Firefox leitet Google-Suchergebnisse um

**GHOSTblezzed** · 29.05.2011, 23:23

Hallo Leute,

ich bin jetzt ganz neu im Forum und brauche eure Hilfe, da es scheint, dass ihr echt Ahnung habt.

Folgende Probleme:

1. Wenn ich mit meinem "Firefox 4" Ergebnisse einer Google-Suche anklicke, dann werde ich auf eine Werbepage, auf Ask.com oder wieder auf meine Startseite weiter-/zurückleitet/redirected.
Selbiges passiert auch beim Internetexplorer 9.
Unten links steht, das Firefox auf Seiten wie "searchfate.com", "searchhap.*" oder "Searchlookin.com" wartet.
Als Test habe ich nachträglich "Google Chrome" installiert, um zu sehen ob dieses Problem auch bei einem neuinstallierten Browser auftritt, was aber nicht der Fall war.
Das lässt mich zu dem Schluss kommen, dass diese Malware (oder Hijacker) nur für FF und IE greift, oder aber keinen Einfluss auf neue Dateien hat.

2. Weiterer unangenehmer Nebeneffekt ist, dass meine Windows Firewall nicht mehr aktiv ist und sich nicht manuell einschalten lässt. (Spuckt nur "Einige Einstellungen können von der Windows-Firewall nicht geändert werden. Fehlercode 0x8007042c" aus)
Kann es sein, dass sie durch Anti-Spyware und Anti-Malware tools ausgebootet wird? (habe im Akt der Verzweiflung Ad-Aware, SUPERAntiSpyware, Malwarebytes Anti Malware und OTL auf mein System gebraten)

Hier mein HijackThis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:14:43, on 30.05.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
C:\Users\Sacknase-Klaus\Downloads\OTL.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sacknase-Klaus\Downloads\HiJackThis204.exe
C:\Users\Sacknase-Klaus\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [UIExec] "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sacknase-Klaus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Users\Sacknase-Klaus\Desktop\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12997 bytes

Ich danke im Voraus für eure Mühe.

Gruß
Ghost aka Malware und Hijacker-Hasser

**Swisstreasure** · 30.05.2011, 00:18

Willkommen im HijackThis.de Supportforum ,

ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden.
Bitte folgende Punkte beachten:

Respektiere unsere Forenregeln und sei nicht zu ungeduldig, wenn es mal etwas länger dauert.
Während der Bereinigung alle vorhandenen externen Speichermedien (USB Sticks, Festplatten) anschließen,
und keine Programme ohne Absprache installieren oder deinstallieren.
Programme ausschließlich von den in unserer Anleitung angegebenen Links herunterladen!
Logfiles in Code-Tags posten und ggfs. persönliche Daten anonymisieren.
Arbeite jeden Punkt der Reihe nach ab und berichte, dass Du ihn erledigt hast.
Wenn es ein Problem gibt, stoppen und es so genau wie möglich beschreiben.

Achtung: Das Verschwinden der Symptome bedeutet nicht das Dein Rechner schon sauber ist.
Bitte arbeite solange mit bis wir sagen, dass der Rechner sauber ist.
Nur Anleitungen/Anweisungen eines hier aufgeführten Team-Mitglieds ausführen.
Es gibt grundsätzlich keinen Support per PN oder Mail.
Wir bereinigen keine Rechner, die geschäftlich genutzt werden.
Der Besitz legaler Software ist Vorraussetzung für die Support.
Sollten wir illegale Software finden, wird der Support eingestellt.

Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

**GHOSTblezzed** · 30.05.2011, 09:02

Danke für die schnelle Antwort,

ich poste schonmal Schritt 1:

OTL.Txt

Code:

OTL logfile created on: 30.05.2011 09:42:18 - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Sacknase-Klaus\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,64% Memory free
7,99 Gb Paging File | 6,16 Gb Available in Paging File | 77,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 11,69 Gb Free Space | 8,12% Space Free | Partition Type: NTFS
Drive D: | 139,50 Gb Total Space | 33,49 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
 
Computer Name: SACKNASEKLAUS | User Name: Sacknase-Klaus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.29 22:45:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sacknase-Klaus\Downloads\OTL.exe
PRC - [2011.04.27 17:35:47 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.17 23:01:04 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.25 19:37:48 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.13 15:52:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2009.12.15 20:11:48 | 001,115,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.11.20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.09.05 16:16:54 | 003,452,928 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
PRC - [2009.09.05 16:16:52 | 003,622,912 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
PRC - [2009.09.05 16:16:48 | 004,245,504 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
PRC - [2009.09.05 16:16:40 | 003,407,360 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.29 18:52:56 | 000,454,704 | ---- | M] (Egis inc.) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.29 22:45:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sacknase-Klaus\Downloads\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 03:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009.07.14 03:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
MOD - [2009.07.14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.04 19:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010.08.26 14:40:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.08.19 18:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010.07.25 00:13:40 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.03 02:13:02 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV - [2011.04.27 17:35:47 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.17 23:01:04 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.25 19:37:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.15 19:46:05 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.09.04 17:53:31 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.08.26 14:45:00 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.26 14:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.07.25 00:13:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.09.05 16:16:54 | 003,452,928 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.03 02:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2008.08.19 15:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.11.29 14:27:29 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.02 12:34:35 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.02 12:34:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.07.25 16:02:25 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.29 20:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.10.29 20:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.10.29 20:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.10.29 20:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.10.19 05:32:40 | 000,511,232 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerAF35.sys -- (AVerAF35)
DRV:64bit: - [2009.09.15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.23 06:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2008.05.07 18:48:10 | 000,126,864 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008.05.02 10:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008.05.02 10:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008.05.02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2007.04.17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007.04.17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (6077757b)
DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.08.19 15:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 E9 50 5E 7E 7E CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.25 18:18:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.25 18:18:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.29 15:35:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.05.29 15:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sacknase-Klaus\AppData\Roaming\mozilla\Extensions
[2011.05.29 22:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sacknase-Klaus\AppData\Roaming\mozilla\Firefox\Profiles\79714rqi.default\extensions
[2011.05.29 15:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\SACKNASE-KLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\79714RQI.DEFAULT\EXTENSIONS\{C1970C0D-DBE6-4D91-804F-C9C0DE643A57}.XPI
() (No name found) -- C:\USERS\SACKNASE-KLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\79714RQI.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
() (No name found) -- C:\USERS\SACKNASE-KLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\79714RQI.DEFAULT\EXTENSIONS\REDIRECTCLEANER@EXAMPLE.NET.XPI
[2011.04.14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011.05.04 22:35:45 | 000,001,004 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70158ef3-82c7-11df-9afe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{70158ef3-82c7-11df-9afe-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{d1c86955-97f8-11df-a5c3-00a0d1a9b5a2}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c86955-97f8-11df-a5c3-00a0d1a9b5a2}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{d1c86955-97f8-11df-a5c3-00a0d1a9b5a2}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.29 22:58:51 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Neuer Ordner
[2011.05.29 22:52:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.29 15:57:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.05.29 15:57:06 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.05.29 15:48:15 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Local\Sunbelt Software
[2011.05.29 15:47:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011.05.29 15:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.05.29 15:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.05.29 14:07:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.05.29 12:55:00 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.05.29 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\SUPERAntiSpyware.com
[2011.05.29 12:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.05.29 12:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.05.29 12:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.05.29 12:53:11 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.05.29 05:19:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.29 05:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.29 05:19:50 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.29 04:21:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.29 04:21:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.29 02:14:19 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Malwarebytes
[2011.05.29 02:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.29 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.28 21:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2011.05.28 21:31:31 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\VA-Future_Trance_Vol.56-2CD-2011-VOiCE
[2011.05.28 21:17:18 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011.05.28 20:49:31 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Call Of Duty 4
[2011.05.28 18:48:55 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Local\NFS Underground 2
[2011.05.28 17:59:43 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\CD1
[2011.05.28 17:02:39 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Lan
[2011.05.27 18:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.05.22 21:39:33 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Beta
[2011.05.22 21:39:31 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\AppData\Roaming\.minecraft
[2011.05.21 02:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.05.21 01:02:17 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Serdar
[2011.05.12 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Sacknase-Klaus\Desktop\Rechnungen
[2011.05.12 17:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 2
[2011.05.12 17:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011.05.10 17:39:15 | 000,511,232 | ---- | C] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Windows\SysNative\drivers\AVerAF35.sys
[2011.05.10 17:39:15 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache
[2011.05.10 17:36:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVerMedia
[2011.05.08 21:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2011.05.06 15:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.04 22:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.05.04 22:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.30 09:42:26 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.30 09:13:05 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.30 09:13:05 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.30 09:12:52 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.30 09:12:52 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.30 09:12:52 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.30 09:12:52 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.30 09:12:52 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.30 09:12:13 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.05.30 09:08:59 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011.05.30 09:08:57 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2011.05.30 09:08:34 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2011.05.30 09:08:27 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.30 09:07:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.30 09:07:54 | 3218,841,600 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.29 23:58:00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000UA.job
[2011.05.29 16:09:57 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.05.29 16:09:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.05.29 16:02:18 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.29 16:02:18 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.05.29 15:57:05 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.05.29 15:35:24 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.29 13:05:16 | 000,002,366 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Google Chrome.lnk
[2011.05.29 12:57:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000Core.job
[2011.05.29 12:53:22 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.29 05:19:55 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.27 18:33:02 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.05.22 21:39:33 | 000,001,053 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Start Minecraft.lnk
[2011.05.21 02:26:27 | 000,001,561 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Crysis 2.lnk
[2011.05.17 16:42:45 | 001,375,888 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Ringtone.mp3
[2011.05.13 15:21:58 | 000,000,622 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Mass Effect 2.lnk
[2011.05.10 18:13:44 | 003,033,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.05.08 22:04:19 | 000,002,277 | ---- | M] () -- C:\Users\Sacknase-Klaus\Desktop\Far Cry COOP.lnk
[2011.05.08 21:56:12 | 000,001,253 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2011.05.04 22:35:45 | 000,001,004 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.05.04 22:29:02 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.04.30 14:46:06 | 001,435,671 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0043.jpg
[2011.04.30 14:45:37 | 001,087,983 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0044.jpg
[2011.04.30 14:45:21 | 000,914,554 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0037.jpg
[2011.04.30 14:43:54 | 004,576,548 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0010.3gp
[2011.04.30 14:43:23 | 003,576,047 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0008.3gp
[2011.04.30 14:42:59 | 000,939,404 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0027.jpg
[2011.04.30 14:41:12 | 026,569,189 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0007.3gp
[2011.04.30 14:38:14 | 007,060,236 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0006.3gp
[2011.04.30 14:37:27 | 015,799,345 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0005.3gp
[2011.04.30 14:35:04 | 026,405,190 | ---- | M] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0004.3gp
[2011.04.30 12:14:52 | 000,000,032 | -H-- | M] () -- C:\Users\Sacknase-Klaus\Documents\.picasa.ini
 
========== Files Created - No Company Name ==========
 
[2011.05.30 09:08:34 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011.05.29 23:21:31 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.05.29 16:02:18 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.29 16:02:18 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.05.29 16:00:25 | 000,001,443 | ---- | C] () -- C:\Users\Sacknase-Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.05.29 16:00:25 | 000,001,409 | ---- | C] () -- C:\Users\Sacknase-Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.05.29 15:35:24 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.29 15:35:24 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.29 12:55:04 | 000,002,366 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Google Chrome.lnk
[2011.05.29 12:53:22 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.29 12:53:00 | 000,001,156 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000UA.job
[2011.05.29 12:52:59 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000Core.job
[2011.05.29 05:19:55 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.27 18:33:02 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.05.22 21:39:33 | 000,001,053 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Start Minecraft Beta.lnk
[2011.05.21 02:26:27 | 000,001,561 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Crysis 2.lnk
[2011.05.17 16:42:22 | 001,375,888 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Ringtone.mp3
[2011.05.13 15:21:58 | 000,000,622 | ---- | C] () -- C:\Users\Sacknase-Klaus\Desktop\Mass Effect 2.lnk
[2011.05.08 21:56:12 | 000,001,253 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2011.05.04 22:29:02 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.04.30 14:45:55 | 001,435,671 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0043.jpg
[2011.04.30 14:45:30 | 001,087,983 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0044.jpg
[2011.04.30 14:45:15 | 000,914,554 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0037.jpg
[2011.04.30 14:43:23 | 004,576,548 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0010.3gp
[2011.04.30 14:42:59 | 003,576,047 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0008.3gp
[2011.04.30 14:42:52 | 000,939,404 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\IMAG0027.jpg
[2011.04.30 14:38:14 | 026,569,189 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0007.3gp
[2011.04.30 14:37:27 | 007,060,236 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0006.3gp
[2011.04.30 14:35:42 | 015,799,345 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0005.3gp
[2011.04.30 14:32:13 | 026,405,190 | ---- | C] () -- C:\Users\Sacknase-Klaus\Documents\VIDEO0004.3gp
[2011.04.30 12:14:52 | 000,000,032 | -H-- | C] () -- C:\Users\Sacknase-Klaus\Documents\.picasa.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.29 19:20:35 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2011.03.29 19:20:35 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.02.13 01:32:35 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.02.13 01:32:35 | 000,000,088 | RHS- | C] () -- C:\ProgramData\45F7D358B4.sys
[2011.02.13 00:23:09 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.01.03 17:29:33 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.03 17:29:33 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.03 17:29:31 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.03 17:29:31 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.03 17:29:31 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.11.18 11:09:56 | 000,002,385 | ---- | C] () -- C:\Windows\SysWow64\RDDlg.dat
[2010.06.30 14:53:08 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.06.30 14:52:44 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.06.28 16:33:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.06.28 16:33:32 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.06.28 16:33:32 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.06.28 16:33:32 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.06.28 16:21:26 | 000,000,520 | ---- | C] () -- C:\Windows\SysWow64\drivers\RTEQEX1.dat
[2010.06.28 16:21:26 | 000,000,520 | ---- | C] () -- C:\Windows\SysWow64\drivers\RTEQEX0.dat
[2010.06.28 16:21:26 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\rtkhdaud.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.09.11 20:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\INT15.dll
[2008.09.09 17:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\INT15_64.dll
[2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll
 
========== LOP Check ==========
 
[2011.05.22 21:40:30 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\.minecraft
[2010.07.17 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\bizarre creations
[2010.07.26 20:07:36 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\DAEMON Tools Lite
[2011.01.07 16:26:04 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\DVDVideoSoft
[2010.10.28 20:38:33 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.25 13:47:13 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\FreeFLVConverter
[2011.04.09 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\HTC
[2011.04.09 21:43:57 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.05.29 20:39:49 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\ICQ
[2010.12.29 01:40:48 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\NetMeter
[2010.06.29 18:12:58 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\OCS
[2010.06.29 18:13:02 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Opera
[2011.04.02 22:53:09 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\PunkBuster
[2010.09.04 17:47:01 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\TuneUp Software
[2010.12.02 19:27:55 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Ubisoft
[2010.06.28 17:12:53 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\Validity
[2011.05.17 16:42:52 | 000,000,000 | ---D | M] -- C:\Users\Sacknase-Klaus\AppData\Roaming\WaveMax Sound Editor
[2011.05.30 09:12:13 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.05.30 09:08:59 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011.05.30 09:08:57 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2011.05.29 23:21:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2011.05.30 09:07:53 | 000,001,641 | ---- | M] () -- C:\aaw7boot.log
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.06.28 15:44:07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011.05.29 04:55:08 | 000,026,318 | ---- | M] () -- C:\ComboFix.txt
[2010.11.24 14:12:30 | 000,000,000 | ---- | M] () -- C:\Diagnostics.txt
[2010.06.28 15:05:06 | 000,296,731 | RHS- | M] () -- C:\FULIM
[2011.05.30 09:07:54 | 3218,841,600 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.29 22:59:19 | 000,054,473 | ---- | M] () -- C:\JavaRa.log
[2010.06.23 19:25:01 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2006.12.01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010.09.07 07:11:03 | 000,000,557 | ---- | M] () -- C:\NetworkCfg.xml
[2011.05.30 09:07:54 | 4291,788,800 | -HS- | M] () -- C:\pagefile.sys
[2010.06.23 19:18:46 | 000,000,058 | ---- | M] () -- C:\Partition.txt
[2001.01.08 16:21:16 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2011.02.18 21:05:59 | 000,049,873 | ---- | M] () -- C:\temp.jpg
[2010.06.28 14:59:47 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[2010.06.28 15:05:06 | 000,000,020 | RHS- | M] () -- C:\win7.ld
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
[2010.08.29 14:12:10 | 000,035,229 | ---- | M] () -- C:\Windows\SysWOW64\bottom_bg.jpg
[2010.09.07 12:53:22 | 000,014,755 | ---- | M] () -- C:\Windows\SysWOW64\top_bg.jpg
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2011.05.30 00:33:12 | 000,000,000 | R--D | M](C:\Users\Sacknase-Klaus\Desktop\?STUFF?) -- C:\Users\Sacknase-Klaus\Desktop\♫STUFF♫
[2011.05.30 00:31:40 | 000,000,000 | R--D | C](C:\Users\Sacknase-Klaus\Desktop\?STUFF?) -- C:\Users\Sacknase-Klaus\Desktop\♫STUFF♫
[2010.10.24 14:33:23 | 000,000,841 | ---- | M] ()(C:\Users\Sacknase-Klaus\Desktop\?Filme?.lnk) -- C:\Users\Sacknase-Klaus\Desktop\☆Filme☆.lnk
[2010.09.17 18:47:33 | 000,000,841 | ---- | C] ()(C:\Users\Sacknase-Klaus\Desktop\?Filme?.lnk) -- C:\Users\Sacknase-Klaus\Desktop\☆Filme☆.lnk

< End of report >

Eine Extra.txt spuckt OTL leider nicht aus.

Bei GMER lassen sich die die Punkte System, Sections, Devices, Modules, Processes, Libraries nicht anklicken.
Aber mit GMER Scans warte ich noch, bis du weitere Anweisungen bezüglich Schritt 1 hast.

**Swisstreasure** · 30.05.2011, 10:44

Hab übersehen, dass Du ein 64er System hast. Da funktioniert GMER nicht.

Downloade dir bitte GooredFix.exe auf Deinem Desktop.

Schliesse bitte alle laufenden Programme inklusive Browser.
Doppelklick auf die .exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Schließe nun den Firefox falls geöffnet
Bestätige die Frage mit Ja.
Klicke auf weiter.
Wenn der Scan beendet wurde, erstellt das Tool eine GooredLog.
Diese ist auch auf Deinem Desktop zu finden.

Poste mir bitte den Inhalt der GooredLog.txt

**GHOSTblezzed** · 30.05.2011, 11:21

So ich hab das ganze mit GooredFix durchgezogen.
Der einzige Unterschied zu deiner Anleitung ist, dass die Log-Datei GooredFix heißt.

Code:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:18 on 30/05/2011 (Sacknase-Klaus)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:35 29/05/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video" [16:18 25/02/2011]
"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa" [16:18 25/02/2011]

-=E.O.F=-

**Swisstreasure** · 30.05.2011, 17:20

Sind die Umleitungen weg?

**GHOSTblezzed** · 30.05.2011, 21:25

Nein immer noch nicht, wie gesagt, das passiert nur beim klicken auf Google-Suchergebnisse, Lesezeichen und Links funktionieren weiterhin...

Hast du noch eine Idee?

**Swisstreasure** · 01.06.2011, 19:40

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

**GHOSTblezzed** · 03.06.2011, 13:02

Danke, dass du dich wieder meinem Problem angenommen hast!
Das sagt ComboFix:

Code:

ComboFix 11-06-02.02 - Sacknase-Klaus 03.06.2011   1:34.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.4093.2653 [GMT 2:00]
ausgeführt von:: c:\users\Sacknase-Klaus\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll
c:\program files (x86)\Search Settings
c:\program files (x86)\Search Settings\FF\chrome.manifest
c:\program files (x86)\Search Settings\FF\chrome\content\plugin.js
c:\program files (x86)\Search Settings\FF\chrome\content\protection.js
c:\program files (x86)\Search Settings\FF\chrome\content\utils.js
c:\program files (x86)\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files (x86)\Search Settings\SearchSettings.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-03 bis 2011-06-03  ))))))))))))))))))))))))))))))
.
.
2011-06-02 23:57 . 2011-06-02 23:57	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-06-02 23:57 . 2011-06-02 23:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-01 08:32 . 2011-05-09 22:00	8718160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E9400BF-50CA-4434-B349-07ECA43398F7}\mpengine.dll
2011-05-31 11:51 . 2011-05-31 11:51	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-05-30 07:08 . 2011-06-02 23:59	78848	----a-w-	c:\windows\KMSEmulator.exe
2011-05-29 13:57 . 2011-05-30 07:13	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-05-29 13:57 . 2011-05-29 13:57	49752	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-05-29 13:48 . 2011-05-29 13:48	--------	d-----w-	c:\users\Sacknase-Klaus\AppData\Local\Sunbelt Software
2011-05-29 13:47 . 2011-05-30 07:13	--------	d-----w-	c:\programdata\Lavasoft
2011-05-29 10:53 . 2011-05-29 10:53	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-05-29 03:19 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 03:19 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-29 00:14 . 2011-05-29 00:14	--------	d-----w-	c:\users\Sacknase-Klaus\AppData\Roaming\Malwarebytes
2011-05-29 00:14 . 2011-05-29 00:14	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-29 00:14 . 2011-05-29 03:19	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-28 19:36 . 2011-05-28 19:36	--------	d-----w-	c:\program files (x86)\Activision
2011-05-28 19:17 . 2011-05-28 19:17	--------	d-sh--w-	c:\windows\ftpcache
2011-05-28 16:48 . 2011-05-28 17:00	--------	d-----w-	c:\users\Sacknase-Klaus\AppData\Local\NFS Underground 2
2011-05-27 15:34 . 2011-05-27 15:34	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 14:52 . 2011-04-22 20:18	27008	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-05-22 19:39 . 2011-05-22 19:40	--------	d-----w-	c:\users\Sacknase-Klaus\AppData\Roaming\.minecraft
2011-05-21 00:23 . 2011-05-21 00:23	--------	d-----w-	c:\programdata\EA Core
2011-05-12 16:53 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2011-05-12 16:53 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2011-05-12 15:35 . 2011-04-09 06:45	5509504	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-05-12 15:35 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 15:35 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-05-12 15:30 . 2011-05-12 16:25	--------	d-----w-	c:\program files (x86)\Common Files\BioWare
2011-05-12 15:30 . 2011-05-12 16:00	--------	d-----w-	c:\program files (x86)\Mass Effect 2
2011-05-10 15:39 . 2011-05-10 16:33	--------	d-----w-	c:\windows\Driver Cache
2011-05-10 15:39 . 2009-10-19 03:32	511232	----a-w-	c:\windows\system32\drivers\AVerAF35.sys
2011-05-10 15:36 . 2011-05-10 16:35	--------	d-----w-	c:\program files (x86)\Common Files\AVerMedia
2011-05-04 20:28 . 2011-05-04 20:29	--------	d-----w-	c:\program files (x86)\ICQ7.5
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-31 11:51 . 2010-10-19 18:46	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-04-30 06:17 . 2011-02-12 23:32	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2011-04-17 21:14 . 2010-06-30 12:52	234768	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-04-09 16:55 . 2011-04-09 16:55	15453336	----a-w-	c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55	13642904	----a-w-	c:\windows\SysWow64\xlivefnt.dll
2011-03-29 17:20 . 2011-03-29 17:20	647168	----a-w-	c:\windows\AutoKMS.exe
2011-03-15 17:51 . 2011-03-15 17:51	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-03-15 17:51 . 2011-03-15 17:51	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-03-15 17:51 . 2011-03-15 17:51	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-15 17:51 . 2011-03-15 17:51	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-15 17:51 . 2011-03-15 17:51	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-03-15 17:51 . 2011-03-15 17:51	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-03-15 17:51 . 2011-03-15 17:51	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-03-15 17:51 . 2011-03-15 17:51	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-03-15 17:51 . 2011-03-15 17:51	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-03-15 17:51 . 2011-03-15 17:51	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-03-15 17:51 . 2011-03-15 17:51	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-03-15 17:51 . 2011-03-15 17:51	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-03-15 17:51 . 2011-03-15 17:51	222208	----a-w-	c:\windows\system32\msls31.dll
2011-03-15 17:51 . 2011-03-15 17:51	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-03-15 17:51 . 2011-03-15 17:51	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-03-15 17:51 . 2011-03-15 17:51	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-03-15 17:51 . 2011-03-15 17:51	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-03-15 17:51 . 2011-03-15 17:51	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-03-15 17:51 . 2011-03-15 17:51	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-03-15 17:51 . 2011-03-15 17:51	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-03-15 17:51 . 2011-03-15 17:51	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-03-15 17:51 . 2011-03-15 17:51	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-03-15 17:51 . 2011-03-15 17:51	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-03-15 17:51 . 2011-03-15 17:51	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-03-15 17:51 . 2011-03-15 17:51	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-03-15 17:51 . 2011-03-15 17:51	2303488	----a-w-	c:\windows\system32\jscript9.dll
2011-03-15 17:51 . 2011-03-15 17:51	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-03-15 17:51 . 2011-03-15 17:51	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-03-15 17:51 . 2011-03-15 17:51	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-03-15 17:51 . 2011-03-15 17:51	12288	----a-w-	c:\windows\system32\mshta.exe
2011-03-15 17:51 . 2011-03-15 17:51	114176	----a-w-	c:\windows\system32\admparse.dll
2011-03-15 17:51 . 2011-03-15 17:51	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 17:51 . 2011-03-15 17:51	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-03-15 17:51 . 2011-03-15 17:51	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-03-15 17:51 . 2011-03-15 17:51	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-03-15 17:51 . 2011-03-15 17:51	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-03-15 17:51 . 2011-03-15 17:51	448512	----a-w-	c:\windows\system32\html.iec
2011-03-15 17:51 . 2011-03-15 17:51	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-03-15 17:51 . 2011-03-15 17:51	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-03-15 17:51 . 2011-03-15 17:51	160256	----a-w-	c:\windows\system32\wextract.exe
2011-03-15 17:51 . 2011-03-15 17:51	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-03-15 17:51 . 2011-03-15 17:51	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-03-12 12:03 . 2011-04-27 17:42	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-27 17:42	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-27 17:40	187264	----a-w-	c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-27 17:40	166272	----a-w-	c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-27 17:40	1657216	----a-w-	c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-27 17:40	148352	----a-w-	c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-27 17:40	410496	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-27 17:40	107904	----a-w-	c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-27 17:40	27008	----a-w-	c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-15 17:47	1395712	----a-w-	c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-15 17:47	1359872	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-11 06:18 . 2011-04-27 17:40	2566144	----a-w-	c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-27 17:40	96768	----a-w-	c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-15 17:47	1164288	----a-w-	c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-15 17:47	1137664	----a-w-	c:\windows\SysWow64\mfc42.dll
2011-03-11 05:39 . 2011-04-27 17:40	1686016	----a-w-	c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-27 17:40	74240	----a-w-	c:\windows\SysWow64\fsutil.exe
2011-03-08 06:14 . 2011-04-15 17:41	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 17:41	740864	----a-w-	c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-13 281768]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-12-15 1115728]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3622912]
"UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
.
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\users\Sacknase-Klaus\Desktop\Acer Arcade Deluxe\PlayMovie\000.fcl [x]
R2 CLHNService;CLHNService;c:\users\Sacknase-Klaus\Desktop\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-24 1038088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-09-05 3452928]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-08-26 1403200]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2010-09-30 253264]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-06-03 721712]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-03 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-03-29 17:20]
.
2011-06-03 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-03-29 17:20]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 10:32]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 10:32]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000Core.job
- c:\users\Sacknase-Klaus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 20:37]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3348480403-2323492961-213284728-1000UA.job
- c:\users\Sacknase-Klaus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 20:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:53	50736	----a-w-	c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF5834.cfxxe" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-09-23 486912]
"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sacknase-Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\79714rqi.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Sacknase-Klaus\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
AddRemove-{C1080852-065E-4991-9260-F3756E3CC182} - c:\users\Sacknase-Klaus\AppData\Local\{DE032019-B933-4DF4-9174-48C52613DA13}\CursorFX_setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\users\Sacknase-Klaus\Desktop\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
c:\program files (x86)\Acer Bio Protection\PwdBank.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-03  02:03:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-06-03 00:03
.
Vor Suchlauf: 7.917.744.128 Bytes frei
Nach Suchlauf: 7.802.646.528 Bytes frei
.
- - End Of File - - 029434A578FD8AFD8BF3D2D243201FA6

**Swisstreasure** · 03.06.2011, 14:27

Weiterer Support fraglich

Code:

C:\Windows\KMSEmulator.exe

Die Nutzung von Cracks, Keygens und/oder Patchs, die das Ziel haben, Bezahlsoftware ohne Bezahlung nutzbar zu machen, ist illegal und wir haben uns darauf geeinigt, dass wir uns nicht der Beihilfe schuldig machen werden. Dieses Forum unterliegt deutschen Gesetzen und die sind diesbezüglich sehr streng.

Dass Cracks und Keygens im Wesentlichen dazu dienen, um auf den Computern Malware und Backdoors unterzubringen, ist kein Geheimnis und muss jedem klar sein.

Du hast jetzt zwei Möglichkeiten: Entweder Du entfernst konsequent und rückstandlos jede Software, die auf diese Weise genutzt wird und verzichtest in Zukunft darauf, oder ich stelle den Support an dieser Stelle komplett ein.

Thema: Firefox leitet Google-Suchergebnisse um

Themen-Optionen

Firefox leitet Google-Suchergebnisse um

AW: Firefox leitet Google-Suchergebnisse um

AW: Firefox leitet Google-Suchergebnisse um

AW: Firefox leitet Google-Suchergebnisse um

AW: Firefox leitet Google-Suchergebnisse um

AW: Firefox leitet Google-Suchergebnisse um

AW: Firefox leitet Google-Suchergebnisse um

AW: Firefox leitet Google-Suchergebnisse um

AW: Firefox leitet Google-Suchergebnisse um

AW: Firefox leitet Google-Suchergebnisse um

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

Windows XP google suchergebnisse wereden umgeleidet

Windows 7 Google Suchergebnisse öffnen als attackierend gemeldete Websites (in Mozille Firefox)

Google Suchergebnisse verlinken falsch, z.B. Bahn.de > fonic, etc.

Firefox leitet google-Ergebnisse auf Ebay um

Google Suchergebnisse führen zu falschen Seiten

Berechtigungen