TR/Alureon.AD.33 entfernen

westkingsize · 17.08.2011, 23:00

Hey jungs ich habe mir diesen netten Trojaner eingefangen, wie werde ich den mist wieder los. Bitte alles ganz sachte erklären, ich bin nen noob im Punkto Computer, bitte um hilfe, dankt euch. Er hängt hier drin laut Anti Vir !!!
C:\Users\Matthias Hirtz\AppData\Local\Temp\CF57.tmp

cosinus · 17.08.2011, 23:50

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

westkingsize · 18.08.2011, 07:57

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.08.2011 08:50:10 - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\Matthias Hirtz\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 35,97% Memory free
3,69 Gb Paging File | 1,97 Gb Available in Paging File | 53,46% Paging File free
Paging file location(s): c:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 253,31 Gb Total Space | 134,56 Gb Free Space | 53,12% Space Free | Partition Type: NTFS
Drive D: | 10,60 Gb Total Space | 1,79 Gb Free Space | 16,85% Space Free | Partition Type: NTFS
Drive E: | 4,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 24,41 Gb Total Space | 5,85 Gb Free Space | 23,96% Space Free | Partition Type: NTFS
 
Computer Name: WESTKINGSIZE | User Name: Matthias Hirtz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7317EAD5-1DA3-46B6-B718-6DD5D213251F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{880387F0-8A6B-4FD5-95CD-F4D7123DBF1C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F36492-F066-475E-B8C8-DB33E64DB20A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1513542A-D491-4502-826B-A9AFFCF40886}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{1DED0C78-D0A4-43A7-B039-57C42AC30237}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{3911579F-FBC7-43CA-93DC-8BFE7482FE91}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{41E309EC-87B6-4672-B774-783A96490BC4}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{45E8A544-2837-4909-B387-E394E5059B41}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{53FA3E2E-7E87-4B64-A9DC-2EB0477541A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{55E5C8E9-319B-4C79-A525-D810AF7954E0}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{58E33D36-0586-4D53-A2E1-583CB0751682}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | 
"{5BF99752-D211-45BF-AA7F-6857F62E45A4}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{7CE3F4C9-4B8A-4A77-88DF-CDCF340817D6}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{8381A5A0-5381-4647-BDFF-F6B5DFEDE484}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{8B206744-BB90-4B17-B75B-9BFD1EEFD75E}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | 
"{8BCB5278-91EE-4EC0-B86F-CE3AEA8CC4A3}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{905A002B-1B54-41D3-9898-A91CFDA6736C}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | 
"{955A9894-C2A1-4B17-8D68-C8E9E126D296}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{9ABAAE03-93CA-430C-8757-E70A0E2F4756}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\westkingsize\counter-strike\hl.exe | 
"{A7F53953-08DC-4602-9AFE-E184621B5F1C}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\westkingsize\counter-strike\hl.exe | 
"{AB2FFAE8-1AAE-4CA9-802D-63CC0F88EE51}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{B8F959B8-D62F-4B02-8B4B-73F724AEA19D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{C77231FF-EF52-438F-9084-A803057B0B73}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{C8070827-401A-4734-A35C-B0E5C58647E2}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{D44A8611-09FD-4B92-A6CB-F819D14FFFB4}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{E5DC5246-6AD1-47AA-B11E-C7E7B306986F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{EA43B07A-1370-4FD3-A5E7-05A6E76B7199}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{F641317F-5EA8-4554-B859-6C05E1A2C7DC}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{F7BEC719-46DE-40B2-86AD-F0B75B1E3E69}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{FE4888D6-3757-4383-B83A-B1B146649CAD}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"TCP Query User{28E1B775-2DA9-4846-8531-349485E1604D}C:\users\matthias hirtz\downloads\torrenteasy-anstoss-megapack-torrent-helltorrent.exe" = protocol=6 | dir=in | app=c:\users\matthias hirtz\downloads\torrenteasy-anstoss-megapack-torrent-helltorrent.exe | 
"TCP Query User{51E92AE7-3DE0-4A55-A0BB-FBF579E28682}C:\program files\ea sports\fussball manager 11\manager11.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 11\manager11.exe | 
"TCP Query User{5587EEA5-841A-4B35-B62E-A401C922F23B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{686E289D-8E80-4E6E-932F-5BBD10A681A2}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{B70407D0-E79E-4B35-9FF4-C62859A66B45}C:\program files\codemasters\race driver 3\rd3.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\race driver 3\rd3.exe | 
"TCP Query User{CAD9A337-9A2F-4622-8A1B-1E5B0CF5A174}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3A300AA4-2BF0-4CE0-948C-C72EA9CECCB2}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{9AB6F4E2-946B-418E-A03C-8AC65EA35E3A}C:\program files\codemasters\race driver 3\rd3.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\race driver 3\rd3.exe | 
"UDP Query User{9F86E9D5-56C1-4AB4-B2A6-E68627616F72}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{A9049453-BA0D-46EE-A679-FD9EA5435DFC}C:\program files\ea sports\fussball manager 11\manager11.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 11\manager11.exe | 
"UDP Query User{D0252791-957D-46E0-9F3B-662BC7783DB3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{FD3822DD-5691-4041-BD03-F6F1E4D62BBC}C:\users\matthias hirtz\downloads\torrenteasy-anstoss-megapack-torrent-helltorrent.exe" = protocol=17 | dir=in | app=c:\users\matthias hirtz\downloads\torrenteasy-anstoss-megapack-torrent-helltorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{10625607-49AB-9833-5C14-7A8448DF72B9}" = CCC Help Thai
"{113B8272-A166-2AD6-72C2-3875A6ABC898}" = CCC Help Danish
"{124F4D9C-88A8-3567-B4F6-F14A93FEC286}" = ATI Catalyst Install Manager
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17100DBE-FE46-8406-004A-7AC89F55FD8E}" = Catalyst Control Center Localization Hungarian
"{194AAE30-07A0-8A8E-6D57-F74F87D7FF25}" = CCC Help Swedish
"{197CD960-99BE-4441-CF7F-313CD93EF4D6}" = ccc-utility
"{19A72689-2BC3-481C-C7EF-80C01BED9840}" = CCC Help French
"{1BD97CD7-36D8-92B3-358B-FCAE84FD4D06}" = Catalyst Control Center Localization Polish
"{1EB7431A-8D24-FF0F-899B-DB98D697D0B4}" = CCC Help Russian
"{1F0F48FA-A2D9-2E67-1142-911FCC6EF81B}" = Catalyst Control Center Localization Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23F02282-326B-6E94-BE75-D0C56D23664C}" = Catalyst Control Center Graphics Previews Vista
"{24AEFB83-6524-F9BF-87D2-497815F52776}" = Catalyst Control Center Localization French
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33642F88-C55E-DB5A-E0C2-BB5DAAF88BA1}" = CCC Help Czech
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 J1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D0656EB-6025-4140-F927-4A6181929EE8}" = CCC Help Chinese Standard
"{3F292A3D-C442-7617-CD33-9F25A367B66D}" = CCC Help Norwegian
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{44B3144B-7F9E-08A7-D036-F428FAA4D9FC}" = Catalyst Control Center Localization German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C98FA78-74C6-3B2A-2E26-5614BAA966DF}" = Catalyst Control Center Localization Japanese
"{4EE39357-28E8-B98E-222B-3A0B37212479}" = Catalyst Control Center Localization Korean
"{520BD7A6-049C-0326-136B-55B6E3F1B65E}" = ccc-core-static
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{558FF444-F562-4E4C-98BD-7B20EE184D2E}" = Catalyst Control Center - Branding
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5CD7F533-CAA0-8032-72CC-C4E430D89636}" = Catalyst Control Center Localization Dutch
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6124B018-CC50-1253-40E9-8B7C480BE6CA}" = Catalyst Control Center Localization Swedish
"{65AEB203-D3AA-6B95-1251-7B992C151C1F}" = Catalyst Control Center InstallProxy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6DF4D311-7CCC-921E-F900-210F4001C51F}" = Catalyst Control Center Graphics Full New
"{6E75B1E2-20B5-141D-9BBB-3A162497058A}" = Catalyst Control Center Localization Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{721AB151-49D8-6B8A-58AA-41794C12DF8F}" = Catalyst Control Center Localization Italian
"{722C3386-5CF1-568E-C4E2-FA769211B6A5}" = Catalyst Control Center Localization Portuguese
"{72F34D45-2D93-7796-AC33-D69CF4609877}" = CCC Help German
"{742E583B-CAD2-4951-12B5-D3B7D43F97FE}" = Catalyst Control Center Graphics Full Existing
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DBBD829-0213-AF7F-4629-929526688A13}" = CCC Help Hungarian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F3CB0B5-7EAB-A329-DDE2-967434674372}" = Catalyst Control Center Localization Thai
"{800AF3F8-6EF4-1450-4019-560A1DBE2EB8}" = CCC Help Korean
"{835EF760-ECF1-F3E7-EDED-7FFE3B4A9A64}" = CCC Help Spanish
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A64A2F3-112C-3525-4105-B3957A06AF6D}" = CCC Help Japanese
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C9F6AE5-7D9A-A204-1ABB-288FF557B07B}" = CCC Help English
"{8D2F808C-FAE0-9157-B743-CA56915E779D}" = Catalyst Control Center Localization Finnish
"{8EE3AC5A-EAF2-3F97-E4AE-41CF7076167F}" = Catalyst Control Center Core Implementation
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{921FD450-1597-5877-DF99-DA716FD7BB47}" = CCC Help Polish
"{92896CBF-A7F3-D2C7-1FD3-F076517B5B26}" = Catalyst Control Center Localization Chinese Standard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FEAF09B-D681-BFBE-9828-C4060CAC69A9}" = Catalyst Control Center Localization Czech
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A9338536-8392-D629-59A4-1FDAFD40FFE2}" = Catalyst Control Center Localization Danish
"{A9507869-1480-0EB0-DB52-A07EA70B8FEE}" = Skins
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEE4A283-159C-4665-EC8B-0F2FEB8B0D80}" = CCC Help Finnish
"{AF060E7D-61CB-D0FF-04C2-AB260BE4F8FF}" = Catalyst Control Center Localization Chinese Traditional
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BFB5E224-F628-0C98-5C7D-D18A29A9F242}" = CCC Help Greek
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C854C8FB-1FCB-A568-7490-E30DE7333AD2}" = CCC Help Italian
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9D4BAE0-2D2C-DB30-74C3-FD581D0805CB}" = Catalyst Control Center Localization Russian
"{CA3486D9-6582-C0D9-F711-A7595057AA7C}" = Catalyst Control Center Graphics Light
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CCFA25CD-4733-8D13-0F1A-4121B4709050}" = Catalyst Control Center Localization Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D18BA5EC-1815-45DF-C772-EBA2BBAC1499}" = Catalyst Control Center Localization Spanish
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8BB0945-B990-47DC-BFE3-3FDE1E165B30}" = HP MediaSmart SmartMenu
"{D8E1D6F6-C4D7-B265-3047-77477CF137AE}" = CCC Help Chinese Traditional
"{DA7C1A1F-77ED-BC99-FD81-129B7AAAC232}" = CCC Help Portuguese
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DD522BFA-87D7-A1F8-2B11-A3710BC6A550}" = CCC Help Dutch
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ECC56D1F-697F-D24A-F3F7-98A4F354CE2B}" = Catalyst Control Center Graphics Previews Common
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F91D6DC5-FB79-A8EB-1477-F059590F6842}" = CCC Help Turkish
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ANSTOSS 2" = ANSTOSS 2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"GameSpy Arcade" = GameSpy Arcade
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IncrediMail" = IncrediMail 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.3.8
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.0
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2011 09:50:16 | Computer Name = Westkingsize | Source = EventSystem | ID = 4621
Description = 
 
Error - 12.08.2011 09:51:55 | Computer Name = Westkingsize | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.08.2011 10:06:27 | Computer Name = Westkingsize | Source = VSS | ID = 8194
Description = 
 
Error - 12.08.2011 10:07:14 | Computer Name = Westkingsize | Source = System Restore | ID = 8193
Description = 
 
Error - 12.08.2011 11:17:24 | Computer Name = Westkingsize | Source = Application Hang | ID = 1002
Description = Programm Manager09Patch1.exe, Version 1.0.0.0 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: e8c  Anfangszeit: 01cc5902b46a0f0b  Zeitpunkt
 der Beendigung: 9
 
Error - 12.08.2011 17:08:05 | Computer Name = Westkingsize | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.08.2011 17:11:57 | Computer Name = Westkingsize | Source = EventSystem | ID = 4621
Description = 
 
Error - 12.08.2011 17:14:28 | Computer Name = Westkingsize | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2011 08:02:28 | Computer Name = Westkingsize | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2011 14:14:54 | Computer Name = Westkingsize | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 17.08.2011 15:27:52 | Computer Name = Westkingsize | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0350)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.08.2011 15:27:52 | Computer Name = Westkingsize | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0450)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.08.2011 15:42:11 | Computer Name = Westkingsize | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 17.08.2011 15:42:22 | Computer Name = Westkingsize | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 17.08.2011 15:43:44 | Computer Name = Westkingsize | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.08.2011 15:45:00 | Computer Name = Westkingsize | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x8050a001     Fehlerbeschreibung: Das Programm kann keine
 Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
 Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
 unter "Hilfe und Support".      Ladende Signaturen: %%825     Ladene Signaturversion: 1.109.1657.0

	Ladende
 Modulversion: 1.1.7104.0
 
Error - 17.08.2011 15:47:18 | Computer Name = Westkingsize | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0150)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.08.2011 15:47:18 | Computer Name = Westkingsize | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0250)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.08.2011 15:47:18 | Computer Name = Westkingsize | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0350)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.08.2011 15:47:18 | Computer Name = Westkingsize | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0450)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >

--- --- ---

westkingsize · 18.08.2011, 07:57

so ich hoffe ihr könnt mir weiter helfen

cosinus · 18.08.2011, 11:23

Log von Malwarebytes fehlt aber

westkingsize · 18.08.2011, 13:09

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7492

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

18.08.2011 08:49:14
mbam-log-2011-08-18 (08-49-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 435694
Laufzeit: 4 Stunde(n), 1 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 22

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\UBC5AB1IDP (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\$RECYCLE.BIN\s-1-5-21-3228396418-3096848387-3348045005-1000\$RT3SPIE\mt-experience.exe (Trojan.AVKiller.Gen) -> Quarantined and deleted successfully.
c:\program files\MegaDev\md-trainers\MT-X\mt-experience.exe (Trojan.AVKiller.Gen) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\D822.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\DCFE.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\1126.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\62EC.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\CF57.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\F77E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\6DE3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\78BF.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\96E5.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\9E08.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\A0A8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\45E9.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\5E4A.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\2DFA.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\E69.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\E8A2.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\AppData\Local\Temp\EA1.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\matthias hirtz\downloads\installer_powerdvd_9_1719_deutsch_deutsch.exe (PUP.SmsPay.pns) -> Not selected for removal.
c:\Users\matthias hirtz\downloads\everest poker.exe (PUP.Casino) -> Not selected for removal.
c:\Users\matthias hirtz\AppData\Local\Temp\0.9044742428398461.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

cosinus · 19.08.2011, 12:51

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

18.08.2011, 11:23	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Alureon.AD.33 entfernen Log von Malwarebytes fehlt aber __________________ Logfiles bitte immer in CODE-Tags posten

TR/Alureon.AD.33 entfernen

Plagegeister aller Art und deren Bekämpfung: TR/Alureon.AD.33 entfernen