50 Euro Virus - Ihr System wurde blockiert...

Steve2000 · 15.02.2012, 20:32

Hallo

Kann mich als weiteres Opfer dieses Trojaners einreihen und bin unendlich dankbar, wenn ihr mir helfen könnt.
Habe mich im Forum schlau gemacht und soweit vorgearbeitet (ab da wirds ja individuell wenn ich das richtig einschätze):
Windows im sicheren Modus mit Netzwerktreibern gestartet, OTL runtergeladen und mit dem im Forum vorgegebenen Text im Fenster benutzerdefinierte Scans laufen lassen.
Leider wird aber nach Scan-Ende bei mir nur eine OTL.txt Datei generiert, keine Extras. Und die OTL gibts auch nicht auf Anhieb. Beim ersten Mal kommte eine Meldung "OTL.txt nicht gefunden, neue generieren?" (und es zeigt eine leeres Textfile). Ab dem 2. Scan klappts dann. Da die Datei als Textfile zu gross ist zum raufladen (wollte testen ob ich das hinkrieg), hab ich sie gepackt. Wenn ich sie an die Nachricht anhängen will wird das zipfile aber gar nicht erst angezeigt, obwohl es vorhanden ist... Es ist offensichtlich, dass ich nicht viel von der Materie versteh...Deshalb Millionen Dank im voraus für eure Hilfe!

markusg · 15.02.2012, 20:35

hi, dann kopiere den inhalt einfach mal hier rein :-)
evtl. aufteilen.

Steve2000 · 15.02.2012, 20:40

Hui - das ging ja fix

Also, hier ist der Inhalt der OTL.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.02.2012 18:47:53 - Run 6
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Windows\system32\config\systemprofile\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 10,47 Gb Available Physical Memory | 87,29% Memory free
23,98 Gb Paging File | 22,85 Gb Available in Paging File | 95,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922,90 Gb Total Space | 563,81 Gb Free Space | 61,09% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 593,94 Gb Free Space | 63,76% Space Free | Partition Type: NTFS
 
Computer Name: STEVIE-PC | User Name: Stevie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.14 18:26:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Windows\SysWOW64\config\systemprofile\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.19 19:01:06 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.11.23 16:37:20 | 009,688,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)
SRV:64bit: - [2011.10.18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011.10.18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.06.23 14:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010.11.30 12:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.05.04 13:53:56 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.04 11:49:50 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2011.08.18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE -- (SftService)
SRV - [2011.02.22 21:52:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- D:\3dApplications\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV - [2011.02.03 16:47:46 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.01.07 13:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.12.31 08:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.11.19 05:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010.11.16 12:15:11 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.26 18:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.10.27 14:56:14 | 000,117,608 | ---- | M] (Broadcom Corp.) [Auto | Stopped] -- C:\Programme\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV - [2009.07.16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011.10.15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.10.15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.06.26 01:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2011.06.26 01:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.17 08:09:58 | 000,334,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010.12.31 08:36:44 | 000,074,824 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2010.12.31 08:36:42 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010.12.31 08:36:40 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010.12.24 19:19:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.12.24 19:19:46 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.12.16 07:46:10 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2010.12.10 12:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.21 11:40:51 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.11.16 11:51:40 | 000,019,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2010.08.25 17:16:04 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.06.29 09:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010.03.23 00:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.10.16 12:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.07.30 03:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009.07.30 03:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009.07.30 03:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.07 00:39:46 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.07 00:39:44 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.07 00:39:44 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.07 00:39:42 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006.11.01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011.07.16 14:59:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.07.29 15:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011.12.23 09:11:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.07 15:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 18:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.29 15:18:46 | 000,000,000 | ---D | M]
 
[2011.11.11 17:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.13 18:33:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 18:33:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 18:33:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 18:33:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 18:33:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 18:33:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 18:33:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.01 17:39:39 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20111222220011.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111222220011.dll (McAfee, Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE4A611-3772-4292-BEB0-269F25766C60}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.10 13:47:46 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.15 01:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.02.14 18:26:21 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2012.02.14 00:04:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2012.02.12 13:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Havok
[2012.02.08 19:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
[2012.01.29 15:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Ironclad Games
[2012.01.28 23:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2012.01.23 18:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2012.01.23 18:36:39 | 000,000,000 | ---D | C] -- C:\0SaveMySQL
[2012.01.23 18:36:39 | 000,000,000 | ---D | C] -- \0SaveMySQL
[2012.01.22 16:57:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.22 16:57:34 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2011.09.25 16:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2010.02.03 20:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2009.11.19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\adlmint_libFNP.dll
[2009.11.19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\adlmint.dll
[2008.03.16 22:22:39 | 000,166,400 | ---- | C] ( AllAlex, Inc) -- C:\Program Files (x86)\interface_rtmp.exe
[2008.03.16 22:21:08 | 000,211,968 | ---- | C] ( AllAlex, Inc) -- C:\Program Files (x86)\rtrec.exe
[2008.03.02 16:04:40 | 000,068,480 | ---- | C] (CACE Technologies) -- C:\Program Files (x86)\WanPacket.dll
[2008.03.02 16:04:27 | 000,088,952 | ---- | C] (CACE Technologies) -- C:\Program Files (x86)\Packet.dll
[2008.02.20 17:06:30 | 000,406,528 | ---- | C] (All Alex,Inc) -- C:\Program Files (x86)\wmrurl.exe
[2008.02.20 17:06:30 | 000,335,360 | ---- | C] (All Alex,Inc) -- C:\Program Files (x86)\wmrwmp.exe
[2008.02.20 17:06:30 | 000,204,800 | ---- | C] (All Alex,Inc) -- C:\Program Files (x86)\wmrprocess.exe
[2008.02.20 17:06:29 | 001,171,968 | ---- | C] (All Alex,Inc) -- C:\Program Files (x86)\WMR11.exe
[2008.02.20 17:06:29 | 000,540,160 | ---- | C] (All Alex, Inc) -- C:\Program Files (x86)\rmrp.exe
[2008.02.20 17:06:29 | 000,210,944 | ---- | C] (All Alex, Inc) -- C:\Program Files (x86)\wmrp.exe
[2008.02.20 17:06:29 | 000,159,232 | ---- | C] (AllAlex, Inc) -- C:\Program Files (x86)\RxTx.exe
[2008.02.20 17:06:29 | 000,118,784 | ---- | C] (WMR) -- C:\Program Files (x86)\WmrPlayer.exe
[2008.02.20 17:06:29 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\npptools.dll
[2008.02.20 17:06:28 | 000,195,584 | ---- | C] ( ) -- C:\Program Files (x86)\interface.exe
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\system32\config\systemprofile\*.tmp files -> C:\Windows\system32\config\systemprofile\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.14 18:21:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 18:21:37 | 1066,602,494 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.14 00:15:56 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 00:15:56 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.06 20:41:07 | 001,789,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.06 20:41:07 | 000,767,248 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.06 20:41:07 | 000,710,330 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.06 20:41:07 | 000,172,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.06 20:41:07 | 000,140,536 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.23 19:12:27 | 000,000,149 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.01.23 18:42:33 | 001,815,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.23 18:41:48 | 000,000,232 | ---- | M] () -- C:\Windows\ODBCINST.INI
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\system32\config\systemprofile\*.tmp files -> C:\Windows\system32\config\systemprofile\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.23 19:06:06 | 000,053,995 | ---- | C] () -- C:\tp_mysql5_myisam.sql
[2012.01.23 19:06:06 | 000,053,995 | ---- | C] () -- \tp_mysql5_myisam.sql
[2012.01.23 19:06:06 | 000,053,995 | ---- | C] () -- C:\tp_mysql5_innodb.sql
[2012.01.23 19:06:06 | 000,053,995 | ---- | C] () -- \tp_mysql5_innodb.sql
[2012.01.01 17:35:37 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011.12.23 21:58:27 | 000,000,064 | -H-- | C] () -- C:\Windows\€nlsPreferences.dat
[2011.12.04 11:49:55 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.04 11:49:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.23 20:15:50 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011.11.23 20:15:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2011.11.23 20:15:42 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2011.10.28 20:44:04 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.10.28 20:44:04 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\F101016671.sys
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.27 14:39:24 | 004,122,624 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.08.27 21:49:43 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.08.19 23:01:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.16 15:34:11 | 1998,744,064 | ---- | C] () -- \Risen_Setup-1.bin
[2011.07.16 15:34:11 | 1431,192,139 | ---- | C] () -- \Risen_Setup-2.bin
[2011.07.16 15:34:09 | 001,255,734 | ---- | C] () -- \Risen_Setup.exe
[2011.07.16 14:59:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011.07.12 15:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.10 13:47:46 | 000,000,000 | ---- | C] () -- \autoexec.bat
[2011.07.10 12:32:50 | 000,014,648 | -HS- | C] () -- C:\ProgramData\5xt64cq2ecuwr4y7423e5ikoxy1v364xnh603
[2011.07.09 15:29:16 | 000,000,163 | RHS- | C] () -- C:\Windows\CTA1PRET.BIN
[2011.05.22 19:52:25 | 000,000,640 | ---- | C] () -- \scandisk.lnk
[2011.04.26 20:42:15 | 000,262,198 | ---- | C] () -- \Test.bmp
[2011.04.26 20:34:42 | 000,000,075 | RHS- | C] () -- C:\Windows\CT6PRET.BIN
[2011.04.17 14:29:26 | 000,004,905 | ---- | C] () -- C:\ProgramData\vyxlkmbh.iae
[2011.03.25 22:58:22 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011.03.25 22:55:40 | 000,000,066 | ---- | C] () -- C:\Windows\StationRipper.INI
[2011.03.25 21:54:59 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011.03.25 21:54:59 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011.03.04 23:25:15 | 000,000,179 | ---- | C] () -- C:\Program Files (x86)\playlist.wpl
[2011.03.04 23:20:39 | 000,076,347 | ---- | C] () -- C:\Program Files (x86)\Uninstal.exe
[2011.01.04 13:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.27 17:12:18 | 000,056,414 | ---- | C] () -- C:\Windows\RFMayaPluginUninstall.exe
[2010.11.22 19:19:02 | 000,000,149 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.22 18:47:07 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.11.21 23:09:35 | 001,815,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.21 13:27:35 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010.11.21 13:26:24 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.11.16 20:36:51 | 000,005,170 | RH-- | C] () -- \mfg.sdr
[2010.11.16 12:18:27 | 000,000,026 | ---- | C] () -- \AF_BENCHMARKS.XML
[2010.11.16 12:15:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.11.16 12:15:50 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010.11.16 12:15:50 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010.11.16 12:15:50 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010.11.16 12:15:48 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.11.16 11:45:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.16 11:43:42 | 1066,602,494 | -HS- | C] () -- \hiberfil.sys
[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.09.02 18:55:31 | 001,501,696 | ---- | C] () -- C:\Windows\libeay32.dll
[2010.09.02 18:55:31 | 000,331,776 | ---- | C] () -- C:\Windows\ssleay32.dll
[2010.05.04 14:06:48 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.11.01 21:41:57 | 000,077,824 | ---- | C] () -- C:\Program Files (x86)\wmasf.exe
[2008.04.07 21:36:02 | 000,001,036 | ---- | C] () -- C:\Program Files (x86)\Help_rtmp.rtf
[2008.02.20 17:06:30 | 000,151,552 | ---- | C] () -- C:\Program Files (x86)\worprmw.exe
[2008.02.20 17:06:30 | 000,137,216 | ---- | C] () -- C:\Program Files (x86)\wrestore.exe
[2008.02.20 17:06:30 | 000,041,984 | ---- | C] () -- C:\Program Files (x86)\WParseUrl.exe
[2008.02.20 17:06:29 | 000,143,360 | ---- | C] () -- C:\Program Files (x86)\Stream1.dll
[2008.02.20 17:06:29 | 000,121,344 | ---- | C] () -- C:\Program Files (x86)\Rmfix.dll
[2008.02.20 17:06:29 | 000,101,980 | ---- | C] () -- C:\Program Files (x86)\sound2.wav
[2008.02.20 17:06:29 | 000,067,832 | ---- | C] () -- C:\Program Files (x86)\sound3.wav
[2008.02.20 17:06:29 | 000,026,688 | ---- | C] () -- C:\Program Files (x86)\sound21.wav
[2008.02.20 17:06:29 | 000,019,676 | ---- | C] () -- C:\Program Files (x86)\sound1.wav
[2008.02.20 17:06:29 | 000,005,212 | ---- | C] () -- C:\Program Files (x86)\soring.wav
[2008.02.20 17:06:29 | 000,001,578 | ---- | C] () -- C:\Program Files (x86)\MediaPlayer.reg
[2008.02.20 17:06:29 | 000,000,740 | ---- | C] () -- C:\Program Files (x86)\Vista.rtf
[2008.02.20 17:06:29 | 000,000,528 | ---- | C] () -- C:\Program Files (x86)\NetShow.reg
[2008.02.20 17:06:29 | 000,000,466 | ---- | C] () -- C:\Program Files (x86)\Registration.rtf
[2008.02.20 17:06:29 | 000,000,100 | ---- | C] () -- C:\Program Files (x86)\Setup.ini
[2008.02.20 17:06:28 | 001,926,844 | ---- | C] () -- C:\Program Files (x86)\FLVPlayer.exe
[2008.02.20 17:06:28 | 000,150,016 | ---- | C] () -- C:\Program Files (x86)\Import.exe
[2008.02.20 17:06:28 | 000,015,360 | ---- | C] () -- C:\Program Files (x86)\asfprocess.exe
[2008.02.20 17:06:28 | 000,006,470 | ---- | C] () -- C:\Program Files (x86)\Help_rc.rtf
[2008.02.20 17:06:28 | 000,002,525 | ---- | C] () -- C:\Program Files (x86)\Help_pb.rtf
[2008.02.20 17:06:28 | 000,002,287 | ---- | C] () -- C:\Program Files (x86)\Help_sc.rtf
[2008.02.20 17:06:28 | 000,001,688 | ---- | C] () -- C:\Program Files (x86)\Help_ur.rtf
[2008.02.20 17:06:28 | 000,001,417 | ---- | C] () -- C:\Program Files (x86)\Help_cl.rtf
[2008.02.20 17:06:28 | 000,000,999 | ---- | C] () -- C:\Program Files (x86)\Help_ca.rtf
[2008.02.20 17:06:28 | 000,000,826 | ---- | C] () -- C:\Program Files (x86)\Help_fv.rtf
[2008.02.20 17:06:28 | 000,000,710 | ---- | C] () -- C:\Program Files (x86)\Demo.rtf
[2008.02.20 17:06:28 | 000,000,680 | ---- | C] () -- C:\Program Files (x86)\Allow.rtf
[2008.02.20 17:06:28 | 000,000,416 | ---- | C] () -- C:\Program Files (x86)\About.rtf
[2007.02.05 16:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 19:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
 
========== LOP Check ==========
 
[2012.01.10 18:11:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 192 bytes -> \Windows:nlsPreferences
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:4BF2F6B5
@Alternate Data Stream - 1394 bytes -> C:\ProgramData\Microsoft:LmMcq9GOy2KUnPJBGCjIT827G
@Alternate Data Stream - 1360 bytes -> C:\ProgramData\Microsoft:KnQ3UznGeUrgunFusCzmpl
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

--- --- ---

markusg · 15.02.2012, 20:45

hast du den scan mit internet verbindung im betroffnen account gemacht?
sehe sie noch nciht.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Steve2000 · 15.02.2012, 21:44

Hallo wieder
Ja, hab otl gestartet mit Internetverbindung. Aber evt. funkt da McAfee rein - ich krieg den nicht völlig weg.
Hier ist das Combofix-file. Combofix ist durchgelaufen, aber ich war wie gesagt nicht fähig McAfee völlig auszuschalten, da alle Menus grau sind und ich nichts anwählen kann. Hab soweit wie möglich mittels Taskmanager die Prozesse beendet. Jetzt weiss ich halt nicht ob das trotzdem funktioniert... McAfee selbst zeigt aber alles deaktiviert an.

markusg · 16.02.2012, 13:06

yes sir :-)
sollte wieder im normalen modus laufen, aber:
nicht auf anderen, außer den für die reinigung nötigen seiten surfen.
öffne computer, c: qoobox.
rechtsklick quarantain, mit winrar oder zip oder nem anderen packer ein archiv erstellen und hochladen.
Trojaner-Board Upload Channel

Steve2000 · 16.02.2012, 19:12

JUHU! (Obwohl frühes Jubeln verhängnisvoll sein kann...).
Aber ich kann wieder im normalen Modus starten (auch wenn der Computer sich das erste Mal beim Welcome-Bildschirm aufgehängt hat - beim zweiten Mal gings). Hab die gewünschte Datei in den Upload-Channel raufgeladen (mit Kommentar). Vielen Dank schon mal

markusg · 16.02.2012, 19:15

hi, danke für den upload, durch sind wir aber immer noch nicht :-)
edit, sehe leider keinen upload.
kannst du es bei
www.file-upload.net
hochladen und mir den link als private nachicht senden?

Steve2000 · 16.02.2012, 19:26

Habs geschickt (poste das hier rein für den Fall, dass es wieder nicht ankommt...)

markusg · 16.02.2012, 19:33

ne, das war zu groß für den upload channel, habs aber jetzt, danke.
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Steve2000 · 17.02.2012, 21:06

Hallo wieder

Habe Malwarebytes durchlaufen lassen, dauert halt leider ewig. Leider muss der Computer gegen Ende (hat bis dahin noch nichts gefunden) abgestürzt sein, habe deshalb auch kein brauchbars Logfile. Mache das ganze nochmals.
Aber kleine Frage: Soll ich McAfee dabei deaktivieren oder kann ich den laufen lassen?

markusg · 17.02.2012, 21:07

alles deaktivieren was läuft.

Steve2000 · 18.02.2012, 10:32

Guten Morgen

Hier ist das Logfile - 5 Funde :S

markusg · 18.02.2012, 11:18

lade den CCleaner standard:
CCleaner Download - CCleaner 3.15.1643
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Steve2000 · 18.02.2012, 11:51

Hmmm...nach bestem Wissen und Gewissen.... Z.B. weiss ich bei den codecs nicht, ob das nun die codecs selbst sind (die würde ich brauchen) oder nur das Installationsprogramm (brauche ich nicht mehr). Hier das file:

15.02.2012, 20:35	#2
markusg /// Malware-holic	50 Euro Virus - Ihr System wurde blockiert... hi, dann kopiere den inhalt einfach mal hier rein :-) evtl. aufteilen. __________________ __________________

17.02.2012, 21:07	#12
markusg /// Malware-holic	50 Euro Virus - Ihr System wurde blockiert... alles deaktivieren was läuft. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

50 Euro Virus - Ihr System wurde blockiert...

Plagegeister aller Art und deren Bekämpfung: 50 Euro Virus - Ihr System wurde blockiert...