Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Wieso ist mein Laptop so langsam beim Seitenaufbau seit kurzem? Findet ihr den Fehler? (https://www.trojaner-board.de/92321-laptop-so-langsam-beim-seitenaufbau-seit-kurzem-findet-fehler.html)

KielerJung 29.10.2010 17:33
Wieso ist mein Laptop so langsam beim Seitenaufbau seit kurzem? Findet ihr den Fehler?
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:14:31, on 29.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Bjoern\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bjoern\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6615 bytes

cosinus 31.10.2010 20:36
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

KielerJung 01.11.2010 00:29
Hallo!

Das ist echt nett, dass ich noch eine Nachricht für die weitere Vorgehensweise erhalte. Ich weiß , dass ich nicht die Forenregeln eingehalten habe. Mich hat diese Problem aber extrem gewurmt und ich hatte auf prompte Hilfe gepocht.
Habe nun wie beschrieben alles durchscannen lassen. Weitere Vorgehensweise?!

Ferndiagnose?! Leitung ist stabil. Bin ziemlich unerfahren auf dem Gebiet.:killpc:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4991

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

31.10.2010 22:40:55
mbam-log-2010-10-31 (22-40-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 294501
Laufzeit: 1 Stunde(n), 48 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

KielerJung 01.11.2010 00:44
OTL Logfile:
Code:
OTL logfile created on: 01.11.2010 00:33:18 - Run 2
OTL by OldTimer - Version 3.2.17.2    Folder = C:\Users\\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 29,54 Gb Free Space | 20,51% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 254,37 Gb Free Space | 85,33% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 122,23 Gb Free Space | 87,00% Space Free | Partition Type: NTFS
Drive G: | 7,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 982,13 Mb Total Space | 691,61 Mb Free Space | 70,42% Space Free | Partition Type: FAT
 
Computer Name:  | User Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Avira\AntiVir Desktop\update.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (9D067D11) -- C:\Windows\System32\9D067D11.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (IGBASVC) -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.1.1:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.ftp: "172.16.1.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "172.16.1.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "172.16.1.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks: "172.16.1.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.16.1.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.05.20 22:18:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.30 00:20:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.30 08:49:35 | 000,000,000 | ---D | M]
 
[2008.10.05 13:06:09 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\mozilla\Extensions
[2010.10.31 01:04:28 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\k4159ft0.default\extensions
[2010.10.07 00:17:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\k4159ft0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.27 23:51:22 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\k4159ft0.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.07.28 21:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\k4159ft0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.07 11:02:06 | 000,000,873 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\k4159ft0.default\searchplugins\conduit.xml
[2010.10.30 08:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.30 08:50:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.10.30 08:49:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007.12.17 18:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkimi.dll
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.27 21:11:56 | 000,000,000 | ---D | M] - G:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 21:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 21:11:56 | 000,000,049 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{27141385-bd7a-11de-b53f-caf9733fca95}\Shell - "" = AutoRun
O33 - MountPoints2\{27141385-bd7a-11de-b53f-caf9733fca95}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{31bd4cff-65cb-11df-9996-9637ce3d1694}\Shell - "" = AutoRun
O33 - MountPoints2\{31bd4cff-65cb-11df-9996-9637ce3d1694}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{4413112a-a72a-11dd-9859-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4413112a-a72a-11dd-9859-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{44131144-a72a-11dd-9859-001e68de61eb}\Shell - "" = AutoRun
O33 - MountPoints2\{44131144-a72a-11dd-9859-001e68de61eb}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{a4e6fd94-6454-11df-b008-d46045ae06ec}\Shell - "" = AutoRun
O33 - MountPoints2\{a4e6fd94-6454-11df-b008-d46045ae06ec}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010.09.27 21:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{e0a98faf-1ed7-11de-96e4-001e68de61eb}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.21 03:23:31 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.30 08:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.10.30 08:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.10.30 08:49:35 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.10.30 08:49:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.30 08:49:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.30 08:49:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.10.30 08:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010.10.29 20:02:56 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes
[2010.10.29 20:02:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.29 20:02:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.29 20:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.29 20:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.10.29 19:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2010.10.29 17:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.10.28 18:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010.10.28 18:56:14 | 000,000,000 | ---D | C] -- C:\Users\\Documents\FUSSBALL MANAGER 11
[2010.10.28 18:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2010.10.26 21:40:15 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.10.26 21:40:14 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.26 21:40:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.10.22 15:12:01 | 000,000,000 | ---D | C] -- C:\Users\\.filestore
[2010.10.22 15:02:01 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\P5
[2010.10.22 15:01:56 | 000,000,000 | ---D | C] -- C:\Betsson
[2010.10.15 07:31:44 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.15 07:31:43 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.15 07:31:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.15 07:31:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.15 07:31:41 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.15 07:31:40 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.15 07:31:40 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.15 07:31:40 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.15 07:31:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.15 07:31:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.15 07:31:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.15 07:31:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.15 07:31:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.15 07:31:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.15 07:31:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.15 07:31:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.15 07:31:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.14 19:42:09 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Karte
[2010.10.14 18:00:39 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.14 18:00:23 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.14 18:00:15 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.14 18:00:12 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.14 18:00:09 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.14 18:00:07 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.14 17:58:11 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.14 17:58:10 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2009.10.22 16:25:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\\AppData\Roaming\pcouffin.sys
[2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.31 22:43:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.31 22:43:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.31 20:49:38 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.31 20:49:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.31 20:49:38 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.31 20:49:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.31 20:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.10.31 20:43:56 | 000,147,534 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.10.31 20:43:52 | 000,147,534 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.10.31 20:43:50 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010.10.31 20:43:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.31 20:43:10 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.30 08:49:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.30 08:49:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.30 08:49:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.10.30 08:49:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.10.30 08:12:55 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.10.30 08:04:08 | 000,006,656 | ---- | M] () -- C:\Windows\System32\9D067D11.exe
[2010.10.29 23:48:24 | 000,001,714 | ---- | M] () -- C:\Users\\Documents\cc_20101030_004814.reg
[2010.10.29 20:02:50 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.29 17:04:42 | 000,001,950 | ---- | M] () -- C:\Users\\Desktop\HiJackThis.lnk
[2010.10.29 09:10:54 | 000,000,944 | ---- | M] () -- C:\Users\\Desktop\Autorun - Verknüpfung.lnk
[2010.10.27 23:48:46 | 000,100,864 | ---- | M] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.22 15:01:58 | 000,001,422 | ---- | M] () -- C:\Users\Public\Desktop\Betsson Poker.lnk
[2010.10.22 12:50:25 | 000,342,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.13 19:33:28 | 000,000,354 | ---- | M] () -- C:\Users\\AppData\Roaming\wklnhst.dat
[2010.10.10 17:15:25 | 000,000,240 | ---- | M] () -- C:\Users\\Goya.ini
[2010.10.10 17:12:08 | 000,000,130 | ---- | M] () -- C:\Windows\Goya.INI
[2010.10.10 16:46:51 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
 
========== Files Created - No Company Name ==========
 
[2010.10.30 08:13:32 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010.10.30 08:12:55 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.10.30 08:04:08 | 000,006,656 | ---- | C] () -- C:\Windows\System32\9D067D11.exe
[2010.10.29 23:48:17 | 000,001,714 | ---- | C] () -- C:\Users\\Documents\cc_20101030_004814.reg
[2010.10.29 20:02:50 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.29 17:04:42 | 000,001,950 | ---- | C] () -- C:\Users\\Desktop\HiJackThis.lnk
[2010.10.28 23:16:36 | 000,000,944 | ---- | C] () -- C:\Users\\Desktop\Autorun - Verknüpfung.lnk
[2010.10.22 15:12:00 | 000,004,257 | ---- | C] () -- C:\Users\\pokerclient.log
[2010.10.22 15:01:58 | 000,001,422 | ---- | C] () -- C:\Users\Public\Desktop\Betsson Poker.lnk
[2010.07.13 11:08:29 | 000,000,130 | ---- | C] () -- C:\Windows\Goya.INI
[2009.10.22 16:26:10 | 000,000,033 | ---- | C] () -- C:\Users\\AppData\Roaming\pcouffin.log
[2009.10.22 16:25:05 | 000,087,608 | ---- | C] () -- C:\Users\\AppData\Roaming\inst.exe
[2009.10.22 16:25:05 | 000,007,887 | ---- | C] () -- C:\Users\\AppData\Roaming\pcouffin.cat
[2009.10.22 16:25:05 | 000,001,144 | ---- | C] () -- C:\Users\\AppData\Roaming\pcouffin.inf
[2009.10.22 12:13:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.31 12:43:00 | 000,000,354 | ---- | C] () -- C:\Users\\AppData\Roaming\wklnhst.dat
[2009.08.06 16:57:21 | 000,017,089 | ---- | C] () -- C:\Users\\AppData\Roaming\UserTile.png
[2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.04.30 02:36:00 | 000,001,356 | ---- | C] () -- C:\Users\\AppData\Local\d3d9caps.dat
[2008.10.22 19:04:55 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.10.20 19:32:17 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.10.20 19:31:06 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.10.06 19:53:55 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log
[2008.10.06 19:48:26 | 000,143,530 | ---- | C] () -- C:\Users\\AppData\Local\edsinstaller.txt-20081006.log
[2008.10.06 19:25:50 | 000,100,864 | ---- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.05 13:20:37 | 000,147,534 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.05 13:19:02 | 000,147,534 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.04 18:07:42 | 000,006,048 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2008.09.04 18:06:43 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.07.30 11:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.07.30 02:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.07.30 02:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.07.30 02:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FEBEC560
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8173A019

< End of report >
--- --- ---

cosinus 01.11.2010 01:05
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten.

KielerJung 01.11.2010 16:17
Hallo! Mehr hat mir diese Malwarebytes nicht ausgespuckt. Muss ich irgendwelche bestimmten Einstellungen vornehmen?! Soll ich es nochmal durchlaufen lassen?!

Gruß

cosinus 01.11.2010 18:20
Nö, ich wollte nur wissen, ob Du öfter mit Malwarebytes scannen lassen hast. Zu jedem Durchlauf gibt es ein Log. Falls Du also Malwarebytes öfter durchlaufen lassen (vorher schon) hätte ich da gerne alle Logs zu gesehen.

KielerJung 01.11.2010 19:18
Hallo! Am Tag zuvor hatte ich es schon einmal durchlaufen lassen. Ist aber im Moment nicht auffindbar. Nützt es was?!

Weitere Vorgehensweise?! Kann man daraus bisher was erkennen?!

cosinus 01.11.2010 20:04
Dann starte mal malwarebytes und sieh nach im Reiter Logdateien. Da sind alle Logs aufgelistet.

KielerJung 01.11.2010 23:56
Dort sind zwei Logdateien aufgeführt.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4991

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

29.10.2010 21:18:45
mbam-log-2010-10-29 (21-18-45).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141168
Laufzeit: 13 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


und


Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4991

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

30.10.2010 09:53:18
mbam-log-2010-10-30 (09-53-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 139038
Laufzeit: 14 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 02.11.2010 15:01
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
SRV - (9D067D11) -- C:\Windows\System32\9D067D11.exe ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.1.1:3128
FF - prefs.js..network.proxy.ftp: "172.16.1.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "172.16.1.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "172.16.1.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks: "172.16.1.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.16.1.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.27 21:11:56 | 000,000,000 | ---D | M] - G:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 21:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 21:11:56 | 000,000,049 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{27141385-bd7a-11de-b53f-caf9733fca95}\Shell - "" = AutoRun
O33 - MountPoints2\{27141385-bd7a-11de-b53f-caf9733fca95}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{31bd4cff-65cb-11df-9996-9637ce3d1694}\Shell - "" = AutoRun
O33 - MountPoints2\{31bd4cff-65cb-11df-9996-9637ce3d1694}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{4413112a-a72a-11dd-9859-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4413112a-a72a-11dd-9859-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{44131144-a72a-11dd-9859-001e68de61eb}\Shell - "" = AutoRun
O33 - MountPoints2\{44131144-a72a-11dd-9859-001e68de61eb}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{a4e6fd94-6454-11df-b008-d46045ae06ec}\Shell - "" = AutoRun
O33 - MountPoints2\{a4e6fd94-6454-11df-b008-d46045ae06ec}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010.09.27 21:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{e0a98faf-1ed7-11de-96e4-001e68de61eb}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.21 03:23:31 | 000,013,312 | ---- | M] (Microsoft Corporation)
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FEBEC560
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8173A019
:Files
C:\Windows\System32\9D067D11.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

KielerJung 02.11.2010 21:00
Hier das Logfile.

========== OTL ==========
Service 9D067D11 stopped successfully!
Service 9D067D11 deleted successfully!
C:\Windows\System32\9D067D11.exe moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "172.16.1.1" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "172.16.1.1" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "172.16.1.1" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: "172.16.1.1" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "172.16.1.1" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
File move failed. G:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27141385-bd7a-11de-b53f-caf9733fca95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27141385-bd7a-11de-b53f-caf9733fca95}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27141385-bd7a-11de-b53f-caf9733fca95}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27141385-bd7a-11de-b53f-caf9733fca95}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31bd4cff-65cb-11df-9996-9637ce3d1694}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31bd4cff-65cb-11df-9996-9637ce3d1694}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31bd4cff-65cb-11df-9996-9637ce3d1694}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31bd4cff-65cb-11df-9996-9637ce3d1694}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4413112a-a72a-11dd-9859-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4413112a-a72a-11dd-9859-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4413112a-a72a-11dd-9859-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4413112a-a72a-11dd-9859-806e6f6e6963}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44131144-a72a-11dd-9859-001e68de61eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44131144-a72a-11dd-9859-001e68de61eb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44131144-a72a-11dd-9859-001e68de61eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44131144-a72a-11dd-9859-001e68de61eb}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e6fd94-6454-11df-b008-d46045ae06ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e6fd94-6454-11df-b008-d46045ae06ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e6fd94-6454-11df-b008-d46045ae06ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e6fd94-6454-11df-b008-d46045ae06ec}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\ not found.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0a98faf-1ed7-11de-96e4-001e68de61eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0a98faf-1ed7-11de-96e4-001e68de61eb}\ not found.
C:\Windows\System32\setupSNK.exe moved successfully.
ADS C:\ProgramData\Temp:FEBEC560 deleted successfully.
ADS C:\ProgramData\Temp:193426B4 deleted successfully.
ADS C:\ProgramData\Temp:8173A019 deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\9D067D11.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[emptytemp> in the current context!

OTL by OldTimer - Version 3.2.17.1 log created on 11022010_205534

Files\Folders moved on Reboot...
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
File move failed. G:\Autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

KielerJung 02.11.2010 21:01
========== OTL ==========
Service 9D067D11 stopped successfully!
Service 9D067D11 deleted successfully!
C:\Windows\System32\9D067D11.exe moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "172.16.1.1" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "172.16.1.1" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "172.16.1.1" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: "172.16.1.1" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "172.16.1.1" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
File move failed. G:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27141385-bd7a-11de-b53f-caf9733fca95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27141385-bd7a-11de-b53f-caf9733fca95}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27141385-bd7a-11de-b53f-caf9733fca95}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27141385-bd7a-11de-b53f-caf9733fca95}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31bd4cff-65cb-11df-9996-9637ce3d1694}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31bd4cff-65cb-11df-9996-9637ce3d1694}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31bd4cff-65cb-11df-9996-9637ce3d1694}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31bd4cff-65cb-11df-9996-9637ce3d1694}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4413112a-a72a-11dd-9859-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4413112a-a72a-11dd-9859-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4413112a-a72a-11dd-9859-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4413112a-a72a-11dd-9859-806e6f6e6963}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44131144-a72a-11dd-9859-001e68de61eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44131144-a72a-11dd-9859-001e68de61eb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44131144-a72a-11dd-9859-001e68de61eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44131144-a72a-11dd-9859-001e68de61eb}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e6fd94-6454-11df-b008-d46045ae06ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e6fd94-6454-11df-b008-d46045ae06ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e6fd94-6454-11df-b008-d46045ae06ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e6fd94-6454-11df-b008-d46045ae06ec}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcf6182a-7a9f-11dd-afb0-806e6f6e6963}\ not found.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0a98faf-1ed7-11de-96e4-001e68de61eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0a98faf-1ed7-11de-96e4-001e68de61eb}\ not found.
C:\Windows\System32\setupSNK.exe moved successfully.
ADS C:\ProgramData\Temp:FEBEC560 deleted successfully.
ADS C:\ProgramData\Temp:193426B4 deleted successfully.
ADS C:\ProgramData\Temp:8173A019 deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\9D067D11.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[emptytemp> in the current context!

OTL by OldTimer - Version 3.2.17.1 log created on 11022010_205534

Files\Folders moved on Reboot...
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
File move failed. G:\Autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

KielerJung 02.11.2010 21:11
Ich weiß nicht ob es damit zusammenhängt, aber es läuft im Moment wieder alles reibungslos. DANKE!!!!!!!!!! Was war nun der Fehler?! Habe ich zuviel XXX-Seiten besucht ;-) Hoffe, das es so bleibt.

cosinus 03.11.2010 13:14
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27