Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   C:\WINDOWS\system32 Ordner öffnet sich automatisch beim Starten (https://www.trojaner-board.de/131477-c-windows-system32-ordner-oeffnet-automatisch-beim-starten.html)

oguzhan002 24.02.2013 15:08
C:\WINDOWS\system32 Ordner öffnet sich automatisch beim Starten
 
Hallo Community

Aufgrund wegen Trojaner am Pc musste ich mein Lappy vor 1 Tag formatieren.
Habe formatiert und wieder Pc neu aufgesetzt.


Nun habe ich gestern all die Dinge die ich gebraucht habe installiert manchmal gab es Probleme da ich Standartbenutzer bin.

Seitdem ich irgendein Programm falsch/nicht erfolgreich Installiert habe, wird bei mir automatisch system32 Ordner geöffnet.



Habe mit HijackThis gescannt und habe interesante Probleme gefunden.



Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:56:47, on 24.02.2013
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\oguzhan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\oguzhan\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AVMUSBFernanschluss] "C:\Users\oguzhan\AppData\Local\Apps\2.0\E3E0GG4D.3NP\DJLKRBJ3.ETX\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe"
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\oguzhan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13088 bytes

Hoffentlich wird dieser Problem da drinnen liegen.

t'john 25.02.2013 16:29
:hallo:

Hijackthis ist Geschichte und ist fuer Win 7 ungeeignet.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




dann:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

oguzhan002 25.02.2013 22:05
Hallo John

ich habe bereits Malwarebyte aufm Pc ich habe gescannt aber keine infizierte Objekte gefunden.


OTL LOGFILE und Extras
sind Angehängt weil die beiden über 240k Zeichen hatten.

:pfeiff:

t'john 26.02.2013 12:49
Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
:OTL

FF - prefs.js..browser.search.selectedEngine: "Delta Search"
CHR - homepage: http://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=fcb735780000000000000017c4ca868c
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
[2013.02.19 14:16:30 | 000,000,020 | ---- | M] () -- C:\Windows\dú¾

:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\*****\*.tmp
C:\Users\*****\AppData\*.dll
C:\Users\*****\AppData\*.exe
C:\Users\*****\AppData\Local\Temp\*.exe
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

oguzhan002 26.02.2013 20:08
Bei OTL ist ein Fehler rausgekommen

Es ist ein kritischer Fehler ausgetreten.
Das Pc wird in wenige Minuten heruntergefahren.
Bitte sichern Sie ihre Daten.

Dann habe ich neugestartet dann kam diese OTL Text die ich in CODE eingeblendet hab.

OTL

Code:
Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Mbam
Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: ACER-PC [administrator]

26.02.2013 19:16:44
mbar-log-2013-02-26 (19-16-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30961
Time elapsed: 42 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
AdwCleaner[S2]

Code:
# AdwCleaner v2.113 - Datei am 26/02/2013 um 19:48:53 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : oguzhan - ACER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\oguzhan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\oguzhan\AppData\Roaming\Mozilla\Firefox\Profiles\5eqsuz0o.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.97

Datei : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\oguzhan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.1990] : homepage = "hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=fcb7357800000000000000[...]
Gelöscht [l.2215] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId[...]

*************************

AdwCleaner[R1].txt - [8052 octets] - [25/02/2013 12:31:02]
AdwCleaner[R2].txt - [1492 octets] - [26/02/2013 19:40:55]
AdwCleaner[S1].txt - [8026 octets] - [25/02/2013 12:32:24]
AdwCleaner[S2].txt - [1387 octets] - [26/02/2013 19:48:53]

########## EOF - C:\AdwCleaner[S2].txt - [1447 octets] ##########
Ich hab noch Scan mit dds+ gemacht

hier die LOGS

attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:DDS Logfile:DDS Logfile:

Code:
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19.02.2013 13:35:17
System Uptime: 26.02.2013 20:16:35 (0 hours ago)
.
Motherboard: Acer            |  | JV50                         
Processor: Pentium(R) Dual-Core CPU      T4400  @ 2.20GHz | U2E1 | 1584/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 403,429 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP32: 25.02.2013 00:55:00 - Windows 7 Service Pack 1
RP33: 25.02.2013 04:38:12 - Windows Update
RP34: 25.02.2013 13:33:58 - Windows Update
RP35: 25.02.2013 21:19:05 - Windows Update
RP36: 26.02.2013 13:08:55 - Windows Update
.
==== Installed Programs ======================
.
Acer Arcade Deluxe
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.184.610
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Adobe Shockwave Player 12.0
Amazonia
Any Video Converter 5 5.0.3
Avira Free Antivirus
Backup Manager Basic
Broadcom Gigabit NetLink Controller
Cake Mania
CCleaner
Cheat Engine 6.2
Chicken Invaders 2
Compatibility Pack für 2007 Office System
CVBot - DEVIL 1.11 - V3
D3DX10
DAEMON Tools Lite
Dairy Dash
DivX-Setup
Dream Day First Home
eBay Worldwide
eSobi v2
Farm Frenzy 2
Fotogalerie
FRITZ!Box USB-Fernanschluss
Galapago
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
HP Deskjet 3050 J610 series Hilfe
HP Update
Identity Card
JDownloader 0.9
Junk Mail filter update
Launch Manager
LogMeIn Hamachi
LSI HDA Modem
Malwarebytes Anti-Malware Version 1.70.0.1100
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 DEU Language Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Help Viewer 1.1 Language Pack - DEU
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Language Pack 2007 - German/Deutsch
Microsoft Office Live Add-in 1.5
Microsoft Office O MUI (German) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office X MUI (German) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server Compact 3.5 SP2 DEU
Microsoft SQL Server Compact 3.5 SP2 x64 DEU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2010 Express - DEU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
Microsoft Works
Movie Maker
Mozilla Firefox 19.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA PhysX
Photo Common
Photo Gallery
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit)
Shredder
Skype™ 6.2
Spin & Win
Sql Server Customer Experience Improvement Program
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
swMSM
Synaptics Pointing Device Driver
Ulead PhotoImpact 10 ESD
Unterstützungsdateien für Microsoft SQL Server 2008-Setup
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
VLC media player 2.0.5
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-Bit)
.
==== End Of File ===========================
dds.txt

Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by ****** at 20:37:25 on 2013-02-26
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4091.2295 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\******\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SkyDrive] "C:\Users\******\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AVMUSBFernanschluss] "C:\Users\******\AppData\Local\Apps\2.0\E3E0GG4D.3NP\DJLKRBJ3.ETX\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe"
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{21B2F7AE-3860-4B18-B919-1E1847B3D04E} : DHCPNameServer = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5eqsuz0o.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
FF - ExtSQL: 2013-02-22 19:37; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-02-25 20:29; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-2-22 27800]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-22 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-22 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-2-22 99912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2013-2-19 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-25 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-25 682344]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-9 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-10 243232]
R3 avmaura;AVM USB-Fernanschluss;C:\Windows\System32\drivers\avmaura.sys [2013-2-22 116480]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-24 283200]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-25 24176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-24 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-21 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 Yontoo Desktop Updater;Yontoo Desktop Updater;"C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\******\AppData\Roaming\Yontoo\YontooDesktop.exe" --> C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [?]
.
=============== Created Last 30 ================
.
2013-02-26 17:24:21    --------    d-----w-    C:\_OTL
2013-02-26 12:30:50    --------    d-----w-    C:\Users\******\AppData\Roaming\QuickScan
2013-02-26 12:07:47    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2013-02-26 12:07:47    366592    ----a-w-    C:\Windows\System32\qdvd.dll
2013-02-26 12:07:44    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-02-26 12:07:44    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-02-26 12:07:43    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-02-26 12:07:43    154480    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-02-26 12:07:42    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-02-26 12:07:42    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-02-26 12:07:42    1448448    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-02-26 12:07:40    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-02-26 12:07:39    41472    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys
2013-02-26 12:05:50    245760    ----a-w-    C:\Windows\System32\OxpsConverter.exe
2013-02-26 12:05:42    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2013-02-25 21:45:14    --------    d-----w-    C:\Program Files (x86)\Cheat Engine 6.2
2013-02-25 20:23:35    --------    d-----w-    C:\Windows\System32\SPReview
2013-02-25 20:17:50    --------    d-----w-    C:\bcca0ba609e9c6cee797cd8fd3
2013-02-25 20:01:55    --------    d-----w-    C:\Users\******\AppData\Roaming\Malwarebytes
2013-02-25 20:01:11    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-02-25 20:01:04    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-02-25 20:01:04    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-25 19:27:31    --------    d-----w-    C:\Program Files (x86)\PC Tools
2013-02-25 19:26:36    --------    d-----w-    C:\Program Files (x86)\CVBot - DEVIL 1.11 - V3
2013-02-25 19:23:29    253256    ----a-w-    C:\Windows\System32\drivers\PCTSD64.sys
2013-02-25 19:23:29    --------    d-----w-    C:\Program Files (x86)\Common Files\PC Tools
2013-02-25 19:23:07    --------    d-----w-    C:\ProgramData\PC Tools
2013-02-25 19:23:06    --------    d-----w-    C:\Users\******\AppData\Roaming\TestApp
2013-02-25 00:25:53    --------    d-----w-    C:\ProgramData\VS
2013-02-24 23:54:29    --------    d-----w-    C:\Windows\System32\EventProviders
2013-02-24 23:51:37    73064    ----a-w-    C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-02-24 23:51:37    109416    ----a-w-    C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-02-24 23:51:37    105832    ----a-w-    C:\Windows\System32\SQSRVRES.DLL
2013-02-24 23:38:29    902656    ----a-w-    C:\Windows\System32\d2d1.dll
2013-02-24 23:38:29    739840    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-02-24 23:38:29    1139200    ----a-w-    C:\Windows\System32\FntCache.dll
2013-02-24 21:57:13    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 21:57:13    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 18:36:45    --------    d-----w-    C:\Windows\de
2013-02-24 18:33:02    57280    ----a-w-    C:\Windows\System32\drivers\fssfltr.sys
2013-02-24 18:18:09    89944    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\49e6bab51ce12bb07\DSETUP.dll
2013-02-24 18:18:09    537432    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\49e6bab51ce12bb07\DXSETUP.exe
2013-02-24 18:18:09    1801048    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\49e6bab51ce12bb07\dsetup32.dll
2013-02-24 18:17:58    89944    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\4332eed51ce12bb05\DSETUP.dll
2013-02-24 18:17:58    537432    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\4332eed51ce12bb05\DXSETUP.exe
2013-02-24 18:17:58    1801048    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\4332eed51ce12bb05\dsetup32.dll
2013-02-24 18:17:51    5563840    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\3e5b8b0f1ce12bb04\skydrivesetup.exe
2013-02-24 18:17:43    94040    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\36c460bc1ce12bb03\DSETUP.dll
2013-02-24 18:17:43    525656    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\36c460bc1ce12bb03\DXSETUP.exe
2013-02-24 18:17:43    1691480    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\36c460bc1ce12bb03\dsetup32.dll
2013-02-24 17:05:19    --------    d-----w-    C:\Program Files (x86)\Common Files\Ulead Systems
2013-02-24 17:05:18    282624    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2013-02-24 17:04:45    --------    d-----w-    C:\Program Files (x86)\Ulead Systems
2013-02-24 17:03:34    692224    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-02-24 17:03:34    57344    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-02-24 17:03:34    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-02-24 17:03:34    237568    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-02-24 17:03:34    155648    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-02-24 17:03:29    282756    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-02-24 17:03:29    163972    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-02-24 16:52:08    48976    ----a-w-    C:\Windows\System32\netfxperf.dll
2013-02-24 16:52:08    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2013-02-24 16:52:00    1130824    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2013-02-24 16:50:59    577536    ----a-w-    C:\Windows\System32\WSDApi.dll
2013-02-24 16:48:59    93184    ----a-w-    C:\Program Files\Windows Mail\oeimport.dll
2013-02-24 16:47:55    606208    ----a-w-    C:\Windows\SysWow64\wbem\fastprox.dll
2013-02-24 16:47:55    363008    ----a-w-    C:\Windows\SysWow64\wbemcomn.dll
2013-02-24 16:47:55    189952    ----a-w-    C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2013-02-24 16:44:07    244736    ----a-w-    C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-02-24 16:44:06    529408    ----a-w-    C:\Windows\System32\wbemcomn.dll
2013-02-24 16:43:50    244736    ----a-w-    C:\Windows\System32\sqmapi.dll
2013-02-24 15:21:57    2565632    ----a-w-    C:\Windows\System32\esent.dll
2013-02-24 15:21:57    1699328    ----a-w-    C:\Windows\SysWow64\esent.dll
2013-02-24 15:21:56    166272    ----a-w-    C:\Windows\System32\drivers\nvstor.sys
2013-02-24 15:21:55    148352    ----a-w-    C:\Windows\System32\drivers\nvraid.sys
2013-02-24 15:21:55    107904    ----a-w-    C:\Windows\System32\drivers\amdsata.sys
2013-02-24 15:21:54    410496    ----a-w-    C:\Windows\System32\drivers\iaStorV.sys
2013-02-24 15:21:54    27008    ----a-w-    C:\Windows\System32\drivers\amdxata.sys
2013-02-24 15:21:54    189824    ----a-w-    C:\Windows\System32\drivers\storport.sys
2013-02-24 15:21:53    96768    ----a-w-    C:\Windows\System32\fsutil.exe
2013-02-24 15:21:53    74240    ----a-w-    C:\Windows\SysWow64\fsutil.exe
2013-02-24 15:10:27    98816    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-02-24 15:10:27    7936    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-02-24 15:10:27    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-02-24 15:10:27    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-02-24 15:10:27    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-02-24 15:10:27    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-02-24 15:10:27    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-02-24 15:02:17    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2013-02-24 13:23:43    --------    d-----w-    C:\Windows\SysWow64\wbem\en-US
2013-02-24 13:23:28    --------    d-----w-    C:\Windows\System32\wbem\en-US
2013-02-24 06:08:07    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-02-24 06:08:07    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-02-24 06:08:07    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-02-24 06:08:07    2560    ----a-w-    C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2013-02-24 05:44:45    294912    ----a-w-    C:\Windows\System32\browserchoice.exe
2013-02-24 04:57:22    --------    d-----w-    C:\Users\******\AppData\Local\Microsoft Help
2013-02-24 04:17:34    --------    d--h--w-    C:\MyWinLockerData
2013-02-24 01:49:29    --------    d-----w-    C:\Users\******\AppData\Local\Diagnostics
2013-02-24 01:44:27    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-02-24 01:44:22    --------    d-----w-    C:\Users\******\AppData\Roaming\DAEMON Tools Lite
2013-02-24 01:44:20    --------    d-----w-    C:\Program Files (x86)\DAEMON Tools Lite
2013-02-24 01:43:27    --------    d-----w-    C:\ProgramData\DAEMON Tools Lite
2013-02-24 01:40:03    --------    d-----w-    C:\Users\******\AppData\Roaming\DAEMON Tools USB
2013-02-24 01:39:01    --------    d-----w-    C:\ProgramData\DAEMON Tools USB
2013-02-23 19:30:23    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
2013-02-23 19:30:23    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
2013-02-23 18:35:29    --------    d-----w-    C:\Windows\Multihack .United
2013-02-23 15:50:46    --------    d-----w-    C:\ProgramData\NtiDvdCopy
2013-02-23 13:00:55    --------    d--h--w-    C:\SkyDriveTemp
2013-02-23 12:59:57    --------    d-----w-    C:\Program Files (x86)\Microsoft SkyDrive
2013-02-23 12:59:56    --------    d-----r-    C:\Users\******\SkyDrive
2013-02-23 12:59:30    --------    d-----w-    C:\ProgramData\Microsoft SkyDrive
2013-02-23 11:37:33    78872    ----a-w-    C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-02-23 11:37:33    50200    ----a-w-    C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-02-23 11:36:05    --------    d-----w-    C:\Windows\System32\RsFx
2013-02-23 11:34:29    --------    d-----w-    C:\Windows\SysWow64\1033
2013-02-23 11:34:29    --------    d-----w-    C:\Windows\SysWow64\1031
2013-02-23 11:34:29    --------    d-----w-    C:\Windows\System32\1033
2013-02-23 11:34:29    --------    d-----w-    C:\Windows\System32\1031
2013-02-23 11:30:17    --------    d-----w-    C:\Program Files\Microsoft SQL Server
2013-02-23 11:25:58    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server
2013-02-23 11:25:37    --------    d-----w-    C:\Program Files\Microsoft Synchronization Services
2013-02-23 11:25:37    --------    d-----w-    C:\Program Files\Microsoft SQL Server Compact Edition
2013-02-23 11:25:24    --------    d-----w-    C:\Program Files (x86)\Microsoft Synchronization Services
2013-02-23 11:24:35    207008    ----a-w-    C:\ProgramData\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2013-02-23 11:22:41    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-02-23 00:38:29    --------    d-----w-    C:\Windows\SysWow64\searchplugins
2013-02-23 00:38:29    --------    d-----w-    C:\Windows\SysWow64\Extensions
2013-02-23 00:00:27    1659760    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-02-23 00:00:23    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-02-23 00:00:21    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-23 00:00:21    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-02-23 00:00:01    492032    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-02-23 00:00:00    750592    ----a-w-    C:\Windows\System32\win32spl.dll
2013-02-22 23:58:49    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-02-22 23:58:49    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-02-22 23:56:39    961024    ----a-w-    C:\Windows\System32\CPFilters.dll
2013-02-22 23:56:38    642048    ----a-w-    C:\Windows\SysWow64\CPFilters.dll
2013-02-22 23:56:38    259072    ----a-w-    C:\Windows\System32\mpg2splt.ax
2013-02-22 23:56:38    1118720    ----a-w-    C:\Windows\System32\sbe.dll
2013-02-22 23:56:37    850944    ----a-w-    C:\Windows\SysWow64\sbe.dll
2013-02-22 23:56:37    199680    ----a-w-    C:\Windows\SysWow64\mpg2splt.ax
2013-02-22 23:56:17    1328128    ----a-w-    C:\Windows\SysWow64\quartz.dll
2013-02-22 23:56:16    1572864    ----a-w-    C:\Windows\System32\quartz.dll
2013-02-22 23:53:35    288768    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2013-02-22 23:53:35    158208    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2013-02-22 23:53:35    128000    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2013-02-22 23:53:31    395776    ----a-w-    C:\Windows\System32\webio.dll
2013-02-22 23:53:30    314880    ----a-w-    C:\Windows\SysWow64\webio.dll
2013-02-22 23:53:24    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-02-22 23:52:24    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-02-22 23:52:19    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2013-02-22 23:52:19    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
2013-02-22 23:52:17    476160    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-02-22 23:52:17    288256    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-02-22 23:51:29    870912    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-02-22 23:51:29    1465344    ----a-w-    C:\Windows\System32\XpsPrint.dll
2013-02-22 23:51:04    1359872    ----a-w-    C:\Windows\System32\mfc42u.dll
2013-02-22 23:51:03    1395712    ----a-w-    C:\Windows\System32\mfc42.dll
2013-02-22 23:51:03    1164288    ----a-w-    C:\Windows\SysWow64\mfc42u.dll
2013-02-22 23:51:03    1137664    ----a-w-    C:\Windows\SysWow64\mfc42.dll
2013-02-22 23:50:57    574464    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-02-22 23:50:56    490496    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-02-22 23:50:47    9216    ----a-w-    C:\Windows\System32\rdrmemptylst.exe
2013-02-22 23:50:47    77312    ----a-w-    C:\Windows\System32\rdpwsx.dll
2013-02-22 23:50:47    149504    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2013-02-22 23:50:42    95600    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-02-22 23:50:42    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2013-02-22 23:50:41    31232    ----a-w-    C:\Windows\System32\lsass.exe
2013-02-22 23:50:41    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-02-22 23:50:41    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-02-22 23:44:59    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-02-22 23:44:58    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2013-02-22 23:44:58    3072    ----a-w-    C:\Windows\System32\dpnaddr.dll
2013-02-22 23:44:58    2560    ----a-w-    C:\Windows\SysWow64\dpnaddr.dll
2013-02-22 23:44:55    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-02-22 23:44:55    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-02-22 23:44:51    220160    ----a-w-    C:\Windows\System32\wintrust.dll
2013-02-22 23:44:51    172544    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-02-22 23:42:48    46592    ----a-w-    C:\Windows\SysWow64\fpb.rs
2013-02-22 23:41:09    613888    ----a-w-    C:\Windows\System32\psisdecd.dll
2013-02-22 23:41:09    288256    ----a-w-    C:\Windows\System32\MSNP.ax
2013-02-22 23:41:09    108032    ----a-w-    C:\Windows\System32\psisrndr.ax
2013-02-22 23:41:08    75776    ----a-w-    C:\Windows\SysWow64\psisrndr.ax
2013-02-22 23:41:08    72704    ----a-w-    C:\Windows\SysWow64\Mpeg2Data.ax
2013-02-22 23:41:08    465408    ----a-w-    C:\Windows\SysWow64\psisdecd.dll
2013-02-22 23:41:08    204288    ----a-w-    C:\Windows\SysWow64\MSNP.ax
2013-02-22 23:41:08    104960    ----a-w-    C:\Windows\System32\Mpeg2Data.ax
2013-02-22 23:41:07    75776    ----a-w-    C:\Windows\System32\MSDvbNP.ax
2013-02-22 23:41:07    59904    ----a-w-    C:\Windows\SysWow64\MSDvbNP.ax
2013-02-22 23:40:47    210944    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2013-02-22 23:39:11    498688    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-02-22 23:39:09    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-02-22 23:39:07    715776    ----a-w-    C:\Windows\System32\kerberos.dll
2013-02-22 23:39:07    542208    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2013-02-22 23:39:04    3216384    ----a-w-    C:\Windows\System32\msi.dll
2013-02-22 23:39:04    2342400    ----a-w-    C:\Windows\SysWow64\msi.dll
2013-02-22 23:34:59    95744    ----a-w-    C:\Windows\System32\synceng.dll
2013-02-22 23:34:59    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2013-02-22 23:34:55    642944    ----a-w-    C:\Windows\System32\winload.efi
2013-02-22 23:34:55    605552    ----a-w-    C:\Windows\System32\winload.exe
2013-02-22 23:34:55    566208    ----a-w-    C:\Windows\System32\winresume.efi
2013-02-22 23:34:55    518672    ----a-w-    C:\Windows\System32\winresume.exe
2013-02-22 23:34:53    20352    ----a-w-    C:\Windows\System32\kdusb.dll
2013-02-22 23:34:53    19328    ----a-w-    C:\Windows\System32\kd1394.dll
2013-02-22 23:34:52    63488    ----a-w-    C:\Windows\System32\setbcdlocale.dll
2013-02-22 23:34:52    17792    ----a-w-    C:\Windows\System32\kdcom.dll
2013-02-22 23:32:57    503808    ----a-w-    C:\Windows\System32\srcore.dll
2013-02-22 23:31:53    2164224    ----a-w-    C:\Program Files\Windows Journal\Journal.exe
2013-02-22 23:30:38    67072    ----a-w-    C:\Windows\splwow64.exe
2013-02-22 23:30:38    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-02-22 23:28:54    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-02-22 23:28:53    1159680    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-02-22 23:28:52    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-02-22 23:28:52    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-02-22 23:28:52    140288    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-02-22 23:28:52    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-02-22 23:24:06    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-02-22 23:24:06    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-02-22 23:24:06    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-02-22 23:24:06    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-02-22 23:24:06    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-02-22 23:24:05    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-02-22 23:22:59    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-02-22 23:22:59    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-02-22 23:22:57    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-02-22 23:22:57    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-02-22 23:22:55    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-02-22 23:22:55    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-02-22 23:22:55    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-02-22 23:03:51    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-02-22 23:03:51    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-02-22 23:03:51    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-02-22 23:03:49    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-02-22 23:03:49    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-02-22 22:30:59    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-02-22 22:30:59    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-02-22 22:26:41    --------    d-----r-    C:\Program Files (x86)\Skype
2013-02-22 22:20:51    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-02-22 22:20:51    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-02-22 22:20:51    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-02-22 22:14:51    --------    d-----w-    C:\Users\******\AppData\Roaming\AnvSoft
2013-02-22 22:14:15    --------    d-----w-    C:\Program Files (x86)\AnvSoft
2013-02-22 22:14:00    --------    d-----w-    C:\Users\******\AppData\Local\Programs
2013-02-22 22:07:53    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-02-22 22:04:33    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-02-22 22:04:07    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-02-22 22:03:50    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-02-22 22:03:50    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-02-22 21:57:40    --------    d-----w-    C:\Users\******\AppData\Roaming\Avira
2013-02-22 21:51:10    --------    d-----w-    C:\Program Files (x86)\JDownloader
2013-02-22 21:50:02    99912    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-02-22 21:50:02    27800    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-02-22 21:49:54    --------    d-----w-    C:\ProgramData\Avira
2013-02-22 21:49:54    --------    d-----w-    C:\Program Files (x86)\Avira
2013-02-22 21:40:57    --------    d-----w-    C:\Users\******\AppData\Roaming\HpUpdate
2013-02-22 21:40:07    361320    ------w-    C:\Windows\System32\HPDiscoPM9311.dll
2013-02-22 21:39:37    --------    d-----w-    C:\Program Files (x86)\HP
2013-02-22 21:39:06    --------    d-----w-    C:\Program Files\HP
2013-02-22 21:38:33    --------    d-----w-    C:\Users\******\AppData\Local\HP
2013-02-22 21:31:00    116480    ----a-w-    C:\Windows\System32\drivers\avmaura.sys
2013-02-22 21:23:50    --------    d-----w-    C:\Program Files\Microsoft Visual Studio 10.0
2013-02-22 21:23:50    --------    d-----w-    C:\Program Files\Microsoft Help Viewer
2013-02-22 21:16:07    33856    ---ha-w-    C:\Windows\System32\hamachi.sys
2013-02-22 21:15:40    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
2013-02-22 19:55:50    556032    ----a-w-    C:\VS_EXPBSLN_x64_deu.MSI
2013-02-22 19:45:58    2475352    ----a-w-    C:\Windows\System32\D3DX9_42.dll
2013-02-22 19:39:21    --------    d-----w-    C:\Users\******\AppData\Local\LogMeIn Hamachi
2013-02-22 19:36:29    --------    d--h--w-    C:\Windows\msdownld.tmp
2013-02-22 19:36:22    --------    d-----w-    C:\Windows\SysWow64\directx
2013-02-22 19:21:02    --------    d-----w-    C:\Users\******\AppData\Local\Apps
2013-02-22 19:21:01    --------    d-----w-    C:\Users\******\AppData\Local\Deployment
2013-02-22 18:43:29    9162192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00A3CE6F-3374-443D-B2B8-65F57D97765D}\mpengine.dll
2013-02-22 18:43:27    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-02-22 18:35:52    --------    d-----w-    C:\Program Files\DivX
2013-02-22 18:35:17    --------    d-----w-    C:\Program Files (x86)\Common Files\DivX Shared
2013-02-22 18:34:30    --------    d-----w-    C:\Program Files (x86)\DivX
2013-02-22 18:32:06    --------    d-----w-    C:\ProgramData\DivX
2013-02-22 18:24:50    --------    d-----w-    C:\Program Files\CCleaner
2013-02-22 18:19:34    --------    d-----w-    C:\Users\******\AppData\Local\Macromedia
2013-02-22 18:18:41    71024    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-22 18:18:41    691568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-22 18:02:27    --------    d-----w-    C:\Windows\SysWow64\Adobe
2013-02-22 17:53:24    --------    d-----w-    C:\Users\******\AppData\Local\Mozilla
2013-02-22 17:45:51    --------    d-----w-    C:\Users\******\AppData\Local\Google
2013-02-19 20:44:27    --------    d-----w-    C:\Windows\de-DE
2013-02-19 20:44:25    --------    d-----w-    C:\Windows\SysWow64\XPSViewer
2013-02-19 20:44:25    --------    d-----w-    C:\Windows\SysWow64\wbem\de-DE
2013-02-19 20:44:25    --------    d-----w-    C:\Windows\SysWow64\drivers\UMDF\de-DE
2013-02-19 20:44:25    --------    d-----w-    C:\Windows\SysWow64\drivers\de-DE
2013-02-19 20:44:25    --------    d-----w-    C:\Windows\SysWow64\de
2013-02-19 20:44:25    --------    d-----w-    C:\Windows\SysWow64\0407
2013-02-19 20:44:24    --------    d-----w-    C:\Windows\System32\drivers\UMDF\de-DE
2013-02-19 20:44:24    --------    d-----w-    C:\Windows\System32\drivers\de-DE
2013-02-19 20:44:24    --------    d-----w-    C:\Windows\System32\0407
2013-02-19 20:44:23    --------    d-----w-    C:\Windows\System32\wbem\de-DE
2013-02-19 20:44:23    --------    d-----w-    C:\Windows\System32\de
2013-02-19 20:38:39    --------    d-----w-    C:\Windows\NAPP_Dism_Log
2013-02-19 20:23:44    84512    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-02-19 20:22:56    484128    ----a-w-    C:\Windows\WISMVIMG.EXE
2013-02-19 20:22:56    249856    ----a-w-    C:\Windows\WISI2BAT.EXE
2013-02-19 20:22:56    176928    ----a-w-    C:\Windows\PATCHFUL.EXE
2013-02-19 20:22:55    388384    ----a-w-    C:\Windows\WisGAPasx64.exe
2013-02-19 20:22:55    342560    ----a-w-    C:\Windows\ParseModule_X64.exe
2013-02-19 20:22:54    326432    ----a-w-    C:\Windows\WisGAPas.exe
2013-02-19 20:22:54    231968    ----a-w-    C:\Windows\ParseModule_X86.exe
2013-02-19 13:39:05    --------    d-----w-    C:\Program Files (x86)\OEM
2013-02-19 13:38:41    --------    d-----w-    C:\Program Files\Acer Accessory Store
2013-02-19 13:22:16    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 8
2013-02-19 13:16:29    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-02-19 13:15:26    --------    d-----w-    C:\Program Files (x86)\Microsoft
2013-02-19 13:14:20    --------    d-----w-    C:\Windows\PCHEALTH
2013-02-19 13:13:35    145952072    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc3B5B.tmp
2013-02-19 13:11:07    4398360    ----a-w-    C:\Windows\System32\d3dx9_32.dll
2013-02-19 13:11:07    3426072    ----a-w-    C:\Windows\SysWow64\d3dx9_32.dll
2013-02-19 13:07:45    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2013-02-19 12:49:50    --------    d-----w-    C:\BOOK
2013-02-19 12:48:45    --------    d-----w-    C:\Program Files\Preload
2013-02-19 12:48:16    82432    ----a-w-    C:\Windows\SysWow64\msxml4r.dll
2013-02-19 12:48:16    44544    ----a-w-    C:\Windows\SysWow64\msxml4a.dll
2013-02-19 12:47:22    77824    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-02-19 12:47:22    32768    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-02-19 12:47:22    225280    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-02-19 12:47:22    176128    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-02-19 12:47:21    610436    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-02-19 12:43:41    --------    d-----w-    C:\Program Files (x86)\Acer Arcade Deluxe
2013-02-19 12:42:32    --------    d-----w-    C:\Program Files (x86)\Launch Manager
2013-02-19 12:42:18    --------    d-----w-    C:\Program Files\Synaptics
2013-02-19 12:41:28    214400    ----a-w-    C:\Windows\SysWow64\Snpropwp.dll
2013-02-19 12:41:27    206208    ----a-w-    C:\Windows\PLFSetI.exe
2013-02-19 12:41:27    113264    ----a-w-    C:\Windows\FixUVC.exe
2013-02-19 12:39:57    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-02-19 12:39:51    7347200    ----a-w-    C:\Windows\System32\RTSUSTORicon.dll
2013-02-19 12:39:20    --------    d-----w-    C:\Program Files (x86)\Realtek
2013-02-19 12:39:04    --------    d-----w-    C:\Program Files\Broadcom
2013-02-19 12:38:46    --------    d-----w-    C:\Intel
2013-02-19 12:38:29    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2013-02-19 12:35:11    --------    d-sh--we    C:\Programme
2013-02-19 12:35:11    --------    d-sh--we    C:\ProgramData\Vorlagen
2013-02-19 12:35:11    --------    d-sh--we    C:\ProgramData\Startmenü
2013-02-19 12:35:11    --------    d-sh--we    C:\ProgramData\Favoriten
2013-02-19 12:35:11    --------    d-sh--we    C:\ProgramData\Dokumente
2013-02-19 12:35:11    --------    d-sh--we    C:\ProgramData\Anwendungsdaten
2013-02-19 12:35:11    --------    d-sh--we    C:\Program Files\Gemeinsame Dateien
2013-02-19 12:35:11    --------    d-sh--we    C:\Dokumente und Einstellungen
2013-02-19 12:35:11    --------    d-sh--w-    C:\Recovery
2013-02-19 12:30:59    --------    d-----w-    C:\Program Files\LSI SoftModem
2013-02-19 12:30:05    4239976    ----a-w-    C:\Windows\SysWow64\NVStWiz.exe
2013-02-19 12:29:00    637544    ----a-w-    C:\Windows\System32\nvuninst.exe
.
==================== Find3M  ====================
.
2013-02-25 20:43:57    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2013-02-25 20:43:55    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-02-19 20:43:35    2560    ----a-w-    C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2013-02-19 20:43:18    5632    ----a-w-    C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2013-02-19 20:43:18    2560    ----a-w-    C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2013-02-19 20:43:15    51712    ----a-w-    C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2013-02-19 20:43:11    29696    ----a-w-    C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
2013-02-19 20:43:11    16896    ----a-w-    C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:38:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:40:01,28 ===============
--- --- ---

--- --- ---

t'john 27.02.2013 12:07
Fix wiederholen und die Anleitung beachten.
Wer hat DDS angefordert?
Wenn du selbst weitermachen moechtest, koennen wir das ganze an dieser Stelle auch abbrechen.

oguzhan002 27.02.2013 13:15
Sry
Ich habe das nur gemacht , damit das Problem schnellwiemöglichst behoben wird.
Bei diese * Sternchen

:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp

Muss ich da auch meine Benutzername schreiben ?
oder nur bei 5 Sternigen.Weil ich habe 5 Sterne gemacht.

t'john 27.02.2013 15:28
Zitat:
Muss ich da auch meine Benutzername schreiben ?
oder nur bei 5 Sternigen.Weil ich habe 5 Sterne gemacht.
Nur das was du geaendert hast.

oguzhan002 28.02.2013 18:30
Ok habe es gemacht.

t'john 28.02.2013 19:11
Wo ist das Fix Log?

oguzhan002 28.02.2013 19:51
Hier 02282013_182850


Code:
All processes killed
========== OTL ==========
Prefs.js: "Delta Search" removed from browser.search.selectedEngine
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.
Unable to delete ADS C:\ProgramData\Temp:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\Temp:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\Temp:430C6D84 .
File C:\Windows\dú¾ not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\*****\*.tmp not found.
File\Folder C:\Users\*****\AppData\*.dll not found.
File\Folder C:\Users\*****\AppData\*.exe not found.
File\Folder C:\Users\*****\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*****\Downloads\cmd.bat deleted successfully.
C:\Users\*****\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Abdullah
->Temp folder emptied: 902 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Acer
->Temp folder emptied: 10374451 bytes
->Temporary Internet Files folder emptied: 435222 bytes
->Google Chrome cache emptied: 357342117 bytes
->Flash cache emptied: 434 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: *****
->Temp folder emptied: 516187 bytes
->Temporary Internet Files folder emptied: 2460818 bytes
->FireFox cache emptied: 119728820 bytes
->Google Chrome cache emptied: 287710194 bytes
->Flash cache emptied: 118994122 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118717479 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2304823214 bytes
 
Total Files Cleaned = 3.167,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02282013_182850

Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\5eqsuz0o.default\Cache\_CACHE_001_ moved successfully.
C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\5eqsuz0o.default\Cache\_CACHE_002_ moved successfully.
C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\5eqsuz0o.default\Cache\_CACHE_003_ moved successfully.
C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\5eqsuz0o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\5eqsuz0o.default\_CACHE_CLEAN_ moved successfully.
C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john 01.03.2013 12:05
Sehr gut! :daumenhoc

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

oguzhan002 04.03.2013 17:18
Bei AswMbr.exe gibt es bei mir ein Problem.Es wird immer abgebrochen keine Ahnung wieso aber es könnte mit Microsoft Visual Studio zu tun haben.


Hier ein Bild

http://s1.directupload.net/images/130304/nj5n2vtt.png




Eset log.txt

Code:
ESETSmartInstaller@High as downloader log:
all ok

chekup.txt

Code:
Results of screen317's Security Check version 0.99.59 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.70.0.1100 
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.6.602.171 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (19.0)
 Google Chrome 22.0.1229.95 
 Google Chrome 25.0.1364.97 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 ESET ESET Online Scanner OnlineScannerApp.exe 
 ESET ESET Online Scanner OnlineCmdLineScanner.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

t'john 05.03.2013 12:59
Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

oguzhan002 07.03.2013 01:51
Hier a2scan_130306-232430


Code:
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 06.03.2013 23:21:19

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        06.03.2013 23:24:30

C:\$Recycle.Bin\S-1-5-21-3529257550-3721126105-3021070178-1001\$RLFAYE4.exe        gefunden: Gen:Trojan.Heur.VP.amKfaSAFFjhi (B)
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat        gefunden: Trojan.Win32.CheatEngine.AMN (A)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\56c5810c.qua -> (Quarantine-8) -> (RAR Sfx o) -> metin2m_pl.exe        gefunden: Gen:Trojan.Heur.VP.amKfaSAFFjhi (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\59a65c88.qua -> (Quarantine-8)        gefunden: Trojan.Generic.7534787 (B)
C:\Users\*****\Desktop\*****\Privat\Metin2Mod_PL_22012013.exe -> (RAR Sfx o) -> metin2m_pl.exe        gefunden: Gen:Trojan.Heur.VP.amKfaSAFFjhi (B)
C:\Users\*****\Desktop\*****\Privat\Metin2Mod_PL_22012013.rar -> Metin2Mod_PL_22012013.exe -> (RAR Sfx o) -> metin2m_pl.exe        gefunden: Gen:Trojan.Heur.VP.amKfaSAFFjhi (B)

Gescannt        542205
Gefunden        6

Scan Ende:        07.03.2013 01:37:17
Scan Zeit:        2:12:47

C:\ProgramData\Avira\AntiVir Desktop\INFECTED\59a65c88.qua -> (Quarantine-8)        Quarantäne Trojan.Generic.7534787 (B)
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat        Quarantäne Trojan.Win32.CheatEngine.AMN (A)

Quarantäne        2



metin2mod ist nurn HackProgramm fürs Game hat kein Virus.
Habe auch in VirusTotal gesehen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:59 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131