Erst Live Security Platinum und jetzt Rootkit.0Access

wiilli1966 · 14.07.2012, 19:30

Guten Abend,

nun wurde ich bzw. mein Laptop (Win Vista32) leider auch infiziert.
Angefangen hat das ganze mit dem bekannten Live Security Platinum was ich dann nach den Anleitungen hier behandelt habe.
Eigentlich sah alles ganz gut aus, bis jetzt nun so ca. 3 Minuten jedesmal nach erfolgtem Systemstart Malwarebytes einen bösartigen Programmstart meldete.

Dann habe ich die Anleitung für Hilfesuchende abgearbeitet, wobei folgende Fehler/Probleme auftraten:

- OTL erzeugt nur ein OTL.txt aber kein Extra.txt
- gmer bricht nach kurzer Zeit ab (Programm funktioniert nicht mehr)

Zitat:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Compu1 :: Compu1-PC [Administrator]

Schutz: Aktiviert

14.07.2012 08:06:12
mbam-log-2012-07-14 (08-06-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 405651
Laufzeit: 1 Stunde(n), 56 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\{ba833f94-1852-1323-b961-938ab028a028}\U\00000001.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{ba833f94-1852-1323-b961-938ab028a028}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.07.2012 13:32:52 - Run 7
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Compu1\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,79% Memory free
6,20 Gb Paging File | 5,31 Gb Available in Paging File | 85,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 30,30 Gb Free Space | 27,08% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 110,90 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 594,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: Compu1-PC | User Name: Compu1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.13 17:39:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Compu1\Desktop\OTL.exe
PRC - [2012.07.12 17:18:51 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.08.24 09:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010.04.20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.05.09 06:19:36 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Programme\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.10.17 09:28:08 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2007.09.13 21:37:14 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.09.05 06:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.08.07 07:04:38 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007.06.29 01:15:06 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2006.10.05 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.04.20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010.04.16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2009.11.15 17:29:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.09.05 05:52:04 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.02.23 11:32:40 | 000,065,536 | ---- | M] () -- C:\Programme\Samsung\EBM\ChkSec.dll
MOD - [2006.09.19 02:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Compu1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.24 16:34:59 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012.05.24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012.05.24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009.01.23 13:32:34 | 000,243,840 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2008.04.17 15:42:10 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.10.24 22:33:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.06.20 21:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006.11.29 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.14 02:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4ADA490D-2495-4C7A-A32F-11B99CD787B5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=52145873-5832-4D2A-9CD5-EE3DA905865E&apn_sauid=4BDC8418-E95D-4299-81BF-4B80537E1DF3&
IE - HKCU\..\SearchScopes\{9085C270-D8C1-4AA1-948B-6914BCCF498E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programme\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [IBP]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Alexa Web Search - hxxp://client.alexa.com/holiday/script/actions/search.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Compu1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Get Alexa Data - hxxp://client.alexa.com/holiday/script/actions/sitedata.htm File not found
O8 - Extra context menu item: Mail to a Friend... - hxxp://client.alexa.com/holiday/script/actions/mailto.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: See Related Links - hxxp://client.alexa.com/holiday/script/actions/related.htm File not found
O8 - Extra context menu item: Write a Review... - hxxp://client.alexa.com/holiday/script/actions/review.htm File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0E3CC98-95B3-4942-8897-CA095E5B2220}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programme\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Compu1\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Compu1\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1997.02.07 05:00:00 | 000,000,065 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1999.09.30 16:13:14 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O33 - MountPoints2\{004ef265-cdb2-11de-9ecc-001f3c0b0c53}\Shell - "" = AutoRun
O33 - MountPoints2\{004ef265-cdb2-11de-9ecc-001f3c0b0c53}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{004ef27f-cdb2-11de-9ecc-001f3c0b0c53}\Shell - "" = AutoRun
O33 - MountPoints2\{004ef27f-cdb2-11de-9ecc-001f3c0b0c53}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{004ef282-cdb2-11de-9ecc-001f3c0b0c53}\Shell - "" = AutoRun
O33 - MountPoints2\{004ef282-cdb2-11de-9ecc-001f3c0b0c53}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{076418aa-1fef-11dd-a68c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{076418aa-1fef-11dd-a68c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun\AUTOPLAY.EXE -- [1996.11.06 16:12:22 | 000,015,872 | R--- | M] (Micrografx)
O33 - MountPoints2\{3bc6df2e-3c51-11de-a927-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3bc6df2e-3c51-11de-a927-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7ebe777a-3c4f-11de-886d-001f3c0b0c53}\Shell - "" = AutoRun
O33 - MountPoints2\{7ebe777a-3c4f-11de-886d-001f3c0b0c53}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d26dc1c4-cd55-11de-af5b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d26dc1c4-cd55-11de-af5b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ec1be32e-5b2d-11de-80a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ec1be32e-5b2d-11de-80a5-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.13 17:39:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Compu1\Desktop\OTL.exe
[2012.07.11 20:59:14 | 000,100,864 | ---- | C] (GMER) -- C:\pxdiqpod.sys
[2012.07.10 20:18:37 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Roaming\Ykbae
[2012.07.10 20:18:37 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Roaming\Soxagu
[2012.07.10 20:18:37 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Roaming\Issiih
[2012.07.09 21:42:28 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Roaming\Malwarebytes
[2012.07.09 21:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.09 21:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.09 21:42:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.09 21:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.09 21:06:46 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.07.09 21:06:39 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.09 21:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E00041F0A00251FB2570F1C8B
[2012.07.09 21:02:56 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Roaming\Urixw
[2012.07.09 21:02:56 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Roaming\Uffuv
[2012.07.09 21:02:56 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Roaming\Ludenu
[2012.07.02 21:36:58 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Local\CrashRpt
[2012.07.02 21:35:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2012.07.02 21:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2012.07.02 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2012.07.02 21:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 9
[2012.07.02 21:33:45 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Local\RapidSolution
[2012.07.02 18:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.02 18:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.07.02 18:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.06.19 19:20:52 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Local\Apps
[2012.06.19 19:05:26 | 000,000,000 | ---D | C] -- C:\Users\Compu1\AppData\Roaming\vlc
[2012.06.19 19:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.19 19:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.14 13:26:48 | 000,042,238 | ---- | M] () -- C:\Users\Compu1\AppData\Roaming\nvModes.dat
[2012.07.14 13:26:47 | 000,042,238 | ---- | M] () -- C:\Users\Compu1\AppData\Roaming\nvModes.001
[2012.07.14 13:26:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 13:26:36 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2012.07.14 13:26:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 13:26:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 13:26:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.14 13:26:15 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.14 13:25:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.14 10:23:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.14 07:09:52 | 000,000,000 | ---- | M] () -- C:\Users\Compu1\defogger_reenable
[2012.07.13 17:39:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Compu1\Desktop\OTL.exe
[2012.07.13 17:16:57 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 20:59:14 | 000,100,864 | ---- | M] (GMER) -- C:\pxdiqpod.sys
[2012.07.11 20:57:26 | 000,002,930 | ---- | M] () -- C:\Users\Compu1\Desktop\hilfe_trojaner.rtf
[2012.07.11 20:56:49 | 000,302,592 | ---- | M] () -- C:\Users\Compu1\Desktop\f8iwmxiu.exe
[2012.07.11 20:31:19 | 000,050,477 | ---- | M] () -- C:\Users\Compu1\Desktop\Defogger.exe
[2012.07.10 20:17:45 | 000,001,356 | ---- | M] () -- C:\Users\Compu1\AppData\Local\d3d9caps.dat
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.02 21:35:27 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Audials 9.lnk
[2012.07.01 20:27:21 | 000,685,962 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.01 20:27:21 | 000,642,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.01 20:27:21 | 000,150,036 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.01 20:27:21 | 000,121,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.28 18:01:27 | 003,420,332 | ---- | M] () -- C:\Users\Compu1\Desktop\Coupe_Anleitung.pdf
[2012.06.19 19:04:27 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.15 03:34:13 | 000,471,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.14 13:30:48 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{ba833f94-1852-1323-b961-938ab028a028}\U\00000001.@
[2012.07.14 13:26:32 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{ba833f94-1852-1323-b961-938ab028a028}\U\800000cb.@
[2012.07.14 07:09:52 | 000,000,000 | ---- | C] () -- C:\Users\Compu1\defogger_reenable
[2012.07.13 17:16:57 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 20:56:49 | 000,302,592 | ---- | C] () -- C:\Users\Compu1\Desktop\f8iwmxiu.exe
[2012.07.11 20:56:18 | 000,002,930 | ---- | C] () -- C:\Users\Compu1\Desktop\hilfe_trojaner.rtf
[2012.07.11 20:31:19 | 000,050,477 | ---- | C] () -- C:\Users\Compu1\Desktop\Defogger.exe
[2012.07.11 05:17:17 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.10 21:55:54 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{ba833f94-1852-1323-b961-938ab028a028}\U\80000000.@
[2012.07.02 21:35:27 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\Audials 9.lnk
[2012.06.28 18:01:27 | 003,420,332 | ---- | C] () -- C:\Users\Compu1\Desktop\Coupe_Anleitung.pdf
[2012.06.19 19:04:27 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.02.05 20:22:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.11 20:43:41 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ba833f94-1852-1323-b961-938ab028a028}\@
[2012.01.11 20:43:41 | 000,002,048 | -HS- | C] () -- C:\Users\Compu1\AppData\Local\{ba833f94-1852-1323-b961-938ab028a028}\@
[2011.05.15 19:40:00 | 000,000,212 | ---- | C] () -- C:\Users\Compu1\.htaccess
[2011.03.23 21:11:46 | 000,000,600 | ---- | C] () -- C:\Users\Compu1\AppData\Local\PUTTY.RND
[2011.02.18 20:13:51 | 001,486,848 | ---- | C] () -- C:\Windows\System32\MGXRDR32.DLL
[2011.02.18 20:13:51 | 000,306,688 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2011.02.18 20:13:51 | 000,116,736 | ---- | C] () -- C:\Windows\System32\PCDLIB32.DLL
[2011.02.18 20:13:51 | 000,095,232 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2011.02.18 20:13:49 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2011.02.18 20:12:52 | 000,038,912 | ---- | C] () -- C:\Windows\System32\FVDS70.DLL
[2011.02.18 20:12:39 | 000,172,544 | ---- | C] () -- C:\Windows\Mgxclean.exe
[2011.02.18 20:12:39 | 000,082,944 | ---- | C] () -- C:\Windows\System32\Ppiv20.dll
[2010.06.19 21:38:54 | 000,004,458 | ---- | C] () -- C:\Users\Compu1\.recently-used.xbel
[2009.10.16 11:46:55 | 000,042,238 | ---- | C] () -- C:\Users\Compu1\AppData\Roaming\nvModes.001
[2009.10.14 21:12:28 | 000,042,238 | ---- | C] () -- C:\Users\Compu1\AppData\Roaming\nvModes.dat
[2009.07.31 21:26:57 | 000,001,356 | ---- | C] () -- C:\Users\Compu1\AppData\Local\d3d9caps.dat
[2008.06.03 20:08:37 | 000,006,656 | ---- | C] () -- C:\Users\Compu1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.02.15 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\AIDAbella Fotoservice
[2011.01.31 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.03.10 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.07 19:49:09 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\FileZilla
[2010.09.19 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\GARMIN
[2010.06.19 21:38:54 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\gtk-2.0
[2011.02.22 23:32:11 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\HCM Updater
[2011.02.22 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\IBP
[2012.03.05 19:02:30 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\IrfanView
[2012.07.10 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\Issiih
[2012.07.09 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\Ludenu
[2010.10.31 16:56:59 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\myphotobook
[2012.06.13 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\OpenOffice.org
[2012.02.05 20:22:22 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\pdfforge
[2012.07.11 05:14:43 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\Soxagu
[2012.07.09 21:50:30 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\Uffuv
[2012.07.09 21:06:41 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\Urixw
[2012.03.05 18:59:35 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\XnView
[2012.07.10 20:19:08 | 000,000,000 | ---D | M] -- C:\Users\Compu1\AppData\Roaming\Ykbae
[2012.07.14 13:25:14 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.14 13:26:36 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
 
========== Purity Check ==========
 
< End of report >

--- --- ---

Bin jetzt nicht so der Computer Experte und hoffe keine Fehler bei der Anleitung gemacht zu haben.
Habe auch viel zu dem Problem gelesen, aber verstanden habe ich leider nicht so viel

Hoffe nun hier eine helfende Hand zu finden.

Vielen Dank

markusg · 15.07.2012, 16:39

hi
wenn du onlinebanking machst, bank anrufen, banking wegen zero access sperren lassen
da dieses rootkit gefährlich ist:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

wiilli1966 · 16.07.2012, 05:33

Hallo,

vorab schon vielen Dank

Ist mit online Banking gemeint, dass man ein Programm wie z.B. Starmoney installiert hat oder betrifft das auch User die per Web auf's Banking zugreifen?

Bin jetzt aktuell bei der Datenrettung.

Da das Laptop schon ca. 4 Jahre alt ist muss ich mal schauen ob ich noch CD's dazu finde. Es war ein Komplettsystem, Samsung R700.

Gruß
Wiilli

markusg · 17.07.2012, 20:51

hi
ich meine onlinebanking, also überweisungen etc.
wie man es ausführt spielt dabei keine rolle, obwohl starmoney, mit cardreader sehr sicher ist, besser als über den browser.

wiilli1966 · 19.07.2012, 14:10

Kurzes Update: Da ich die WIN Vista CD nicht mehr finde, habe mich jetzt entschlossen WIN 7 zu installieren. Habe mir eben einen Version bestellt und dann geht's weiter.

Danke

markusg · 19.07.2012, 14:13

mit win7 wirst du eh besser fahren denke ich.

19.07.2012, 14:13	#6
markusg /// Malware-holic	Erst Live Security Platinum und jetzt Rootkit.0Access mit win7 wirst du eh besser fahren denke ich. __________________ --> Erst Live Security Platinum und jetzt Rootkit.0Access

Erst Live Security Platinum und jetzt Rootkit.0Access

Plagegeister aller Art und deren Bekämpfung: Erst Live Security Platinum und jetzt Rootkit.0Access