-09 08:08	--------	d-----w-	c:\users\***\AppData\Local\{97D0F473-43B8-44FA-85E2-1CF44CEEBDB5}
2011-04-08 11:24 . 2011-03-18 17:56	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-08 11:24 . 2011-03-18 17:56	781272	----a-w-	c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-08 11:24 . 2011-03-18 17:56	728024	----a-w-	c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-08 11:24 . 2011-03-18 17:56	1975768	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-08 11:24 . 2011-03-18 17:56	1893336	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-08 11:24 . 2011-03-18 17:56	1874904	----a-w-	c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-08 11:24 . 2011-03-18 17:56	15832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-08 11:24 . 2011-03-18 17:56	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-08 05:55 . 2011-04-08 05:55	--------	d-----w-	c:\users\***\AppData\Local\{FBDF324C-7402-4EF7-9C4E-D5967C091252}
2011-04-07 09:12 . 2011-04-07 09:12	--------	d-----w-	c:\users\***\AppData\Local\{113D2F74-EB82-404E-ADB3-912D5CCCB158}
2011-04-06 15:19 . 2011-04-06 15:19	--------	d-----w-	c:\users\***\AppData\Local\{498B14AE-DCF0-437F-8696-1D151EAC7DE1}
2011-04-05 06:08 . 2011-04-05 06:08	--------	d-----w-	c:\users\***\AppData\Local\{64BAE194-172A-4A99-A157-F8917C5732D2}
2011-04-04 10:22 . 2011-04-04 10:22	--------	d-----w-	c:\users\***\AppData\Local\{29CCDEE6-90C9-416F-8E7D-9FC208330E47}
2011-04-03 08:13 . 2011-04-03 08:13	--------	d-----w-	c:\users\***\AppData\Local\{53E39D59-6A96-46E8-BA2F-5A0E35313524}
2011-04-02 07:52 . 2011-04-02 07:52	--------	d-----w-	c:\users\***\AppData\Local\{C61AB79D-464D-47A6-9D01-13518D599381}
2011-04-01 09:20 . 2011-04-01 09:20	--------	d-----w-	c:\users\***\AppData\Local\{15868057-23E0-475F-8764-44796943E885}
2011-03-31 06:04 . 2011-03-31 06:04	--------	d-----w-	c:\users\***\AppData\Local\{EEA57434-8A49-4B8B-9FBB-CBC228192CC3}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 20:00 . 2011-03-25 20:00	252528	----a-w-	c:\windows\SysWow64\vmnc.dll
2011-03-25 18:04 . 2011-03-25 18:04	56880	----a-w-	c:\windows\system32\vmnetbridge.dll
2011-03-25 18:04 . 2011-03-25 18:04	55344	----a-w-	c:\windows\system32\vnetinst.dll
2011-03-25 18:04 . 2011-03-25 18:04	45104	----a-w-	c:\windows\system32\drivers\vmnetbridge.sys
2011-03-25 18:04 . 2011-03-25 18:04	24112	----a-w-	c:\windows\system32\drivers\vmnet.sys
2011-03-25 18:04 . 2011-03-25 18:04	20016	----a-w-	c:\windows\system32\drivers\vmnetadapter.sys
2011-03-15 19:14 . 2011-03-15 19:14	34064	----a-w-	c:\windows\SysWow64\lhacm.acm
2011-03-09 10:56 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-09 10:42	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 10:42	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 10:42	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 10:42	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 10:42	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-03-10 119608]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 EMP_NSWLSV;EMP_NSWLSV;c:\program files (x86)\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe [2008-05-09 98304]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 149032]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-12 1620584]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-12-29 40960]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-12 235624]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMDB
*Deregistered* - klmd25
*Deregistered* - klmdb
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-04-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-03 6486120]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-03 2120808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-08-04 3206816]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-12 283240]
"Ocs_SM"="c:\users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-12-29 106496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
SafeBoot-klmdb.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-720C2B09-106C-4B57-B72F-12C36465CC5D - c:\program files (x86)\EGOSOFT\X3 Terran Conflict\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1309608664-4214483280-1781727801-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1309608664-4214483280-1781727801-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-27  13:41:41
ComboFix-quarantined-files.txt  2011-04-27 11:41
.
Vor Suchlauf: 17 Verzeichnis(se), 416.534.474.752 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 416.429.473.792 Bytes frei
.
- - End Of File - - C1346A2391977201F3226CF681C8F8C5

cosinus · 27.04.2011, 13:37

Zitat:

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

Kannst du die deinstallieren? Sowas ist völlig kontraproduktiv! Die Windows-Firewall ist da deutlich effektiver.

Selvren · 27.04.2011, 14:16

Deinstallieren, ich kann die höchstens deaktivieren? Ich bin leider nicht so ganz auf der Höhe mit Computersoftware.

McAfee war auf diesem Laptop bereits vorinstalliert (Glaube 12 Monate Lizenz o.Ä. - Dell eben)

Ist diese den absolut unbrauchbar? Sprich McAfee rauswerfen und auf AntiVir/Windows Firewall umsteigen? (So hatte ich das bei meinem alten PC)

cosinus · 27.04.2011, 14:41

Zitat:

Sprich McAfee rauswerfen und auf AntiVir/Windows Firewall umsteigen? (So hatte ich das bei meinem alten PC)

Ja dann mach das. AntiVir+Win-Firewall oder MSE+Windows-Firewall ist deutlich sinnvoller als die fetten unsicheren Pakete, die oft Internet Security oder Suite schimpfen.

Selvren · 27.04.2011, 15:04

Okay mache ich.

Vielen Dank nochmal für die Hilfe und für die Beratung in Sachen Anti-Viren Programmen

cosinus · 27.04.2011, 15:28

Mach danach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Selvren · 28.04.2011, 14:20

Beim SUPERAntiSpyware ist mir der erste Log (warum auch immer) abhanden gekommen. Dort wurden 17 infizierte Dateien gefunden und gelöscht.
Habe daraufhin nochmals einen weitern Scan durchgeführt:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/28/2011 at 02:16 PM

Application Version : 4.51.1000

Core Rules Database Version : 6943
Trace Rules Database Version: 4755

Scan type       : Complete Scan
Total Scan Time : 01:19:46

Memory items scanned      : 563
Memory threats detected   : 0
Registry items scanned    : 15185
Registry threats detected : 0
File items scanned        : 126462
File threats detected     : 2

Adware.Tracking Cookie
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[1].txt

Der Malewarebytes log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.04.2011 14:57:31
mbam-log-2011-04-28 (14-57-31).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 262408
Time elapsed: 34 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

25.04.2011, 14:47	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Tr/Kazy.mekml.1 Windows-Recovery Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

27.04.2011, 15:28	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Tr/Kazy.mekml.1 Windows-Recovery Mach danach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Tr/Kazy.mekml.1 Windows-Recovery

Log-Analyse und Auswertung: Tr/Kazy.mekml.1 Windows-Recovery