schlimmer virus, explorer öffnet sich immer wieder...

xl-chatterin · 28.03.2010, 17:40

Hallo ich habe das selbe Problem was soll ich machen? habe malware scan und hier der berciht. ich bitte dringend um hilfe das nervt einfach zu sehr.

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3923
Windows 6.0.6000
Internet Explorer 8.0.6001.18882

28.03.2010 18:24:22
mbam-log-2010-03-28 (18-24-22).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 110782
Laufzeit: 19 minute(s), 14 second(s)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
C:\Windows\System32\advhost.exe (IM.Worm) -> Unloaded process successfully.
C:\Windows\System32\advhost.exe (IM.Worm) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Windows\System32\adlaunch32.dll (IM.Worm) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xttb00001.ietoolbar (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dfb4667b-5304-4cd5-b494-2742acd99212} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xttb00001.ietoolbar.1 (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3dbfa422-df9c-22b2-761c-6ee20837d9e3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (IM.Worm) -> Data: c:\windows\system32\adlaunch32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (IM.Worm) -> Data: system32\adlaunch32.dll -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Users\Julia\AppData\Roaming\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\adlaunch32.dll (IM.Worm) -> Delete on reboot.
C:\Windows\System32\advhost.exe (IM.Worm) -> Quarantined and deleted successfully.
C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll (Adware.ToolBar) -> Quarantined and deleted successfully.
C:\Users\Julia\AppData\Roaming\Bifrost\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Windows\010112010146116101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0101120101465250.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0101120101465349.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0101120101465355.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\bk20856.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Users\Julia\AppData\Roaming\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Windows\mmsmark3.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

Chris4You · 29.03.2010, 07:21

Hi,

Du hattest Bifrost, Backdoors etc. auf dem Rechner, eigentlich ist jetzt Neuaufsetzen angesagt. Ändere unverzüglich von einem sauberen Rechner aus alle Passwörter...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread

chris

xl-chatterin · 29.03.2010, 19:58

Danke für die rasche Antwort.
Also soll ich erst das OTM runterladen und dann neu aufsetten oder wie?

Chris4You · 30.03.2010, 06:21

Hi,

mach bitte das OTL-Log, will noch was nachsehen.
Wenn es für Dich problemlos möglich ist Neuaufzusetzen, dann solltest Du es danach tun!

chris

xl-chatterin · 30.03.2010, 17:15

hallo also hier der scan.
ich kann net neu aufsetzten weis net wie das geht.
Sind dann alle daten zum beispiel fotos usw. weg?
OTL Extras logfile created on: 30.03.2010 18:09:35 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Julia\Documents
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.015,00 Mb Total Physical Memory | 268,00 Mb Available Physical Memory | 26,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 315,34 Gb Total Space | 206,25 Gb Free Space | 65,41% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,78 Gb Free Space | 58,89% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIA-PC
Current User Name: Julia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG, T-Com)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
https [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Steuersoftware\STSInstall.exe" = E:\Steuersoftware\STSInstall.exe:*:Enabled:STSInstall -- File not found
"C:\Program Files\Konz\Focus-Money\EP_Konz.exe" = C:\Program Files\Konz\Focus-Money\EP_Konz.exe:*:Enabled:EP_Konz -- File not found
"C:\Program Files\Konz\Focus-Money\KonzSteuersoftware.exe" = C:\Program Files\Konz\Focus-Money\KonzSteuersoftware.exe:*:Enabled:KonzSteuersoftware -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00368B3A-3A69-4813-9CFB-2D609D1FE41F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{008DDA2B-B49C-4020-94C0-7C47C91930AD}" = rport=138 | protocol=17 | dir=out | app=system |
"{01584991-A4E0-4D03-A5FE-D8138C1A2D97}" = rport=5357 | protocol=6 | dir=out | app=system |
"{02DA20E1-F770-47A3-8834-74C36049C653}" = rport=445 | protocol=6 | dir=out | app=system |
"{16718108-31B6-42F1-8C39-E54847CF972C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{19042468-7D7A-4F81-B604-56D373DC9C30}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{30D3AF73-E8C4-43D4-92D0-5C46D7628B53}" = rport=5358 | protocol=6 | dir=out | app=system |
"{3BE86B5F-1F2A-4F3F-BD70-7BFD683122D8}" = rport=137 | protocol=17 | dir=out | app=system |
"{5894E108-6A52-4BFE-BAF8-6235C53E2256}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5C216996-3C4E-4069-A0B6-6252729D5F20}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E9616C4-0CB4-45B5-8EAB-AC037BB1D71E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{5FE5643B-26F6-434F-B152-93DDE7D9CC73}" = lport=5357 | protocol=6 | dir=in | app=system |
"{718EFA5A-BEAC-413B-9D5D-79CAFED1C9EE}" = lport=138 | protocol=17 | dir=in | app=system |
"{75643E2D-1D8C-4B9B-B165-BBBED187DEA6}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A7C836F-EFFD-4061-8D28-DFCAAA9464F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7B3DAC00-6AB7-4600-A644-82C9CFBF7B15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E884AA2-8E8E-4371-8554-69FB5CCED2DC}" = lport=139 | protocol=6 | dir=in | app=system |
"{A38E916E-3D33-4F1E-8D21-3AD7FA2C09B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BAC34C3B-8CF0-4E28-A3F8-EF17EAB4E0AA}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{C8B969E2-BB8A-4D27-9C39-0CCEAF3E4BBB}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA7C6004-F143-4B4C-8652-2F95DFFD06BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB67FF40-304E-4A3C-B61B-E3FB9AB82B01}" = lport=5358 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{189C4C8F-9250-4EB6-A0BF-097A014D72D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{299A7143-F9BD-4940-B16D-37A462F1ECC9}" = protocol=17 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
"{3E78DE57-03B5-4C0B-82A9-448FFFD60053}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{3FA25C7B-FDD4-4FA8-916F-D7F82C6B0760}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{5A80EB88-A660-4126-943B-044922E9539F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{747AF550-233A-40DC-80F2-FED2FC44B8CF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7A7371D2-1548-41B3-9CA8-7858DFC47109}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8C20AC95-9734-4661-9E9F-1F51A6CB4227}" = protocol=6 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |
"{8FEB9AF7-8228-4A12-8824-41F761967F74}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9143E0E9-8956-449D-8E8E-8D555370DEBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA7DD168-F132-4155-8F0E-636334DA9658}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BC50B56F-7D16-4165-A677-5516DA9F2BFA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BF68F56A-456B-433B-AAC2-2FF8A1684760}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D36B1E7D-AD55-41AD-BAAE-9CE3B2416D5A}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D77BAA94-77A5-4071-8931-C114EA9264FB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D8680993-E55E-4A1B-AA45-C8E4B208E0C2}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{DFCA00C8-0F52-47FD-9096-68BF2462CBFE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EDC22849-4099-427E-8DDD-362A1690800D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F06077E1-22CC-4824-894C-024A149252BA}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{7D5CAA85-5C13-470C-994E-22122E747DB4}C:\program files\t-online\t-online_software_6\internet-telefon\phone.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\internet-telefon\phone.exe |
"UDP Query User{DE3FAC13-9DA1-426F-9BAC-7D7047B2352F}C:\program files\t-online\t-online_software_6\internet-telefon\phone.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\internet-telefon\phone.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A755762-EED8-47AB-A446-505766F93D43}" = Attansic L2 Fast Ethernet Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"ElsterFormular 11.1.2.3848" = ElsterFormular
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"iMesh" = iMesh
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Registry Mechanic_is1" = Registry Mechanic 9.0
"T-Online-Toolbar-2_is1" = T-Online Toolbar 2.0
"WEB.DE Update" = WEB.DE Update
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.02.2010 11:30:59 | Computer Name = Julia-pc | Source = Windows Search Service | ID = 3026
Description =

Error - 20.02.2010 12:23:37 | Computer Name = Julia-pc | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 14.0.8089.726 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 9b8 Anfangszeit: 01cab248e1c1b3a6 Zeitpunkt
der Beendigung: 16

Error - 23.02.2010 16:39:03 | Computer Name = Julia-pc | Source = Application Hang | ID = 1002
Description = Programm BROWSER.EXE, Version 6.5.0.3 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: f5c Anfangszeit: 01cab4bd869d784e Zeitpunkt der Beendigung:
47

Error - 24.02.2010 03:33:23 | Computer Name = Julia-pc | Source = Windows Search Service | ID = 3026
Description =

Error - 20.03.2010 15:43:18 | Computer Name = Julia-pc | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 14.0.8089.726 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 988 Anfangszeit: 01cac86577f500b7 Zeitpunkt
der Beendigung: 936

Error - 23.03.2010 15:48:02 | Computer Name = Julia-pc | Source = Windows Search Service | ID = 3026
Description =

Error - 24.03.2010 03:51:48 | Computer Name = Julia-pc | Source = Windows Search Service | ID = 3026
Description =

Error - 25.03.2010 07:51:52 | Computer Name = Julia-pc | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Julia\AppData\Local\Temp\RarSFX0\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 25.03.2010 08:24:00 | Computer Name = Julia-pc | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MAIL.EXE, Version 6.5.0.2, Zeitstempel 0x4695155c,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x1514, Anwendungsstartzeit 01cacc13d4616115.

Error - 25.03.2010 14:49:54 | Computer Name = Julia-pc | Source = Application Hang | ID = 1002
Description = Programm MAIL.EXE, Version 6.5.0.2 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: a68 Anfangszeit: 01cacc4afb3957e6 Zeitpunkt der Beendigung:
1155

[ Media Center Events ]
Error - 02.09.2009 11:29:29 | Computer Name = Julia-pc | Source = ehRecvr | ID = 4
Description =

Error - 25.09.2009 12:44:11 | Computer Name = Julia-pc | Source = ehRecvr | ID = 4
Description =

Error - 14.10.2009 03:57:45 | Computer Name = Julia-pc | Source = ehRecvr | ID = 4
Description =

[ System Events ]
Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 27.10.2009 03:04:33 | Computer Name = Julia-pc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

< End of report >

danke

Chris4You · 30.03.2010, 19:30

Hi,

ja, es wäre alles weg (Anwendungen und Daten wie Fotos, mp3 etc.).
Bitte poste auch das "erste" log von OTL, Du hast nur die "Extras" gepostet...
Sonst lass es neu laufen und poste beide Logs...

chris

schlimmer virus, explorer öffnet sich immer wieder...

Log-Analyse und Auswertung: schlimmer virus, explorer öffnet sich immer wieder...