Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7 Anti-Virus 2011 und Windows Recovery

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.05.2011, 21:59   #1
Contotion
 
Win7 Anti-Virus 2011 und Windows Recovery - Standard

Win7 Anti-Virus 2011 und Windows Recovery



Hey Leute,

Habe grade auf meinem PC (Win7) ein dickes Problem. Und zwar haben sich bei mir sowohl Win7 Anti-Virus 2011 als auch Windows Recovery eingenistet. Es erscheinen dauernd Fake-Meldungen, Firefox zeigt keine Seiten mehr sondern Warnungen (auf englisch, also auch Fake) an. Ausserdem ist der Desktop schwarz und es sind keine Programme/Dateien zu sehen. So wie ich das bisher erlesen habe sollen diese nur unsichtbar und nicht gelöscht sein, allerdings bleiben diese nach Benutzen von unhide.exe verschwunden. Ausserdem kommen (echt aussehende) Meldungen, dass die Festplatte beschädigt sein könnte. Schreibe grade über meinen Laptop.

So wie ich das gelesen habe, bin ich nicht der einzige mit diesem Problem, habe aber noch nirgendwo eine passende Anleitung gefunden, wie ich meinen Computer wieder in gewohnte Bahnen laufen lassen kann.

Danke schonmal,

Alex

Alt 08.05.2011, 00:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 Anti-Virus 2011 und Windows Recovery - Standard

Win7 Anti-Virus 2011 und Windows Recovery



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 08.05.2011, 10:12   #3
Contotion
 
Win7 Anti-Virus 2011 und Windows Recovery - Standard

Win7 Anti-Virus 2011 und Windows Recovery



Hey,

habe nun folgendes gemacht:

Rkill.exe angewendet, danach unhide.exe. Durch unhide wurde ein Teil der Programme und Dateien sichtbar. Dann habe ich Malwarebytes durchgeführt:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6528

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.05.2011 03:17:51
mbam-log-2011-05-08 (03-17-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 338876
Laufzeit: 1 Stunde(n), 3 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 21

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\janalexander\AppData\Local\KBEWMS.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\janalexander\AppData\Local\osimutivolubu.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wsomesebebebagu (Trojan.Hiloti) -> Value: Wsomesebebebagu -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NuHveRXdmtu (Trojan.FakeAlert) -> Value: NuHveRXdmtu -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kwivo (Trojan.Agent.U) -> Value: Kwivo -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\JanAlexander\AppData\Local\qqe.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\JanAlexander\AppData\Local\qqe.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\JanAlexander\AppData\Local\qqe.exe" -a "C:\Program Files (x86)\Int") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Users\janalexander\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\janalexander\AppData\Local\KBEWMS.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\programdata\nuhverxdmtu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\alte festplatte\neuer ordner\neuer ordner\Desktop\alles sowas - ändern!\nützliches\removewga12.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.
c:\programdata\44293880.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Local\hvy.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Local\qqe.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Local\Temp\0.6370049644348916.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Local\Temp\3630.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Local\Temp\EC93.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Local\Temp\setup2841794560.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Local\Temp\setup3998325704.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\LocalLow\Sun\Java\deployment\cache\6.0\27\4f00db9b-789e9363 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Roaming\8948810\bbzzkzz17.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Roaming\Adobe\plugs\mmc10571797.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\janalexander\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Roaming\Adobe\plugs\mmc105.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Roaming\Adobe\plugs\mmc236.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\janalexander\AppData\Local\osimutivolubu.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
Da weiterhin Sachen nicht sichtbar waren und auch noch Programme wie Antivirus_Antispyware zu finden waren, habe ich diese OTH-Sache durchgeführt und wieder mit Malwarebytes gecannt:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6528

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.05.2011 10:48:27
mbam-log-2011-05-08 (10-48-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156937
Laufzeit: 3 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Weiterhin kein Erfolg, also mit OTL gescannt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.05.2011 10:53:54 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,96 Gb Total Space | 627,19 Gb Free Space | 68,18% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\Desktop\OTH.scr (OldTimer Tools)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( )
SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (lxcz_device) -- C:\Windows\SysWow64\lxczcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\nmwcdx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\nmwcdcx64.sys (Nokia)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.07 21:41:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.07 21:41:33 | 000,000,000 | ---D | M]
 
[2010.09.12 21:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.05.07 20:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0b34qd5.default\extensions
[2010.09.12 21:57:09 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0b34qd5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.12.31 00:26:02 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0b34qd5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\e0b34qd5.default\searchplugins\conduit.xml
[2011.05.07 08:42:56 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\e0b34qd5.default\searchplugins\icqplugin.xml
[2010.09.12 21:55:40 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\e0b34qd5.default\searchplugins\sweetim.xml
[2010.12.21 15:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.21 15:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.05.07 21:56:35 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\***\APPDATA\LOCAL\{87A5AD01-DF07-4BB5-8F91-B6CF924DBE56}
[2011.05.07 21:41:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.05.07 21:41:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.07 21:41:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.07 21:41:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.07 21:41:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.07 21:41:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.07 21:41:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20101109213126.dll (McAfee, Inc.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101109213126.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [appcfgHelper] C:\Users\JanAlexander\AppData\Local\SysMobilent5\appcfgHelper.dll ()
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\JanAlexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.24 12:33:55 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.08 10:50:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\JanAlexander\Desktop\OTL.exe
[2011.05.08 10:39:37 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\JanAlexander\Desktop\OTH.scr
[2011.05.08 10:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.05.08 00:12:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Anti-Virus Jan
[2011.05.07 21:56:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{87A5AD01-DF07-4BB5-8F91-B6CF924DBE56}
[2011.05.01 22:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sinvise Systems
[2011.05.01 22:24:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sinvise Systems
[2011.05.01 22:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sinvise Systems
[2011.04.28 14:08:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus_AntiSpyware_2011
[2011.04.28 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SysMobilent5
[2011.04.28 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\7048468
[2011.04.27 17:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011.04.27 17:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.24 12:33:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2011.04.24 12:33:42 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011.04.24 12:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2011.04.24 12:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011.04.24 12:00:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AntiVirus_AntiSpyware_2011
[2011.04.24 11:59:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\compatMouseServ
[2011.04.24 11:59:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\8948810
[2011.04.12 18:54:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MessageViewerPro
[2011.04.12 18:54:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MSGView
[2011.04.12 18:54:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Encryptomatic, LLC
[2011.04.08 15:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.04.08 15:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010.09.29 19:30:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2010.09.29 19:30:40 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2010.09.29 19:30:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2010.09.29 19:30:39 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2010.09.29 19:30:39 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2010.09.29 19:30:39 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2010.09.29 19:30:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2010.09.29 19:30:39 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2010.09.29 19:30:39 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2010.09.29 19:30:39 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2010.09.29 19:30:39 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2010.09.29 19:30:39 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2010.09.29 19:30:39 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2010.09.29 19:30:39 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2010.09.29 19:30:39 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.08 10:50:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.05.08 10:45:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 10:45:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 10:39:29 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr
[2011.05.08 10:36:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.08 10:36:44 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.08 03:24:41 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.08 03:24:41 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.08 03:24:41 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.08 03:24:41 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.08 03:24:41 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.07 23:18:56 | 000,010,946 | -HS- | M] () -- C:\Users\***\AppData\Local\ch156lu6hg54h06t31awj4
[2011.05.07 23:18:56 | 000,010,946 | -HS- | M] () -- C:\ProgramData\ch156lu6hg54h06t31awj4
[2011.05.07 21:58:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~44293880
[2011.05.07 21:56:36 | 000,000,120 | ---- | M] () -- C:\Users\***\AppData\Local\Lmizuvubo.dat
[2011.05.07 21:56:36 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\Clirazayujupili.bin
[2011.05.07 21:54:12 | 000,000,000 | ---- | M] () -- C:\Users\***\2gweorjqjutp92vjy9gake
[2011.05.01 22:24:12 | 000,002,815 | ---- | M] () -- C:\Users\***\Desktop\Shutdown Timer.lnk
[2011.04.24 12:33:55 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011.04.15 15:04:09 | 000,276,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.12 18:54:10 | 000,001,313 | ---- | M] () -- C:\Users\***\Desktop\MessageViewerPro.lnk
[2011.04.08 15:56:43 | 000,000,978 | ---- | M] () -- C:\Users\***\Desktop\7-Zip File Manager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.07 21:58:19 | 000,000,040 | ---- | C] () -- C:\ProgramData\~44293880
[2011.05.07 21:56:36 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Local\Lmizuvubo.dat
[2011.05.07 21:56:36 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Clirazayujupili.bin
[2011.05.07 21:54:25 | 000,010,946 | -HS- | C] () -- C:\Users\***\AppData\Local\ch156lu6hg54h06t31awj4
[2011.05.07 21:54:25 | 000,010,946 | -HS- | C] () -- C:\ProgramData\ch156lu6hg54h06t31awj4
[2011.05.07 21:54:12 | 000,000,000 | ---- | C] () -- C:\Users\***\2gweorjqjutp92vjy9gake
[2011.05.02 23:03:22 | 000,002,815 | ---- | C] () -- C:\Users\***\Desktop\Shutdown Timer.lnk
[2011.04.28 14:08:47 | 000,001,951 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus_AntiSpyware_2011.lnk
[2011.04.24 12:33:55 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011.04.12 18:54:10 | 000,001,313 | ---- | C] () -- C:\Users\***\Desktop\MessageViewerPro.lnk
[2011.04.08 15:56:43 | 000,000,978 | ---- | C] () -- C:\Users\***\Desktop\7-Zip File Manager.lnk
[2011.04.05 11:30:49 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
[2011.04.05 11:29:27 | 000,000,332 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.11.11 21:44:34 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.29 19:31:14 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010.09.29 19:30:40 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2010.09.29 19:30:40 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2010.09.05 04:31:16 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.09.04 18:48:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997.06.14 02:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.05.06 17:43:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7048468
[2011.05.08 03:17:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\8948810
[2011.05.06 17:43:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AntiVirus_AntiSpyware_2011
[2010.09.26 00:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broad Intelligence
[2010.12.31 00:26:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.11 21:49:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2010.12.26 15:22:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Encryptomatic, LLC
[2011.05.08 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.12.26 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MessageViewer
[2011.04.12 18:54:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MessageViewerPro
[2011.04.12 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MSGView
[2010.10.04 21:05:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.10.02 12:53:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP
[2011.05.01 22:24:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sinvise Systems
[2011.05.07 15:10:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2010.11.11 21:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.05.05 13:57:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

und der zweite Log:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.05.2011 10:53:54 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\JanAlexander\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,96 Gb Total Space | 627,19 Gb Free Space | 68,18% Space Free | Partition Type: NTFS
 
Computer Name: PCJANALEXANDER | User Name: JanAlexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{3EA71966-4551-1758-775B-91769B69720A}" = ccc-utility64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{0E428946-8332-B93E-9C26-8ADFCEB8DDD8}" = CCC Help Spanish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{114EA307-D8C8-C17C-4908-4A6F01EFFE1A}" = CCC Help Thai
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{19D26A2C-D822-484F-908F-34EA2FB8852E}" = Shutdown Timer
"{1B37E535-AEFD-A318-5424-BDCD373D7F1C}" = Catalyst Control Center Localization All
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AE5481-1D87-5BAA-A18E-176953166A1D}" = Skins
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2AD129C1-F00C-4F99-74DC-864008611F81}" = Catalyst Control Center InstallProxy
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3AEB8580-42C8-E795-F770-5149255C4632}" = CCC Help Greek
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E46429B-5FB3-4A9C-AE0B-33EAF6763B35}" = MessageViewer Lite
"{3E89148E-8827-DB7C-57E7-7C3555DDB752}" = CCC Help Dutch
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{41EBC322-660F-4D16-A0DF-53147210CBDB}" = SpyHunter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8F48C5-6FAC-9744-55C9-38BF1F0C9425}" = CCC Help Russian
"{4F77DCBA-7370-CBAF-EF25-6FEB29541C84}" = CCC Help Czech
"{514D3391-F031-78C7-8939-94023AC8AB74}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A05DF12-909D-03A6-5983-C111BE26F2BF}" = CCC Help Portuguese
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695D218A-DEF0-503B-3183-EB992A395159}" = CCC Help Norwegian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{78D56726-B120-D93F-A426-279C95001F08}" = CCC Help Finnish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{818FA1BB-A0A9-F553-D9C7-125C541F3A3A}" = CCC Help Italian
"{85F17E74-2F25-46CD-ABE3-D524DEB0AAA2}" = MessageViewer Lite
"{888C03E4-58E6-046B-E380-F6CB1972C398}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9060F116-D570-7033-4B42-DB0E5119DDA0}" = CCC Help Swedish
"{924AED21-D45C-3486-FE09-7DD182B35AA0}" = Catalyst Control Center Graphics Previews Common
"{929B1DC7-1201-2305-0182-6CC7655AF596}" = CCC Help English
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99F8C520-B782-6C15-DBB7-91061BA752C5}" = CCC Help Polish
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7F702F8-B4AD-3EF4-5B4D-C1BB0DF9DBB6}" = CCC Help Hungarian
"{A8443959-7C6F-3ED4-7BB5-DA0E0F85B9BA}" = ccc-core-static
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AD54E087-C6D2-3439-0993-3061CE6C10F1}" = Catalyst Control Center Graphics Previews Vista
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3C9A765-F917-6C92-A32B-607751AF4C2B}" = CCC Help Turkish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D616F4D0-6668-5E48-B8DB-5C7382410E75}" = CCC Help German
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E747B6FB-0EED-4D06-26B0-E9D44678DFC2}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB6467CC-73B3-9ABE-7D9D-EA41EC4AEB92}" = CCC Help Danish
"{FC4464DB-66BB-44A7-6AF4-39857EBC393B}" = CCC Help Korean
"{FE951E3B-2001-C965-4D43-42CBBF914515}" = CCC Help Chinese Traditional
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Caesar 3" = Caesar 3
"Dell Dock" = Dell Dock
"ElsterFormular 11.1.3.3887" = ElsterFormular
"Exterminate It!" = Exterminate It!
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder PMP Edition" = MediaCoder PMP Edition
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MSC" = McAfee Security Center
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"Uninstall_is1" = Uninstall 1.0.0.1
"Urban Terror_is1" = Urban Terror 4.1
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AntiVirus_AntiSpyware_2011" = AntiVirus_AntiSpyware_2011
"MessageViewer Pro" = MessageViewer Pro 3.1.5
"QIP Infium" = QIP Infium 3.0.9040
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.04.2011 06:45:45 | Computer Name = PCJanAlexander | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 28.04.2011 08:26:45 | Computer Name = PCJanAlexander | Source = VSS | ID = 8194
Description = 
 
Error - 29.04.2011 21:06:45 | Computer Name = PCJanAlexander | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.04.2011 21:07:34 | Computer Name = PCJanAlexander | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 29.04.2011 21:33:39 | Computer Name = PCJanAlexander | Source = VSS | ID = 8194
Description = 
 
Error - 30.04.2011 05:38:51 | Computer Name = PCJanAlexander | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\JanAlexander\Downloads\SoftonicDownloader73410.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 30.04.2011 05:38:55 | Computer Name = PCJanAlexander | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\JanAlexander\Downloads\SoftonicDownloader_fuer_7-zip.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 30.04.2011 05:38:59 | Computer Name = PCJanAlexander | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\JanAlexander\Downloads\SoftonicDownloader_fuer_7-zip(2).exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 01.05.2011 03:39:19 | Computer Name = PCJanAlexander | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.05.2011 03:40:12 | Computer Name = PCJanAlexander | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
[ Dell Events ]
Error - 17.10.2010 16:15:34 | Computer Name = PCJanAlexander | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 17.10.2010 16:15:34 | Computer Name = PCJanAlexander | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 14.11.2010 08:32:23 | Computer Name = PCJanAlexander | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 14.11.2010 08:32:23 | Computer Name = PCJanAlexander | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 20.12.2010 12:18:06 | Computer Name = PCJanAlexander | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 20.12.2010 12:18:06 | Computer Name = PCJanAlexander | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 12.03.2011 09:20:30 | Computer Name = PCJanAlexander | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 12.03.2011 09:20:30 | Computer Name = PCJanAlexander | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 24.04.2011 03:31:45 | Computer Name = PCJanAlexander | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 03.05.2011 13:40:14 | Computer Name = PCJanAlexander | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 05.05.2011 01:39:26 | Computer Name = PCJanAlexander | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 05.05.2011 01:39:26 | Computer Name = PCJanAlexander | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 07.05.2011 17:19:38 | Computer Name = PCJanAlexander | Source = DCOM | ID = 10010
Description = 
 
Error - 08.05.2011 04:40:15 | Computer Name = PCJanAlexander | Source = Service Control Manager | ID = 7034
Description = Dienst "Dock Login Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.05.2011 04:53:36 | Computer Name = PCJanAlexander | Source = Service Control Manager | ID = 7034
Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 08.05.2011 04:53:37 | Computer Name = PCJanAlexander | Source = Service Control Manager | ID = 7034
Description = Dienst "SeaPort" wurde unerwartet beendet. Dies ist bereits 1 Mal 
passiert.
 
Error - 08.05.2011 04:53:38 | Computer Name = PCJanAlexander | Source = Service Control Manager | ID = 7034
Description = Dienst "SoftThinks Agent Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 08.05.2011 04:53:38 | Computer Name = PCJanAlexander | Source = Service Control Manager | ID = 7034
Description = Dienst "Application Virtualization Service Agent" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
Error - 08.05.2011 04:53:43 | Computer Name = PCJanAlexander | Source = Service Control Manager | ID = 7034
Description = Dienst "Application Virtualization Client" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >
         
--- --- ---


Danke schonmal, Alex
__________________

Alt 08.05.2011, 14:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 Anti-Virus 2011 und Windows Recovery - Standard

Win7 Anti-Virus 2011 und Windows Recovery



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [appcfgHelper] C:\Users\JanAlexander\AppData\Local\SysMobilent5\appcfgHelper.dll ()
[2011.05.07 21:56:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{87A5AD01-DF07-4BB5-8F91-B6CF924DBE56}
[2011.04.28 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\7048468
[2011.05.07 23:18:56 | 000,010,946 | -HS- | M] () -- C:\Users\***\AppData\Local\ch156lu6hg54h06t31awj4
[2011.05.07 23:18:56 | 000,010,946 | -HS- | M] () -- C:\ProgramData\ch156lu6hg54h06t31awj4
[2011.05.07 21:58:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~44293880
[2011.05.07 21:56:36 | 000,000,120 | ---- | M] () -- C:\Users\***\AppData\Local\Lmizuvubo.dat
[2011.05.07 21:56:36 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\Clirazayujupili.bin
[2011.05.07 21:54:12 | 000,000,000 | ---- | M] () -- C:\Users\***\2gweorjqjutp92vjy9gake
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Win7 Anti-Virus 2011 und Windows Recovery
anleitung, beschädigt, bleibe, computer, desktop, dickes, einzige, englisch, festplatte, festplatte beschädigt, firefox, gelöscht, laufen, leute, platte, recover, recovery, schonmal, schwarz, seite, seiten, sichtbar, unsichtbar, warnungen, win, win7, windows




Ähnliche Themen: Win7 Anti-Virus 2011 und Windows Recovery


  1. GVU-Virus Win7, Farbar Recovery Scan Tool
    Log-Analyse und Auswertung - 04.01.2015 (15)
  2. win7: Kasperski Web-Anti-Virus blockt: obession.co.ua/loader/loadit.exe
    Log-Analyse und Auswertung - 24.08.2014 (1)
  3. Win7: Nach Anti-Malware Scan beim Herunterfahren, Absturz. Virus?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (9)
  4. Nach fehlerhaften Recovery Versuch startet Windows nicht mehr [WIN7]
    Alles rund um Windows - 03.02.2012 (3)
  5. Anti-Virus Test: Top 10 / Dezember 2011
    Antiviren-, Firewall- und andere Schutzprogramme - 03.01.2012 (1)
  6. Anti-Virus Free Edition 2011 - Findet Virus namens Hacktool.QXO
    Mülltonne - 11.11.2011 (0)
  7. win 7 Anti-Spyware 2011
    Alles rund um Windows - 19.08.2011 (1)
  8. Vista Anti-Virus 2011 und setup
    Plagegeister aller Art und deren Bekämpfung - 08.06.2011 (18)
  9. WIN7 Internet Security 2011 VIRUS! Vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (5)
  10. Vista Anti-Spyware 2011. Komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2011 (5)
  11. Windows Recovery Virus
    Antiviren-, Firewall- und andere Schutzprogramme - 06.05.2011 (1)
  12. Windows recovery virus
    Log-Analyse und Auswertung - 06.05.2011 (2)
  13. Windows Recovery Virus LOG
    Log-Analyse und Auswertung - 05.05.2011 (1)
  14. win7 anti-spyware 2011 - Logfiles nach Löschen mit OTH&Malwarebytes
    Log-Analyse und Auswertung - 25.04.2011 (1)
  15. Anti Virus Anti Spyware 2011 - Nach der Anleitung von AdminBot / DaGuRu gelöscht
    Log-Analyse und Auswertung - 03.04.2011 (1)
  16. XP Anti-Spyware 2011, Vista Security 2011, Win 7 Internet Security 2011 entfernen
    Anleitungen, FAQs & Links - 18.02.2011 (2)
  17. Kaspersky Anti-Virus 2011 konnte nicht installiert werden(fataler Fehler, Virus?)
    Antiviren-, Firewall- und andere Schutzprogramme - 15.10.2010 (1)

Zum Thema Win7 Anti-Virus 2011 und Windows Recovery - Hey Leute, Habe grade auf meinem PC (Win7) ein dickes Problem. Und zwar haben sich bei mir sowohl Win7 Anti-Virus 2011 als auch Windows Recovery eingenistet. Es erscheinen dauernd Fake-Meldungen, - Win7 Anti-Virus 2011 und Windows Recovery...
Archiv
Du betrachtest: Win7 Anti-Virus 2011 und Windows Recovery auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.