Trojaner-Board - Programme lassen sich nicht ausführen/Avira spielt verrückt

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6012

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10.03.2011 21:29:00
mbam-log-2011-03-10 (21-29-00).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148189
Laufzeit: 2 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WORT (Trojan.Vilsel) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\recycle.bin (Trojan.Spyeyes) -> Delete on reboot.
c:\skhfushjflw (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
c:\recycle.bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\recycle.bin\recycle.bin.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\skhfushjflw\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

OTLOTL Logfile:

Code:

OTL logfile created on: 10.03.2011 21:30:10 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Rose\Downloads

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 39,06 Gb Total Space | 3,47 Gb Free Space | 8,90% Space Free | Partition Type: NTFS

Drive D: | 39,06 Gb Total Space | 8,65 Gb Free Space | 22,14% Space Free | Partition Type: NTFS

Drive E: | 70,93 Gb Total Space | 11,97 Gb Free Space | 16,88% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: ROSE-PC | User Name: Rose | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.03.10 20:31:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Downloads\OTL.exe

PRC - [2011.02.26 02:19:28 | 003,502,992 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\Xfire.exe

PRC - [2011.02.18 13:10:02 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

PRC - [2011.02.18 13:08:18 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

PRC - [2011.01.21 17:12:28 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe

PRC - [2011.01.21 12:55:22 | 001,966,936 | ---- | M] (Secure Digital Services Limited) -- C:\Programme\OfferBox\OfferBox.exe

PRC - [2011.01.14 15:55:57 | 002,250,616 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011.01.13 11:29:06 | 000,840,000 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Pro\DTAgent.exe

PRC - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.01.10 14:22:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.01.07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010.12.18 06:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe

PRC - [2010.12.03 20:43:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2010.11.05 14:27:18 | 007,168,768 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Rose\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe

PRC - [2010.02.03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe

PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.10.23 22:59:56 | 000,228,352 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech Touch Mouse Server\iTouch-Server-Win.exe

PRC - [2009.10.16 10:42:48 | 000,319,488 | ---- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe

PRC - [2009.10.01 01:57:18 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe

PRC - [2009.09.15 17:02:48 | 000,180,224 | ---- | M] (ROCCAT) -- C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE

PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2009.07.13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\Windows\UnsignedThemesSvc.exe

PRC - [2009.01.16 18:12:28 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe

PRC - [2008.10.06 11:40:32 | 000,458,752 | ---- | M] (ROCCAT) -- C:\Programme\ROCCAT\Kone Mouse\OSD.exe

PRC - [2002.12.17 17:23:32 | 000,074,308 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.03.10 20:31:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Downloads\OTL.exe

MOD - [2011.02.26 02:19:34 | 000,972,176 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire_toucan_44036.dll

MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009.07.14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.02.18 13:08:18 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.02.18 13:05:52 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.01.14 15:55:57 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.01.10 14:22:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2009.10.16 10:42:48 | 000,319,488 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)

SRV - [2002.12.17 17:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)

SRV - [2002.12.17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)

SRV - [2002.12.17 17:23:30 | 000,066,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.03.10 17:52:42 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)

DRV - [2011.02.14 16:37:39 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011.01.10 14:23:16 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.01.10 14:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.01.08 04:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010.11.29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.01.12 19:57:24 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV - [2010.01.12 19:57:23 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)

DRV - [2010.01.12 19:57:23 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)

DRV - [2010.01.12 19:57:23 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)

DRV - [2009.10.01 18:03:12 | 001,515,520 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD)

DRV - [2009.08.04 03:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)

DRV - [2009.07.16 04:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.13 01:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\uxpatch.sys -- (uxpatch)

DRV - [2008.12.11 14:56:14 | 000,013,056 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Kone.sys -- (KoneFltr)

DRV - [2005.07.28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)

DRV - [2005.06.09 12:03:30 | 001,383,104 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmudau.sys -- (cmudau)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 1F 90 F8 84 B9 CB 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:2.1.3441.119

FF - prefs.js..extensions.enabledItems: {00018771-5EC6-43B2-AEA4-52B5034370B7}:1.9.1

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2011.02.21 22:20:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{00018771-5EC6-43B2-AEA4-52B5034370B7}: C:\Users\Rose\AppData\Local\{00018771-5EC6-43B2-AEA4-52B5034370B7} [2011.02.21 22:21:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.10 17:55:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.10 17:55:33 | 000,000,000 | ---D | M]

 

[2011.03.10 17:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\mozilla\Extensions

[2011.03.10 17:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\mozilla\Firefox\Profiles\4rcx7dy9.default\extensions

[2011.03.10 17:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.02.21 22:20:49 | 000,000,000 | ---D | M] (OfferBox) -- C:\PROGRAM FILES\OFFERBOX\OFFERBOXFFX@OFFERBOX.COM

[2011.02.21 22:21:21 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ROSE\APPDATA\LOCAL\{00018771-5EC6-43B2-AEA4-52B5034370B7}

[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.12.13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml

[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.03.04 17:58:16 | 000,001,362 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       thepiratebay.org

O1 - Hosts: 127.0.0.1       www.thepiratebay.org

O1 - Hosts: 127.0.0.1       mininova.org

O1 - Hosts: 127.0.0.1       www.mininova.org

O1 - Hosts: 127.0.0.1       forum.mininova.org

O1 - Hosts: 127.0.0.1       blog.mininova.org

O1 - Hosts: 127.0.0.1       suprbay.org

O1 - Hosts: 127.0.0.1       www.suprbay.org

O1 - Hosts: 127.0.0.1 www.8minutedating.com

O1 - Hosts: 127.0.0.1 whysohardx.com

O1 - Hosts: 127.0.0.1 protectyourpc-11.com

O1 - Hosts: 127.0.0.1 checkserverstatux.com

O1 - Hosts: 127.0.0.1 xinmin.cn

O1 - Hosts: 127.0.0.1 xy95.cn

O1 - Hosts: 127.0.0.1 koralda.com

O1 - Hosts: 127.0.0.1 weirden.com

O1 - Hosts: 127.0.0.1 nanocloudcontroller.com

O1 - Hosts: 127.0.0.1 coo0lnet.net

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)

O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Programme\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Cm106Sound]  File not found

O4 - HKLM..\Run: [CmUsbSound]  File not found

O4 - HKLM..\Run: [Kone] C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Steam] E:\Program Files\Steam\steam.exe (Valve Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\awmytwhp.exe ()

O4 - Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Programme\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)

O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - Reg Error: Key error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Program Files\rqumjtxy\awmytwhp.exe) - C:\Programme\rqumjtxy\awmytwhp.exe ()

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{489f95a3-3850-11e0-90a9-20cf30c09289}\Shell - "" = AutoRun

O33 - MountPoints2\{489f95a3-3850-11e0-90a9-20cf30c09289}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{52e25076-257a-11e0-85c3-20cf30c31afd}\Shell - "" = AutoRun

O33 - MountPoints2\{52e25076-257a-11e0-85c3-20cf30c31afd}\Shell\AutoRun\command - "" = H:\setup\rsrc\Autorun.exe

O33 - MountPoints2\{52e25076-257a-11e0-85c3-20cf30c31afd}\Shell\dinstall\command - "" = H:\Directx\dxsetup.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.10 20:28:53 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Malwarebytes

[2011.03.10 20:28:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.03.10 20:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.03.10 20:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.03.10 20:28:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.03.10 20:28:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.10 18:20:49 | 002,100,601 | ---- | C] (Crytek GmbH) -- C:\Users\Rose\Documents\CryPhysics.dll

[2011.03.10 18:19:56 | 000,465,387 | ---- | C] (Crytek GmbH) -- C:\Users\Rose\Documents\CryFont.dll

[2011.03.10 18:00:39 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2011.03.10 18:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2011.03.10 17:55:38 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Mozilla

[2011.03.10 17:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox

[2011.03.10 17:40:55 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe

[2011.03.10 17:40:50 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2011.03.10 17:40:50 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.03.10 17:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011

[2011.03.10 17:40:29 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\TuneUp Software

[2011.03.10 17:40:25 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011

[2011.03.10 17:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2011.03.10 17:39:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2011.03.09 20:36:44 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Avira

[2011.03.09 20:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011.03.09 20:35:11 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.03.09 20:35:11 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.03.09 20:35:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011.03.09 20:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.03.09 20:35:10 | 000,000,000 | ---D | C] -- C:\Programme\Avira

[2011.03.09 18:45:02 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Xfire

[2011.03.09 18:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire

[2011.03.09 18:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire

[2011.03.09 18:30:30 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5

[2011.03.09 18:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5

[2011.03.09 18:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011.03.09 16:40:35 | 000,000,000 | ---D | C] -- C:\Programme\tmp

[2011.03.09 16:40:28 | 000,000,000 | ---D | C] -- C:\Programme\rqumjtxy

[2011.03.06 21:56:46 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\music

[2011.03.06 21:47:53 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll

[2011.03.06 21:47:53 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll

[2011.03.06 21:47:52 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll

[2011.03.06 21:47:52 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll

[2011.03.06 21:47:51 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5

[2011.03.06 21:46:37 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2011.03.06 21:46:37 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll

[2011.03.06 21:46:37 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll

[2011.03.06 21:46:37 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax

[2011.03.06 21:46:37 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax

[2011.03.06 21:46:37 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax

[2011.03.06 21:46:37 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax

[2011.03.06 21:46:37 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll

[2011.03.06 21:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © v2011.build.46 (Feb 12, 2011)

[2011.03.06 21:46:36 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax

[2011.03.06 21:46:36 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax

[2011.03.06 21:46:36 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax

[2011.03.06 21:46:36 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax

[2011.03.06 21:46:36 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax

[2011.03.06 21:45:40 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Real

[2011.03.06 21:43:11 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft

[2011.03.06 21:12:39 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Ashampoo

[2011.03.06 21:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

[2011.03.06 21:12:26 | 000,000,000 | ---D | C] -- C:\Programme\Ashampoo

[2011.03.04 21:36:19 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps

[2011.03.04 21:36:19 | 000,000,000 | ---D | C] -- C:\Fraps

[2011.03.01 20:23:13 | 000,171,417 | ---- | C] (Daniel Pistelli) -- C:\Windows\System32\YCemSCi.exe

[2011.02.25 18:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2011.02.23 21:33:17 | 000,000,000 | ---D | C] -- C:\Windows\TEMP

[2011.02.22 16:16:50 | 000,000,000 | ---D | C] -- C:\Users\Rose\Documents\Sony-Medienbibliotheken

[2011.02.22 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Publish Providers

[2011.02.22 16:16:45 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Sony

[2011.02.22 16:12:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server

[2011.02.22 16:12:25 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Sony

[2011.02.22 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

[2011.02.22 16:11:19 | 000,000,000 | ---D | C] -- C:\Programme\Vstplugins

[2011.02.22 16:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony

[2011.02.22 16:11:09 | 000,000,000 | ---D | C] -- C:\Programme\Sony

[2011.02.22 16:10:28 | 000,000,000 | ---D | C] -- C:\Programme\Sony Setup

[2011.02.21 22:21:21 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{00018771-5EC6-43B2-AEA4-52B5034370B7}

[2011.02.21 22:20:48 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\OfferBox

[2011.02.21 22:20:48 | 000,000,000 | ---D | C] -- C:\Programme\OfferBox

[2011.02.21 21:43:22 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files

[2011.02.21 21:43:04 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2011.02.19 10:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour

[2011.02.19 10:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2011.02.19 10:06:28 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech Touch Mouse Server

[2011.02.19 10:06:28 | 000,000,000 | ---D | C] -- C:\Programme\Logitech Touch Mouse Server

[2011.02.18 20:51:30 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ControlMK

[2011.02.18 20:51:30 | 000,000,000 | ---D | C] -- C:\Programme\ControlMK

[2011.02.18 20:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ControlMK

[2011.02.18 20:49:28 | 000,000,000 | ---D | C] -- C:\Programme\AutoHotkey

[2011.02.18 20:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey

[2011.02.18 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\NVIDIA

[2011.02.17 22:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games

[2011.02.15 18:51:01 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\vlc

[2011.02.15 18:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.02.15 18:50:15 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN

[2011.02.14 17:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters

[2011.02.14 17:08:42 | 000,000,000 | ---D | C] -- C:\Users\Rose\Documents\Codemasters

[2011.02.14 16:37:39 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2011.02.14 16:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro

[2011.02.14 16:35:06 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Pro

[2011.02.14 16:34:52 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\DAEMON Tools Pro

[2011.02.14 16:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro

[2011.02.13 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\FalloutNV

[2011.02.13 03:48:41 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\kikin

[2011.02.13 03:48:41 | 000,000,000 | ---D | C] -- C:\Programme\kikin

[2011.02.12 18:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

[2011.02.12 18:17:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Xbox 360 Accessories

[2011.02.12 10:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy

[2011.02.10 22:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Anticheat 3

[2011.02.10 22:16:46 | 000,000,000 | ---D | C] -- C:\Programme\DExUS

[2011.02.09 23:56:27 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll

[2011.02.09 23:56:27 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL

[2011.02.09 23:55:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Futuremark Shared

[2011.02.09 23:54:25 | 000,000,000 | ---D | C] -- C:\Programme\Futuremark

[2011.02.09 23:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark

[2011.02.09 23:06:29 | 000,000,000 | ---D | C] -- C:\Windows\AsDmiHtm

[2011.02.09 22:59:00 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.10 21:29:09 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\bswqxl.sys

[2011.03.10 20:29:38 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.10 19:47:46 | 000,212,917 | ---- | M] () -- C:\Users\Rose\Documents\ts3_clientui-win32-12815-2011-03-10 19_47_45.662430.dmp

[2011.03.10 18:30:41 | 021,691,392 | ---- | M] () -- C:\Users\Rose\Documents\Bin32.rar

[2011.03.10 18:21:30 | 002,100,601 | ---- | M] (Crytek GmbH) -- C:\Users\Rose\Documents\CryPhysics.dll

[2011.03.10 18:20:04 | 000,465,387 | ---- | M] (Crytek GmbH) -- C:\Users\Rose\Documents\CryFont.dll

[2011.03.10 18:04:24 | 000,001,170 | ---- | M] () -- C:\Users\Rose\Desktop\TeamSpeak 3 Client.lnk

[2011.03.10 18:02:43 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2011.03.10 17:59:54 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.03.10 17:59:54 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.03.10 17:58:14 | 000,797,266 | ---- | M] () -- C:\Windows\System32\qtcore4.zip

[2011.03.10 17:57:42 | 001,250,048 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.03.10 17:57:42 | 000,798,878 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.03.10 17:57:42 | 000,318,080 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.03.10 17:57:42 | 000,272,392 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.03.10 17:52:43 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile

[2011.03.10 17:52:42 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011.03.10 17:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.03.10 17:52:38 | 2615,713,792 | -HS- | M] () -- C:\hiberfil.sys

[2011.03.10 17:49:00 | 000,001,124 | ---- | M] () -- C:\Windows\System32\.crusader

[2011.03.10 17:17:45 | 000,097,130 | ---- | M] () -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\awmytwhp.exe

[2011.03.09 20:35:17 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011.03.09 16:40:27 | 000,171,417 | ---- | M] (Daniel Pistelli) -- C:\Windows\System32\YCemSCi.exe

[2011.03.08 21:30:10 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.03.08 21:30:05 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr

[2011.03.08 20:46:12 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0

[2011.03.07 22:13:04 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX

[2011.03.07 22:13:04 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx

[2011.03.04 23:19:39 | 000,002,598 | ---- | M] () -- C:\Windows\Cm106.ini.imi

[2011.03.01 20:12:36 | 000,000,120 | ---- | M] () -- C:\Users\Rose\AppData\Local\Qquhodamapesep.dat

[2011.03.01 20:12:36 | 000,000,000 | ---- | M] () -- C:\Users\Rose\AppData\Local\Ggavul.bin

[2011.02.26 02:19:32 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll

[2011.02.22 16:39:38 | 257,208,014 | ---- | M] () -- C:\Users\Rose\Documents\Ohne Titel.mp4

[2011.02.22 16:16:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011.02.22 16:16:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011.02.22 16:16:50 | 000,000,000 | ---- | M] () -- C:\Windows\Twunk002.MTX

[2011.02.22 16:16:12 | 000,197,739 | ---- | M] () -- C:\Users\Rose\Documents\Vegas registrieren.htm

[2011.02.22 16:13:05 | 000,002,191 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dienst-Manager.lnk

[2011.02.21 22:19:15 | 000,516,550 | ---- | M] () -- C:\Users\Rose\Documents\Bild48.jpg

[2011.02.21 22:03:38 | 000,000,584 | ---- | M] () -- C:\Users\Rose\Documents\Standard.sfvidcap

[2011.02.19 10:06:33 | 000,001,173 | ---- | M] () -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk

[2011.02.18 13:10:38 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe

[2011.02.18 13:06:00 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.02.18 13:05:52 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2011.02.14 16:55:33 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll

[2011.02.14 16:47:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011.02.14 16:37:39 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2011.02.12 18:12:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf

[2011.02.10 17:14:42 | 001,612,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.02.09 23:53:13 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2011.02.09 23:06:13 | 000,047,822 | ---- | M] () -- C:\Windows\Ascd_log.ini

[2011.02.09 23:06:05 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2011.02.09 23:04:06 | 000,039,044 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.03.10 21:29:09 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\bswqxl.sys

[2011.03.10 20:28:46 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.10 19:47:45 | 000,212,917 | ---- | C] () -- C:\Users\Rose\Documents\ts3_clientui-win32-12815-2011-03-10 19_47_45.662430.dmp

[2011.03.10 18:22:56 | 021,691,392 | ---- | C] () -- C:\Users\Rose\Documents\Bin32.rar

[2011.03.10 18:04:24 | 000,001,170 | ---- | C] () -- C:\Users\Rose\Desktop\TeamSpeak 3 Client.lnk

[2011.03.10 18:02:13 | 001,961,472 | ---- | C] () -- C:\Windows\System32\qtcore4.dll

[2011.03.10 17:58:12 | 000,797,266 | ---- | C] () -- C:\Windows\System32\qtcore4.zip

[2011.03.10 17:40:49 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk

[2011.03.09 20:35:17 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011.03.09 18:42:19 | 000,001,124 | ---- | C] () -- C:\Windows\System32\.crusader

[2011.03.09 18:30:31 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011.03.09 16:44:25 | 000,097,130 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\awmytwhp.exe

[2011.03.06 21:47:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2011.03.06 21:46:36 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax

[2011.03.06 21:46:36 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax

[2011.03.06 21:46:36 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax

[2011.03.06 21:46:36 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax

[2011.03.06 21:46:36 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax

[2011.03.06 21:46:36 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax

[2011.03.06 21:46:36 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax

[2011.03.06 21:46:36 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax

[2011.02.26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll

[2011.02.22 16:34:24 | 257,208,014 | ---- | C] () -- C:\Users\Rose\Documents\Ohne Titel.mp4

[2011.02.22 16:16:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2011.02.22 16:16:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2011.02.22 16:16:50 | 000,000,156 | ---- | C] () -- C:\Windows\Twunk001.MTX

[2011.02.22 16:16:50 | 000,000,003 | ---- | C] () -- C:\Windows\Twain001.Mtx

[2011.02.22 16:16:50 | 000,000,000 | ---- | C] () -- C:\Windows\Twunk002.MTX

[2011.02.22 16:16:12 | 000,197,739 | ---- | C] () -- C:\Users\Rose\Documents\Vegas registrieren.htm

[2011.02.22 16:13:05 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dienst-Manager.lnk

[2011.02.21 22:21:22 | 000,000,120 | ---- | C] () -- C:\Users\Rose\AppData\Local\Qquhodamapesep.dat

[2011.02.21 22:21:22 | 000,000,000 | ---- | C] () -- C:\Users\Rose\AppData\Local\Ggavul.bin

[2011.02.21 22:20:49 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfferBox Browser.lnk

[2011.02.21 22:19:09 | 000,516,550 | ---- | C] () -- C:\Users\Rose\Documents\Bild48.jpg

[2011.02.21 22:03:38 | 000,000,584 | ---- | C] () -- C:\Users\Rose\Documents\Standard.sfvidcap

[2011.02.19 10:06:33 | 000,001,173 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk

[2011.02.14 16:47:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011.02.12 18:12:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf

[2011.02.09 23:52:26 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011.02.09 23:06:12 | 000,047,822 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011.01.27 20:17:11 | 000,164,864 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE

[2011.01.27 20:17:11 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdsuinst.exe

[2011.01.27 20:17:11 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI

[2011.01.25 18:38:27 | 000,561,152 | ---- | C] () -- C:\Windows\System32\Cmeau106.exe

[2011.01.25 18:38:27 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll

[2011.01.25 18:38:27 | 000,000,537 | ---- | C] () -- C:\Windows\Cm106.ini.cfl

[2011.01.25 18:38:24 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2011.01.25 18:38:24 | 000,002,598 | ---- | C] () -- C:\Windows\Cm106.ini.imi

[2011.01.25 18:08:42 | 000,000,964 | ---- | C] () -- C:\Windows\cm106.ini

[2011.01.25 18:08:24 | 000,003,059 | ---- | C] () -- C:\Windows\Cm106.ini.cfg

[2011.01.22 17:45:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.01.22 13:11:22 | 000,241,664 | ---- | C] () -- C:\Windows\System32\cmdrvrmu.exe

[2011.01.22 13:11:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\cmdrvrmu.dll

[2011.01.22 09:15:16 | 000,040,960 | R--- | C] () -- C:\Windows\CmiUSB2Uninstall.exe

[2011.01.22 09:15:15 | 000,004,911 | R--- | C] () -- C:\Windows\Cmudau.ini

[2011.01.22 09:04:43 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll

[2011.01.21 18:04:54 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.01.21 18:04:54 | 000,022,328 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\PnkBstrK.sys

[2011.01.21 18:04:19 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011.01.21 18:04:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011.01.21 18:04:16 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini

[2011.01.21 17:05:04 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll

[2011.01.21 17:05:04 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys

[2011.01.21 17:05:01 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys

[2011.01.21 17:05:01 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys

[2011.01.21 17:03:31 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011.01.21 16:43:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011.01.21 16:43:50 | 000,039,044 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2009.07.16 04:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

[2009.07.14 09:47:43 | 001,250,048 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,318,080 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 05:33:53 | 001,612,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,798,878 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,272,392 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.07.13 01:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

[2009.02.19 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe

[2008.12.01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll

 
 ========== LOP Check ==========

 

[2011.03.06 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Ashampoo

[2011.01.21 17:31:10 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\DAEMON Tools Lite

[2011.02.14 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\DAEMON Tools Pro

[2011.03.09 20:16:49 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\kikin

[2011.02.21 21:43:22 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files

[2011.03.10 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\OfferBox

[2011.02.22 16:16:49 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Publish Providers

[2011.01.22 11:00:02 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\ROCCAT

[2011.02.22 16:34:23 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Sony

[2011.03.05 17:56:02 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\TeamViewer

[2011.01.24 18:54:16 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\ToMMTi-Systems

[2011.01.22 13:06:38 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\TS3Client

[2011.03.10 17:40:29 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\TuneUp Software

[2011.01.21 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Ubisoft

[2011.03.09 16:41:08 | 000,031,120 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < Malwarebytes' Anti-Malware 1.50.1.1100 >

 
 < www.malwarebytes.org >

 
 <  >

 
 < Datenbank Version: 6012 >

 
 <  >

 
 < Windows 6.1.7600 >

 
 < Internet Explorer 8.0.7600.16385 >

 
 <  >

 
 < 10.03.2011 21:29:00 >

 
 < mbam-log-2011-03-10 (21-29-00).txt >

 
 <  >

 
 < Art des Suchlaufs: Quick-Scan >

 
 < Durchsuchte Objekte: 148189 >

 
 < Laufzeit: 2 Minute(n), 57 Sekunde(n) >

 
 <  >

 
 < Infizierte Speicherprozesse: 0 >

 
 < Infizierte Speichermodule: 0 >

 
 < Infizierte Registrierungsschlüssel: 1 >

 
 < Infizierte Registrierungswerte: 0 >

 
 < Infizierte Dateiobjekte der Registrierung: 0 >

 
 < Infizierte Verzeichnisse: 2 >

 
 < Infizierte Dateien: 4 >

 
 <  >

 
 < Infizierte Speicherprozesse: >

 
 < (Keine bösartigen Objekte gefunden) >

 
 <  >

 
 < Infizierte Speichermodule: >

 
 < (Keine bösartigen Objekte gefunden) >

 
 <  >

 
 < Infizierte Registrierungsschlüssel: >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WORT (Trojan.Vilsel) -> Quarantined and deleted successfully. >

 
 <  >

 
 < Infizierte Registrierungswerte: >

 
 < (Keine bösartigen Objekte gefunden) >

 
 <  >

 
 < Infizierte Dateiobjekte der Registrierung: >

 
 < (Keine bösartigen Objekte gefunden) >

 
 <  >

 
 < Infizierte Verzeichnisse: >

 
 < c:\recycle.bin (Trojan.Spyeyes) -> Delete on reboot. >

 
 < c:\skhfushjflw (Trojan.SpyEyes) -> Quarantined and deleted successfully. >

 
 <  >

 
 < Infizierte Dateien: >

 
 < c:\program files\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully. >

 
 < c:\recycle.bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. >

 
 < c:\recycle.bin\recycle.bin.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully. >

 
 < c:\skhfushjflw\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. >
 

< End of report >

--- --- ---

Combofix Logfile:

Code:

ComboFix 11-03-13.02 - Rose 14.03.2011  21:58:11.1.4 - x86

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3326.1961 [GMT 1:00]

ausgeführt von:: c:\users\Rose\Downloads\ComboFi.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\facemoods.com

c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.crx

c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.png

c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll

c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll

c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrvmgr.exe

c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe

c:\program files\OfferBox

c:\program files\OfferBox\OfferBox.exe

c:\program files\OfferBox\OfferBoxBHO.dll

c:\program files\OfferBox\OfferBoxChromeExtension.crx

c:\program files\OfferBox\OfferBoxEngine.dll

c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest

c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js

c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul

c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll

c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt

c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf

c:\program files\OfferBox\OfferBoxLauncher.exe

c:\program files\OfferBox\res\language.xml

c:\program files\OfferBox\res\loader.gif

c:\program files\OfferBox\uninst.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\OfferBox Browser.lnk

c:\recycle.bin\Recycle.Bin.exe

c:\recycle.bin\Recycle.Binmgr.exe

c:\users\Rose\AppData\Local\{00018771-5EC6-43B2-AEA4-52B5034370B7}

c:\users\Rose\AppData\Local\{00018771-5EC6-43B2-AEA4-52B5034370B7}\chrome.manifest

c:\users\Rose\AppData\Local\{00018771-5EC6-43B2-AEA4-52B5034370B7}\chrome\content\_cfg.js

c:\users\Rose\AppData\Local\{00018771-5EC6-43B2-AEA4-52B5034370B7}\chrome\content\overlay.xul

c:\users\Rose\AppData\Local\{00018771-5EC6-43B2-AEA4-52B5034370B7}\install.rdf

c:\users\Rose\AppData\Roaming\OfferBox

c:\users\Rose\AppData\Roaming\OfferBox\config.dat

c:\users\Rose\AppData\Roaming\OfferBox\config.xml

c:\windows\jestertb.dll

c:\windows\system32\AVSredirect.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-14 bis 2011-03-14  ))))))))))))))))))))))))))))))

.

.

2011-03-14 21:02 . 2011-03-14 21:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-03-13 19:21 . 2011-03-13 19:21        --------        d-----w-        C:\_OTL

2011-03-13 13:37 . 2011-03-13 13:42        --------        d-----w-        c:\programdata\RegCure

2011-03-13 13:37 . 2011-03-13 13:38        --------        d-----w-        c:\program files\RegCure

2011-03-13 13:34 . 2011-03-13 13:34        94323        ----a-w-        c:\windows\system\axbridge.dll

2011-03-13 13:33 . 2011-03-13 13:33        94323        ----a-w-        c:\windows\system32\axbridge.dll

2011-03-13 13:27 . 2011-03-13 13:27        --------        d-----w-        c:\program files\CCleaner

2011-03-12 16:35 . 2011-03-12 16:35        --------        d-----w-        c:\program files\TeamSpeak 3 Client

2011-03-12 16:27 . 2011-03-14 21:03        --------        d-----w-        c:\program files\rqumjtxy

2011-03-12 16:15 . 2011-03-12 16:15        --------        d-----w-        c:\program files\JDownloader

2011-03-12 13:36 . 2011-03-12 13:36        --------        d-----w-        c:\users\Rose\AppData\Roaming\Moyea

2011-03-12 13:36 . 2011-03-12 13:36        --------        d-----w-        c:\users\Rose\AppData\Roaming\Leawo

2011-03-12 13:35 . 2011-03-12 13:35        --------        d-----w-        c:\programdata\Leawo

2011-03-12 13:35 . 2010-03-15 09:31        165376        ----a-w-        c:\windows\system32\unrar.dll

2011-03-12 13:35 . 2011-03-12 13:35        --------        d-----w-        c:\program files\K-Lite Codec Pack

2011-03-12 13:35 . 2008-10-28 09:10        139264        ----a-w-        c:\windows\system32\xvid.ax

2011-03-12 13:35 . 2008-10-08 08:45        606208        ----a-w-        c:\windows\system32\xvidcore.dll

2011-03-12 13:35 . 2011-03-12 13:35        --------        d-----w-        c:\program files\Leawo

2011-03-12 13:20 . 2011-03-12 13:28        --------        d-----w-        c:\users\Rose\AppData\Roaming\WindSolutions

2011-03-12 13:20 . 2011-03-12 13:28        --------        d-----w-        c:\programdata\WindSolutions

2011-03-12 11:00 . 2011-03-12 11:34        --------        d-----w-        c:\users\Rose\AppData\Local\Wide Angle Software

2011-03-12 10:59 . 2011-03-12 10:59        --------        d-----w-        c:\program files\Wide Angle Software

2011-03-12 10:15 . 2010-12-03 19:43        555752        ----a-w-        c:\program files\Mozilla Firefox\uninstall\helper.exe

2011-03-11 21:11 . 2011-03-13 20:55        --------        d-----w-        c:\program files\temp

2011-03-11 14:16 . 2011-02-11 06:54        5943120        ------w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8928018-58B9-46E0-B11F-E72AB2CC32EF}\mpengine.dll

2011-03-10 19:28 . 2011-03-10 19:28        --------        d-----w-        c:\users\Rose\AppData\Roaming\Malwarebytes

2011-03-10 19:28 . 2011-03-10 19:28        --------        d-----w-        c:\programdata\Malwarebytes

2011-03-10 19:28 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-10 19:28 . 2011-03-10 19:29        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-03-10 19:28 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-03-10 17:02 . 2009-10-20 10:50        1961472        ----a-w-        c:\windows\system32\qtcore4.dll

2011-03-10 16:40 . 2011-02-18 12:10        31552        ----a-w-        c:\windows\system32\TURegOpt.exe

2011-03-10 16:40 . 2011-02-18 12:06        21312        ----a-w-        c:\windows\system32\authuitu.dll

2011-03-10 16:40 . 2011-02-18 12:05        29504        ----a-w-        c:\windows\system32\uxtuneup.dll

2011-03-10 16:40 . 2011-03-10 16:40        --------        d-----w-        c:\users\Rose\AppData\Roaming\TuneUp Software

2011-03-10 16:40 . 2011-03-10 16:40        --------        d-----w-        c:\program files\TuneUp Utilities 2011

2011-03-10 16:40 . 2011-03-10 16:42        --------        d-----w-        c:\programdata\TuneUp Software

2011-03-10 16:39 . 2011-03-10 16:39        --------        d-sh--w-        c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-03-10 02:00 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\system32\wcncsvc.dll

2011-03-09 20:35 . 2011-02-19 05:32        1074176        ----a-w-        c:\windows\system32\DWrite.dll

2011-03-09 20:35 . 2011-02-19 05:33        802304        ----a-w-        c:\windows\system32\FntCache.dll

2011-03-09 20:35 . 2011-02-19 05:32        739840        ----a-w-        c:\windows\system32\d2d1.dll

2011-03-09 20:34 . 2010-12-23 05:28        850432        ----a-w-        c:\windows\system32\sbe.dll

2011-03-09 20:34 . 2010-12-23 05:28        642048        ----a-w-        c:\windows\system32\CPFilters.dll

2011-03-09 20:34 . 2010-12-23 05:28        534528        ----a-w-        c:\windows\system32\EncDec.dll

2011-03-09 20:34 . 2010-12-23 05:24        199680        ----a-w-        c:\windows\system32\mpg2splt.ax

2011-03-09 20:34 . 2010-12-18 05:30        2690560        ----a-w-        c:\windows\system32\mstscax.dll

2011-03-09 20:34 . 2010-12-18 05:26        1034240        ----a-w-        c:\windows\system32\mstsc.exe

2011-03-09 20:34 . 2011-01-07 07:31        442880        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-03-09 20:34 . 2011-01-07 07:31        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-03-09 17:45 . 2011-03-14 16:50        --------        d-----w-        c:\users\Rose\AppData\Roaming\Xfire

2011-03-09 17:45 . 2011-03-10 16:54        --------        d-----w-        c:\programdata\Xfire

2011-03-09 17:30 . 2011-03-12 16:26        16968        ----a-w-        c:\windows\system32\drivers\hitmanpro35.sys

2011-03-09 17:30 . 2011-03-09 17:30        --------        d-----w-        c:\program files\Hitman Pro 3.5

2011-03-09 17:30 . 2011-03-09 17:42        --------        d-----w-        c:\programdata\Hitman Pro

2011-03-09 15:40 . 2011-03-13 20:55        --------        d-----w-        c:\program files\tmp

2011-03-06 20:47 . 2009-09-27 08:39        369152        ----a-w-        c:\windows\system32\avisynth.dll

2011-03-06 20:47 . 2004-02-22 09:11        719872        ----a-w-        c:\windows\system32\devil.dll

2011-03-06 20:47 . 2004-01-24 23:00        70656        ----a-w-        c:\windows\system32\yv12vfw.dll

2011-03-06 20:47 . 2004-01-24 23:00        70656        ----a-w-        c:\windows\system32\i420vfw.dll

2011-03-06 20:47 . 2011-03-06 20:47        --------        d-----w-        c:\program files\AviSynth 2.5

2011-03-06 20:43 . 2011-03-06 20:45        --------        d-----w-        c:\program files\eRightSoft

2011-03-06 20:12 . 2011-03-06 20:12        --------        d-----w-        c:\users\Rose\AppData\Roaming\Ashampoo

2011-03-06 20:12 . 2011-03-06 20:12        --------        d-----w-        c:\program files\Ashampoo

2011-03-04 20:36 . 2011-03-13 21:02        --------        d-----w-        C:\Fraps

2011-03-03 18:47 . 2011-03-03 18:47        543        ----a-w-        c:\users\Rosexplore.exe

2011-03-01 19:23 . 2011-03-09 15:40        171417        ----a-w-        c:\windows\system32\YCemSCi.exe

2011-02-26 01:19 . 2011-02-26 01:19        41872        ----a-w-        c:\windows\system32\xfcodec.dll

2011-02-25 17:21 . 2011-02-25 17:21        --------        d-----w-        c:\programdata\FLEXnet

2011-02-22 15:16 . 2011-02-22 15:16        --------        d-----w-        c:\users\Rose\AppData\Roaming\Publish Providers

2011-02-22 15:16 . 2011-02-22 15:16        --------        d-----w-        c:\users\Rose\AppData\Local\Sony

2011-02-22 15:13 . 2011-02-22 15:13        20480        ----a-w-        c:\windows\system32\cliconfg.728

2011-02-22 15:13 . 2002-12-17 16:23        33340        ------w-        c:\windows\system32\dbmsqlgc.dll

2011-02-22 15:13 . 2002-10-20 14:00        24576        ------w-        c:\windows\system32\dbmsgnet.dll

2011-02-22 15:13 . 1998-10-29 15:45        306688        ----a-w-        c:\windows\IsUninst.exe

2011-02-22 15:12 . 2011-02-22 15:12        --------        d-----w-        c:\program files\Microsoft SQL Server

2011-02-22 15:12 . 2011-02-22 15:34        --------        d-----w-        c:\users\Rose\AppData\Roaming\Sony

2011-02-22 15:11 . 2011-02-22 15:11        --------        d-----w-        c:\program files\Vstplugins

2011-02-22 15:11 . 2011-02-22 15:12        --------        d-----w-        c:\programdata\Sony

2011-02-22 15:11 . 2011-02-22 15:11        --------        d-----w-        c:\program files\Sony

2011-02-22 15:10 . 2011-02-22 15:10        --------        d-----w-        c:\program files\Sony Setup

2011-02-21 21:21 . 2011-03-01 19:12        0        ----a-w-        c:\users\Rose\AppData\Local\Ggavul.bin

2011-02-21 20:43 . 2011-02-21 20:43        --------        d-----w-        c:\users\Rose\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files

2011-02-19 09:06 . 2011-03-12 10:42        --------        d-----w-        c:\programdata\Apple

2011-02-19 09:06 . 2011-02-19 09:06        --------        d-----w-        c:\program files\Logitech Touch Mouse Server

2011-02-18 19:51 . 2011-02-18 19:53        --------        d-----w-        c:\program files\ControlMK

2011-02-18 19:49 . 2011-03-10 04:53        --------        d-----w-        c:\program files\AutoHotkey

2011-02-18 15:59 . 2011-02-18 15:59        --------        d-----w-        c:\users\Rose\AppData\Roaming\NVIDIA

2011-02-18 15:36 . 2011-02-18 15:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys

2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll

2011-02-17 21:06 . 2011-02-17 21:09        --------        d-----w-        c:\programdata\PopCap Games

2011-02-15 17:51 . 2011-02-15 17:52        --------        d-----w-        c:\users\Rose\AppData\Roaming\vlc

2011-02-15 17:50 . 2011-02-15 17:50        --------        d-----w-        c:\program files\VideoLAN

2011-02-14 16:08 . 2011-02-14 16:08        --------        d-----w-        c:\programdata\Codemasters

2011-02-14 15:55 . 2008-04-28 14:53        805400        ----a-r-        c:\windows\system32\tmpE9F2.tmp

2011-02-14 15:54 . 2008-04-28 14:53        805400        ----a-r-        c:\windows\system32\tmpE993.tmp

2011-02-14 15:37 . 2011-02-14 15:37        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2011-02-14 15:35 . 2011-02-14 15:37        --------        d-----w-        c:\program files\DAEMON Tools Pro

2011-02-14 15:34 . 2011-02-14 15:42        --------        d-----w-        c:\users\Rose\AppData\Roaming\DAEMON Tools Pro

2011-02-14 15:34 . 2011-02-14 15:34        --------        d-----w-        c:\programdata\DAEMON Tools Pro

2011-02-13 21:01 . 2011-02-13 21:01        --------        d-----w-        c:\users\Rose\AppData\Local\FalloutNV

2011-02-13 02:48 . 2011-03-09 19:16        --------        d-----w-        c:\users\Rose\AppData\Roaming\kikin

2011-02-13 02:48 . 2011-02-13 17:11        --------        d-----w-        c:\program files\kikin

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-13 19:31 . 2011-01-21 17:04        138160        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys

2011-03-13 19:31 . 2011-01-23 11:18        271200        ----a-w-        c:\windows\system32\PnkBstrB.xtr

2011-03-13 19:31 . 2011-01-21 17:04        271200        ----a-w-        c:\windows\system32\PnkBstrB.exe

2011-03-13 19:31 . 2011-01-21 17:04        103736        ----a-w-        c:\windows\system32\PnkBstrB.ex0

2011-03-13 16:52 . 2011-01-21 17:04        75136        ----a-w-        c:\windows\system32\PnkBstrA.exe

2011-03-13 16:00 . 2011-01-21 17:04        22328        ----a-w-        c:\users\Rose\AppData\Roaming\PnkBstrK.sys

2011-03-12 11:42 . 2009-08-18 10:30        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2011-03-12 11:41 . 2009-08-18 10:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-10 16:58 . 2011-03-10 16:58        797266        ----a-w-        c:\windows\system32\qtcore4.zip

2011-02-14 15:55 . 2011-02-09 22:56        444952        ----a-w-        c:\windows\system32\wrap_oal.dll

2011-02-09 22:56 . 2011-02-09 22:56        109080        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-02-03 05:45 . 2011-02-09 21:10        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys

2011-02-02 16:11 . 2011-01-21 16:16        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-01-27 19:18 . 2011-01-27 19:18        143827        ------w-        c:\users\Rose\AppData\Roaming\Microsoft\Installer\{ECF8D4B4-FADB-492E-A79A-5BCEA02DB95D}\NewShortcut1_0D8BB549999E4288839DD9DF4569C1EC.exe

2011-01-23 09:10 . 2011-01-23 09:10        107888        ----a-w-        c:\windows\system32\CmdLineExt.dll

2011-01-21 15:08 . 2011-01-21 15:09        411368        ----a-w-        c:\windows\system32\deploytk.dll

2011-01-08 03:27 . 2011-01-21 16:17        941160        ----a-w-        c:\windows\system32\nvdispco322090.dll

2011-01-08 03:27 . 2011-01-21 16:17        837736        ----a-w-        c:\windows\system32\nvgenco322040.dll

2011-01-08 03:27 . 2011-01-21 16:17        57960        ----a-w-        c:\windows\system32\OpenCL.dll

2011-01-08 03:27 . 2011-01-21 16:17        4941928        ----a-w-        c:\windows\system32\nvcuda.dll

2011-01-08 03:27 . 2011-01-21 16:17        2895976        ----a-w-        c:\windows\system32\nvcuvid.dll

2011-01-08 03:27 . 2011-01-21 16:17        2251368        ----a-w-        c:\windows\system32\nvcuvenc.dll

2011-01-08 03:27 . 2011-01-21 16:17        1965672        ----a-w-        c:\windows\system32\nvapi.dll

2011-01-08 03:27 . 2011-01-21 16:17        15047272        ----a-w-        c:\windows\system32\nvoglv32.dll

2011-01-08 03:27 . 2011-01-21 16:17        13011560        ----a-w-        c:\windows\system32\nvcompiler.dll

2011-01-08 03:27 . 2011-01-21 16:17        10920        ----a-w-        c:\windows\system32\drivers\nvBridge.kmd

2011-01-08 03:27 . 2011-01-21 16:17        10467656        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2011-01-08 03:27 . 2011-01-21 16:17        10078312        ----a-w-        c:\windows\system32\nvd3dum.dll

2011-01-08 03:27 . 2009-07-13 22:09        5653096        ----a-w-        c:\windows\system32\nvwgf2um.dll

2011-01-07 20:06 . 2011-01-07 20:06        580200        ----a-w-        c:\windows\system32\easyUpdatusAPIU.dll

2011-01-07 20:06 . 2011-01-07 20:06        3597416        ----a-w-        c:\windows\system32\nvcpl.dll

2011-01-07 20:06 . 2011-01-07 20:06        2620520        ----a-w-        c:\windows\system32\nvsvc.dll

2011-01-07 20:06 . 2011-01-07 20:06        66664        ----a-w-        c:\windows\system32\nvshext.dll

2011-01-07 20:06 . 2011-01-07 20:06        608872        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-01-07 20:06 . 2011-01-07 20:06        2558568        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-01-07 20:06 . 2011-01-07 20:06        111208        ----a-w-        c:\windows\system32\nvmctray.dll

2011-01-07 07:27 . 2011-02-09 21:10        34304        ----a-w-        c:\windows\system32\atmlib.dll

2011-01-07 05:33 . 2011-02-09 21:10        294400        ----a-w-        c:\windows\system32\atmfd.dll

2011-01-05 05:37 . 2011-02-09 21:10        428032        ----a-w-        c:\windows\system32\vbscript.dll

2011-01-05 03:37 . 2011-02-09 21:10        2329088        ----a-w-        c:\windows\system32\win32k.sys

2010-12-21 05:38 . 2011-02-09 21:10        73728        ----a-w-        c:\windows\system32\wscsvc.dll

2010-12-21 05:38 . 2011-02-09 21:10        51200        ----a-w-        c:\windows\system32\wscapi.dll

2010-12-21 05:38 . 2011-02-09 21:10        981504        ----a-w-        c:\windows\system32\wininet.dll

2010-12-21 05:38 . 2011-02-09 21:10        350720        ----a-w-        c:\windows\system32\winhttp.dll

2010-12-21 05:38 . 2011-02-09 21:10        204800        ----a-w-        c:\windows\system32\WebClnt.dll

2010-12-21 05:38 . 2011-02-09 21:10        204288        ----a-w-        c:\windows\system32\upnp.dll

2010-12-21 05:38 . 2011-02-09 21:10        14336        ----a-w-        c:\windows\system32\slwga.dll

2010-12-21 05:36 . 2011-02-09 21:10        1389568        ----a-w-        c:\windows\system32\msxml6.dll

2010-12-21 05:36 . 2011-02-09 21:10        1236992        ----a-w-        c:\windows\system32\msxml3.dll

2010-12-21 05:34 . 2011-02-09 21:10        80384        ----a-w-        c:\windows\system32\davclnt.dll

2010-12-18 05:29 . 2011-02-09 21:10        44544        ----a-w-        c:\windows\system32\licmgr10.dll

2010-12-18 05:29 . 2011-02-09 21:10        541184        ----a-w-        c:\windows\system32\kerberos.dll

2010-12-18 04:20 . 2011-02-09 21:10        386048        ----a-w-        c:\windows\system32\html.iec

2010-12-18 03:47 . 2011-02-09 21:10        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2006-05-03 10:06        163328        --sha-r-        c:\windows\System32\flvDX.dll

2007-02-21 11:47        31232        --sha-r-        c:\windows\System32\msfDX.dll

2008-03-16 13:30        216064        --sha-r-        c:\windows\System32\nbDX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]

2010-11-23 19:51        919408        ------w-        c:\program files\kikin\ie_kikin.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="e:\program files\Steam\steam.exe" [2011-01-21 1242448]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kone"="c:\program files\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2011-01-21 233936]

.

c:\users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

awmytwhp.exe [2011-3-12 97130]

Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dienst-Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\rqumjtxy\awmytwhp.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 cpuz130;cpuz130;c:\users\Rose\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]

R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-03-12 16968]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-14 218688]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-02-18 1517376]

S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 21096]

S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 25448]

S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2008-12-11 13056]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2009-10-01 1515520]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-13 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

.

2011-03-13 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll

FF - ProfilePath - c:\users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\4rcx7dy9.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-Recycle.Bin.exe - c:\recycle.bin\Recycle.Bin.exe

HKLM-Run-CmUsbSound - cmcnfgu.cpl

HKLM-Run-Cm106Sound - cm106.cpl

HKU-Default-Run-Recycle.Bin.exe - c:\recycle.bin\Recycle.Bin.exe

AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe

AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-4115296889-1910713491-4077660259-1000\Software\SecuROM\License information*]

"datasecu"=hex:7b,a5,0c,c2,75,4e,05,33,cc,fb,22,0d,aa,58,d1,6e,7e,17,e1,6f,47,

   d8,5a,57,76,ec,4d,98,93,78,ff,48,d5,7d,b3,22,fd,4d,69,be,d8,54,a0,e5,0f,89,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\NvXDSync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

c:\program files\ASUS\EPU-4 Engine\FourEngine.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-03-14  22:06:19 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-03-14 21:06

.

Vor Suchlauf: 8 Verzeichnis(se), 11.270.381.568 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 11.198.812.160 Bytes frei

.

- - End Of File - - C629ED93803BEE95805D65AA3B2952D3

--- --- ---