Hallo zusammen..

mein Problem ist, das sich IE von allein alle 3 min. ca. mit werbung öffnet. habe mittlerweile schon rausbekommen, das es ein Virus is... habe avira durchlafen lassen doch der findet nix..

hier mal das Ergebnis von HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:42, on 08.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Kikiline\AppData\Local\Temp\Ebk.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Users\Kikiline\AppData\Local\Temp\Ebl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2528046
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: jetztspielenob.de Toolbar - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: jetztspielenob.de Toolbar - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (file missing)
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: jetztspielenob.de Toolbar - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (file missing)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\Kikiline\AppData\Local\Temp\sshnas21.dll,BackupReadW
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Kikiline\AppData\Local\Temp\Ebl.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: Amazon (amazon.de) - {603D3CE5-33BC-4d51-A31E-613A2B826E21} - C:\Users\Kikiline\AppData\Roaming\IEButtons\toolbutton2.js
O9 - Extra button: easy Shopping - {804420A5-7F05-4ee9-92F2-D2B644AD9102} - C:\Users\Kikiline\AppData\Roaming\IEButtons\toolbutton3.js
O9 - Extra button: eBay (ebay.de) - {C376BD23-6DC3-4e10-9ED0-AB8C0444E45C} - C:\Users\Kikiline\AppData\Roaming\IEButtons\toolbutton1.js
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7504 bytes


hoffe mir kann jemand schnell helfen, ist echt nervig

LG Kikiline



info.txt logfile of random's system information tool 1.06 2010-04-08 15:45:43

======Uninstall list======

-->"C:\Program Files\HP Games\Hotel Dash - Suite Success\Uninstall.exe"
-->"C:\Program Files\HP Games\HP Game Console\Uninstall.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Ashampoo Burning Studio 2010-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 2010\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Die Sims™ 3 Luxus-Accessoires-->"C:\Program Files\InstallShield Installation Information\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\setup.exe" -runfromtemp -l0x0007 -removeonly
Die Sims™ 3 Reiseabenteuer-->"C:\Program Files\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\Sims3EP01Setup.exe" -runfromtemp -l0x0007 -removeonly
Die Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager UI-->msiexec /qb /x {4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}
EA Download Manager UI-->MsiExec.exe /I{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\EADMUninstall.exe
FreePDF (Remove only)-->C:\Program Files\FreePDF_XP\fpsetup.exe /r
GPL Ghostscript 8.70-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.70\uninstal.txt"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IPZAZCMzK.INF
Hidden Identity (TM) - Chicago Blackout-->"C:\Program Files\HP Games\Hidden Identity (TM) - Chicago Blackout\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850407-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar Platform-->MsiExec.exe /I{2B4508B3-7403-44FF-8FBC-5CCD032E3635}
MSN Toolbar-->C:\Program Files\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
OpenOffice.org 3.2-->MsiExec.exe /I{192A107E-C6B9-41B9-BDBF-38E3AA226054}
Paradise Beach-->"C:\Program Files\HP Games\Paradise Beach\Uninstall.exe"
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek WLAN Driver-->MsiExec.exe /X{0FB630AB-7BD8-40AE-B223-60397D57C3C9}
RedMon - Redirection Port Monitor-->C:\Windows\system32\unredmon.exe
SlimDX Redistributable (March 2009)-->MsiExec.exe /X{D5395E5F-4D45-4665-8F00-234FA33678AF}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TS3 Install Helper Monkey-->"C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\uninstall.exe"
TSR Launcher-->MsiExec.exe /I{9082C257-9729-4009-8299-6916CD556EAC}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm Toolbar-->C:\Program Files\CheckPoint\ZAForceField\Uninstall.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Kikiline-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_84_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 28494
Source Name: Microsoft-Windows-Servicing
Time Written: 20091109142136.000000-000
Event Type: Informationen
User:

Computer Name: Kikiline-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_83_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 28493
Source Name: Microsoft-Windows-Servicing
Time Written: 20091109142136.000000-000
Event Type: Informationen
User:

Computer Name: Kikiline-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_7_for_KB975517~31bf3856ad364e35~x86~~6.0.1.1() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 28492
Source Name: Microsoft-Windows-Servicing
Time Written: 20091109142136.000000-000
Event Type: Informationen
User:

Computer Name: Kikiline-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_7_for_KB974306~31bf3856ad364e35~x86~~6.0.1.2() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 28491
Source Name: Microsoft-Windows-Servicing
Time Written: 20091109142136.000000-000
Event Type: Informationen
User:

Computer Name: Kikiline-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_7_for_KB973540~31bf3856ad364e35~x86~~6.0.1.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 28490
Source Name: Microsoft-Windows-Servicing
Time Written: 20091109142136.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: 26L2233B1-13
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20091105144956.000000-000
Event Type: Informationen
User:

Computer Name: 26L2233B1-13
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 4
Source Name: Microsoft-Windows-EventSystem
Time Written: 20091105144952.000000-000
Event Type: Informationen
User:

Computer Name: 26L2233B1-13
Event Code: 900
Message: Der Softwarelizenzierungsdienst wird gestartet.

Record Number: 3
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20091105144951.000000-000
Event Type: Informationen
User:

Computer Name: WIN-NGG017E5PB3
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091105144950.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: 26L2233B1-13
Event Code: 2
Message: Der Zertifikatdiensteclient wurde angehalten.
Record Number: 1
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20080121025830.046400-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: 26L2233B1-13
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: 26L2233B1-13$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x250
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091105144913.221190-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 26L2233B1-13
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

Anzahl von Elementen: 0
Richtlinienkennung: 0x129bac
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091105144906.825149-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 26L2233B1-13
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-0-0
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0

Anmeldetyp: 0

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x4
Prozessname:

Netzwerkinformationen:
Arbeitsstationsname: -
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: -
Authentifizierungspaket: -
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091105144905.389940-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 26L2233B1-13
Event Code: 4608
Message: Windows wird gestartet.

Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091105144905.389940-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 26L2233B1-13
Event Code: 4634
Message: Ein Konto wurde abgemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-7
Kontoname: ANONYMOUS LOGON
Kontodomäne: NT AUTHORITY
Anmelde-ID: 0x1f2f0

Anmeldetyp: 3

Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080121025830.171200-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"tvdumpflags"=8

-----------------EOF-----------------






Logfile of random's system information tool 1.06 (written by random/random)
Run by Kikiline at 2010-04-08 15:45:26
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 51 GB (42%) free of 119 GB
Total RAM: 1915 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:36, on 08.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Kikiline\AppData\Local\Temp\Ebk.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Kikiline\AppData\Local\Temp\Ebl.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Kikiline\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kikiline.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2528046
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - (no file)
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: (no name) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: Amazon (amazon.de) - {603D3CE5-33BC-4d51-A31E-613A2B826E21} - C:\Users\Kikiline\AppData\Roaming\IEButtons\toolbutton2.js
O9 - Extra button: easy Shopping - {804420A5-7F05-4ee9-92F2-D2B644AD9102} - C:\Users\Kikiline\AppData\Roaming\IEButtons\toolbutton3.js
O9 - Extra button: eBay (ebay.de) - {C376BD23-6DC3-4e10-9ED0-AB8C0444E45C} - C:\Users\Kikiline\AppData\Roaming\IEButtons\toolbutton1.js
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7309 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{F5314006-8263-4F91-9C6C-0BEA2635503E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-27 583024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc01c2be-850b-4115-9b6b-9a427ddecc34}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]
{fc01c2be-850b-4115-9b6b-9a427ddecc34}
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-27 583024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-09-12 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-09-12 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-09-12 145944]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe [2009-11-18 240480]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2009-09-05 385024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-12-04 1037192]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2009-10-27 730480]
" Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-09-12 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-04-08 15:45:26 ----D---- C:\rsit
2010-04-08 15:31:34 ----A---- C:\mbam-error.txt
2010-04-08 15:30:32 ----D---- C:\Users\Kikiline\AppData\Roaming\Malwarebytes
2010-04-08 15:30:22 ----D---- C:\ProgramData\Malwarebytes
2010-04-08 15:30:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-08 15:22:07 ----D---- C:\Program Files\CCleaner
2010-04-08 14:35:18 ----D---- C:\Program Files\Trend Micro
2010-04-08 13:03:42 ----D---- C:\Users\Kikiline\AppData\Roaming\CheckPoint
2010-04-08 13:03:22 ----D---- C:\Program Files\CheckPoint
2010-04-08 13:03:18 ----A---- C:\Windows\system32\vsutil_loc0407.dll
2010-04-08 13:03:15 ----A---- C:\Windows\system32\vsregexp.dll
2010-04-08 13:03:12 ----A---- C:\Windows\system32\zlcommdb.dll
2010-04-08 13:03:12 ----A---- C:\Windows\system32\zlcomm.dll
2010-04-08 13:03:08 ----A---- C:\Windows\system32\vswmi.dll
2010-04-08 13:03:05 ----A---- C:\Windows\system32\zpeng25.dll
2010-04-08 13:03:05 ----A---- C:\Windows\system32\vsxml.dll
2010-04-08 13:03:04 ----A---- C:\Windows\system32\vspubapi.dll
2010-04-08 13:03:04 ----A---- C:\Windows\system32\vsmonapi.dll
2010-04-08 13:03:03 ----A---- C:\Windows\system32\vsdata.dll
2010-04-08 13:02:58 ----D---- C:\Windows\LastGood.Tmp
2010-04-08 13:02:43 ----D---- C:\Windows\system32\ZoneLabs
2010-04-08 13:02:41 ----D---- C:\Program Files\Zone Labs
2010-04-08 13:02:18 ----D---- C:\ProgramData\CheckPoint
2010-04-08 13:02:17 ----D---- C:\Windows\Internet Logs
2010-04-08 13:02:16 ----A---- C:\Windows\system32\vsutil.dll
2010-04-08 13:02:16 ----A---- C:\Windows\system32\vsinit.dll
2010-04-08 02:50:32 ----D---- C:\ProgramData\Alwil Software
2010-04-08 02:50:31 ----D---- C:\Program Files\Alwil Software
2010-04-07 23:12:02 ----D---- C:\Users\Kikiline\AppData\Roaming\World-Loom
2010-04-07 22:39:56 ----D---- C:\Program Files\OXXOGames
2010-04-07 20:54:46 ----D---- C:\Program Files\Conduit
2010-04-07 20:54:41 ----D---- C:\ProgramData\Oberon Media
2010-04-07 20:54:32 ----D---- C:\Program Files\Common Files\Oberon Media
2010-04-07 00:38:02 ----D---- C:\Program Files\ReflexiveArcade
2010-04-06 23:25:54 ----D---- C:\Program Files\MyLifeStory_at
2010-04-02 12:49:42 ----D---- C:\Users\Kikiline\AppData\Roaming\CasualForge
2010-04-02 12:49:42 ----D---- C:\ProgramData\CasualForge
2010-04-02 00:51:58 ----D---- C:\Users\Kikiline\AppData\Roaming\widestream
2010-04-02 00:51:30 ----D---- C:\Program Files\Widestream6
2010-04-02 00:50:37 ----D---- C:\Users\Kikiline\AppData\Roaming\OfferBox
2010-04-01 23:39:54 ----D---- C:\ProgramData\Trymedia
2010-04-01 23:39:43 ----D---- C:\Program Files\Bluefish Games
2010-04-01 22:37:22 ----D---- C:\ProgramData\AlawarWrapper
2010-04-01 22:37:06 ----D---- C:\Program Files\Alawar
2010-04-01 18:42:58 ----D---- C:\Users\Kikiline\AppData\Roaming\Friday's games
2010-04-01 13:00:20 ----D---- C:\Users\Kikiline\AppData\Roaming\LegacyInteractive
2010-03-31 22:54:04 ----D---- C:\Users\Kikiline\AppData\Roaming\WildTangent Janes Realty2
2010-03-31 00:35:15 ----D---- C:\Program Files\JRE
2010-03-31 00:23:45 ----D---- C:\ProgramData\Sun
2010-03-31 00:23:44 ----D---- C:\Program Files\Common Files\Java
2010-03-31 00:23:25 ----A---- C:\Windows\system32\javaws.exe
2010-03-31 00:23:25 ----A---- C:\Windows\system32\javaw.exe
2010-03-31 00:23:25 ----A---- C:\Windows\system32\java.exe
2010-03-31 00:23:03 ----D---- C:\Program Files\Java
2010-03-29 09:21:45 ----D---- C:\Users\Kikiline\AppData\Roaming\TSR
2010-03-11 16:33:12 ----D---- C:\ProgramData\FarmFrenzy3_Arctica
2010-03-10 21:32:14 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-10 21:32:12 ----A---- C:\Windows\system32\httpapi.dll
2010-03-09 13:15:53 ----D---- C:\Program Files\s3pe

======List of files/folders modified in the last 1 months======

2010-04-08 15:45:33 ----D---- C:\Windows\Temp
2010-04-08 15:41:02 ----D---- C:\Windows\system32\drivers
2010-04-08 15:41:02 ----D---- C:\Windows\Help
2010-04-08 15:40:51 ----D---- C:\Windows\Tasks
2010-04-08 15:30:22 ----HD---- C:\ProgramData
2010-04-08 15:30:21 ----RD---- C:\Program Files
2010-04-08 15:24:00 ----D---- C:\Windows\Debug
2010-04-08 15:24:00 ----D---- C:\Windows
2010-04-08 15:17:36 ----D---- C:\Windows\system32\Tasks
2010-04-08 15:11:44 ----SHD---- C:\System Volume Information
2010-04-08 14:26:29 ----D---- C:\Windows\rescache
2010-04-08 13:37:16 ----SHD---- C:\Windows\Installer
2010-04-08 13:30:17 ----D---- C:\Windows\winsxs
2010-04-08 13:22:33 ----D---- C:\Windows\System32
2010-04-08 13:22:33 ----D---- C:\Windows\inf
2010-04-08 13:22:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-08 13:02:58 ----D---- C:\Windows\system32\catroot
2010-04-08 12:54:22 ----D---- C:\Windows\system32\catroot2
2010-04-08 12:51:34 ----D---- C:\Program Files\Internet Explorer
2010-04-08 12:51:33 ----D---- C:\Windows\system32\migration
2010-04-08 12:46:11 ----D---- C:\Windows\system32\de-DE
2010-04-07 21:58:32 ----D---- C:\Program Files\HP Games
2010-04-07 21:55:38 ----AD---- C:\ProgramData\TEMP
2010-04-07 20:54:32 ----D---- C:\Program Files\Common Files
2010-04-07 17:08:38 ----D---- C:\Windows\Prefetch
2010-04-07 17:07:23 ----D---- C:\Windows\system32\WDI
2010-04-07 00:29:59 ----D---- C:\BigFishGamesCache
2010-04-04 17:39:41 ----D---- C:\ProgramData\WildTangent
2010-04-04 01:16:51 ----D---- C:\Program Files\Mozilla Firefox
2010-04-02 11:21:58 ----D---- C:\Users\Kikiline\AppData\Roaming\PlayFirst
2010-04-02 11:21:58 ----D---- C:\ProgramData\PlayFirst
2010-04-01 12:57:08 ----D---- C:\Program Files\bfgclient
2010-03-31 00:38:06 ----D---- C:\Program Files\OpenOffice.org 3
2010-03-31 00:36:58 ----RSD---- C:\Windows\assembly
2010-03-31 00:35:41 ----RSD---- C:\Windows\Fonts
2010-03-31 00:23:07 ----A---- C:\Windows\system32\deploytk.dll
2010-03-11 00:14:55 ----D---- C:\Program Files\Movie Maker
2010-03-11 00:14:54 ----D---- C:\Program Files\Windows Mail
2010-03-09 13:57:35 ----D---- C:\Program Files\The Sims Resource
2010-03-09 13:51:53 ----D---- C:\Users\Kikiline\AppData\Roaming\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-12-04 446664]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-27 25208]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-09-12 2381312]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-01-13 346112]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-27 476528]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-12-04 2384240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [2010-04-04 246520]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Hallo und

Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!

Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.

Hoffe diesmal hab ich nix vergessen

Malwarebytes' Anti-Malware 1.45
Malwarebytes

Datenbank Version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.04.2010 15:40:51
mbam-log-2010-04-08 (15-40-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 104405
Laufzeit: 7 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\Kikiline\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Kikiline\AppData\Local\Temp\Ebl.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Kikiline\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


LG Kikiline

Zitat:

Datenbank Version: 3930

Bitte die Datenbanken/Signaturen in Malwarebytes aktualisieren! Mach danach noch einen Vollscan!

so habs nun gemacht

Malwarebytes' Anti-Malware 1.45
Malwarebytes

Datenbank Version: 3968

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.04.2010 19:06:14
mbam-log-2010-04-08 (19-06-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 215840
Laufzeit: 2 Stunde(n), 3 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\Kikiline\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Kikiline\AppData\Local\Temp\Ebj.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Kikiline\AppData\Local\Temp\Ebl.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Kikiline\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Gut. Dann erstell bitte jetzt die RSIT Logfiles.

So Bitteschön =)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kikiline at 2010-04-08 19:11:16
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 51 GB (42%) free of 119 GB
Total RAM: 1915 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:30, on 08.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Kikiline\AppData\Local\Temp\Ebk.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Kikiline\AppData\Local\Temp\Ebl.exe
C:\Program Files\The Sims Resource\TSR Launcher\TSR Launcher.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kikiline\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kikiline.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - (no file)
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: (no name) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: Amazon (amazon.de) - {603D3CE5-33BC-4d51-A31E-613A2B826E21} - C:\Users\Kikiline\AppData\Roaming\IEButtons\toolbutton2.js
O9 - Extra button: easy Shopping - {804420A5-7F05-4ee9-92F2-D2B644AD9102} - C:\Users\Kikiline\AppData\Roaming\IEButtons\toolbutton3.js
O9 - Extra button: eBay (ebay.de) - {C376BD23-6DC3-4e10-9ED0-AB8C0444E45C} - C:\Users\Kikiline\AppData\Roaming\IEButtons\toolbutton1.js
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7336 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{F5314006-8263-4F91-9C6C-0BEA2635503E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-27 583024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc01c2be-850b-4115-9b6b-9a427ddecc34}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]
{fc01c2be-850b-4115-9b6b-9a427ddecc34}
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-27 583024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-09-12 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-09-12 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-09-12 145944]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe [2009-11-18 240480]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2009-09-05 385024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-12-04 1037192]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2009-10-27 730480]
" Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-09-12 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-04-08 15:45:26 ----D---- C:\rsit
2010-04-08 15:31:34 ----A---- C:\mbam-error.txt
2010-04-08 15:30:32 ----D---- C:\Users\Kikiline\AppData\Roaming\Malwarebytes
2010-04-08 15:30:22 ----D---- C:\ProgramData\Malwarebytes
2010-04-08 15:30:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-08 15:22:07 ----D---- C:\Program Files\CCleaner
2010-04-08 14:35:18 ----D---- C:\Program Files\Trend Micro
2010-04-08 13:03:42 ----D---- C:\Users\Kikiline\AppData\Roaming\CheckPoint
2010-04-08 13:03:22 ----D---- C:\Program Files\CheckPoint
2010-04-08 13:03:18 ----A---- C:\Windows\system32\vsutil_loc0407.dll
2010-04-08 13:03:15 ----A---- C:\Windows\system32\vsregexp.dll
2010-04-08 13:03:12 ----A---- C:\Windows\system32\zlcommdb.dll
2010-04-08 13:03:12 ----A---- C:\Windows\system32\zlcomm.dll
2010-04-08 13:03:08 ----A---- C:\Windows\system32\vswmi.dll
2010-04-08 13:03:05 ----A---- C:\Windows\system32\zpeng25.dll
2010-04-08 13:03:05 ----A---- C:\Windows\system32\vsxml.dll
2010-04-08 13:03:04 ----A---- C:\Windows\system32\vspubapi.dll
2010-04-08 13:03:04 ----A---- C:\Windows\system32\vsmonapi.dll
2010-04-08 13:03:03 ----A---- C:\Windows\system32\vsdata.dll
2010-04-08 13:02:58 ----D---- C:\Windows\LastGood.Tmp
2010-04-08 13:02:43 ----D---- C:\Windows\system32\ZoneLabs
2010-04-08 13:02:41 ----D---- C:\Program Files\Zone Labs
2010-04-08 13:02:18 ----D---- C:\ProgramData\CheckPoint
2010-04-08 13:02:17 ----D---- C:\Windows\Internet Logs
2010-04-08 13:02:16 ----A---- C:\Windows\system32\vsutil.dll
2010-04-08 13:02:16 ----A---- C:\Windows\system32\vsinit.dll
2010-04-08 02:50:32 ----D---- C:\ProgramData\Alwil Software
2010-04-08 02:50:31 ----D---- C:\Program Files\Alwil Software
2010-04-07 23:12:02 ----D---- C:\Users\Kikiline\AppData\Roaming\World-Loom
2010-04-07 22:39:56 ----D---- C:\Program Files\OXXOGames
2010-04-07 20:54:46 ----D---- C:\Program Files\Conduit
2010-04-07 20:54:41 ----D---- C:\ProgramData\Oberon Media
2010-04-07 20:54:32 ----D---- C:\Program Files\Common Files\Oberon Media
2010-04-07 00:38:02 ----D---- C:\Program Files\ReflexiveArcade
2010-04-06 23:25:54 ----D---- C:\Program Files\MyLifeStory_at
2010-04-02 12:49:42 ----D---- C:\Users\Kikiline\AppData\Roaming\CasualForge
2010-04-02 12:49:42 ----D---- C:\ProgramData\CasualForge
2010-04-02 00:51:58 ----D---- C:\Users\Kikiline\AppData\Roaming\widestream
2010-04-02 00:51:30 ----D---- C:\Program Files\Widestream6
2010-04-02 00:50:37 ----D---- C:\Users\Kikiline\AppData\Roaming\OfferBox
2010-04-01 23:39:54 ----D---- C:\ProgramData\Trymedia
2010-04-01 23:39:43 ----D---- C:\Program Files\Bluefish Games
2010-04-01 22:37:22 ----D---- C:\ProgramData\AlawarWrapper
2010-04-01 22:37:06 ----D---- C:\Program Files\Alawar
2010-04-01 18:42:58 ----D---- C:\Users\Kikiline\AppData\Roaming\Friday's games
2010-04-01 13:00:20 ----D---- C:\Users\Kikiline\AppData\Roaming\LegacyInteractive
2010-03-31 22:54:04 ----D---- C:\Users\Kikiline\AppData\Roaming\WildTangent Janes Realty2
2010-03-31 00:35:15 ----D---- C:\Program Files\JRE
2010-03-31 00:23:45 ----D---- C:\ProgramData\Sun
2010-03-31 00:23:44 ----D---- C:\Program Files\Common Files\Java
2010-03-31 00:23:25 ----A---- C:\Windows\system32\javaws.exe
2010-03-31 00:23:25 ----A---- C:\Windows\system32\javaw.exe
2010-03-31 00:23:25 ----A---- C:\Windows\system32\java.exe
2010-03-31 00:23:03 ----D---- C:\Program Files\Java
2010-03-29 09:21:45 ----D---- C:\Users\Kikiline\AppData\Roaming\TSR
2010-03-11 16:33:12 ----D---- C:\ProgramData\FarmFrenzy3_Arctica
2010-03-10 21:32:14 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-10 21:32:12 ----A---- C:\Windows\system32\httpapi.dll
2010-03-09 13:15:53 ----D---- C:\Program Files\s3pe

======List of files/folders modified in the last 1 months======

2010-04-08 19:11:17 ----D---- C:\Windows\Temp
2010-04-08 19:06:32 ----D---- C:\Windows\system32\drivers
2010-04-08 19:06:32 ----D---- C:\Windows\DigitalLocker
2010-04-08 19:06:14 ----D---- C:\Windows\Tasks
2010-04-08 18:21:23 ----D---- C:\Windows\system32\Tasks
2010-04-08 15:41:02 ----D---- C:\Windows\Help
2010-04-08 15:30:22 ----HD---- C:\ProgramData
2010-04-08 15:30:21 ----RD---- C:\Program Files
2010-04-08 15:24:00 ----D---- C:\Windows\Debug
2010-04-08 15:24:00 ----D---- C:\Windows
2010-04-08 15:11:44 ----SHD---- C:\System Volume Information
2010-04-08 14:26:29 ----D---- C:\Windows\rescache
2010-04-08 13:37:16 ----SHD---- C:\Windows\Installer
2010-04-08 13:30:17 ----D---- C:\Windows\winsxs
2010-04-08 13:22:33 ----D---- C:\Windows\System32
2010-04-08 13:22:33 ----D---- C:\Windows\inf
2010-04-08 13:22:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-08 13:02:58 ----D---- C:\Windows\system32\catroot
2010-04-08 12:54:22 ----D---- C:\Windows\system32\catroot2
2010-04-08 12:51:34 ----D---- C:\Program Files\Internet Explorer
2010-04-08 12:51:33 ----D---- C:\Windows\system32\migration
2010-04-08 12:46:11 ----D---- C:\Windows\system32\de-DE
2010-04-07 21:58:32 ----D---- C:\Program Files\HP Games
2010-04-07 21:55:38 ----AD---- C:\ProgramData\TEMP
2010-04-07 20:54:32 ----D---- C:\Program Files\Common Files
2010-04-07 17:08:38 ----D---- C:\Windows\Prefetch
2010-04-07 17:07:23 ----D---- C:\Windows\system32\WDI
2010-04-07 00:29:59 ----D---- C:\BigFishGamesCache
2010-04-04 17:39:41 ----D---- C:\ProgramData\WildTangent
2010-04-04 01:16:51 ----D---- C:\Program Files\Mozilla Firefox
2010-04-02 11:21:58 ----D---- C:\Users\Kikiline\AppData\Roaming\PlayFirst
2010-04-02 11:21:58 ----D---- C:\ProgramData\PlayFirst
2010-04-01 12:57:08 ----D---- C:\Program Files\bfgclient
2010-03-31 00:38:06 ----D---- C:\Program Files\OpenOffice.org 3
2010-03-31 00:36:58 ----RSD---- C:\Windows\assembly
2010-03-31 00:35:41 ----RSD---- C:\Windows\Fonts
2010-03-31 00:23:07 ----A---- C:\Windows\system32\deploytk.dll
2010-03-11 00:14:55 ----D---- C:\Program Files\Movie Maker
2010-03-11 00:14:54 ----D---- C:\Program Files\Windows Mail
2010-03-09 13:57:35 ----D---- C:\Program Files\The Sims Resource
2010-03-09 13:51:53 ----D---- C:\Users\Kikiline\AppData\Roaming\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-12-04 446664]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-27 25208]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-09-12 2381312]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-01-13 346112]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-27 476528]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-12-04 2384240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [2010-04-04 246520]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
LG Kikiline

Zitat:

C:\Users\Kikiline\AppData\Local\Temp\Ebk.exe
C:\Users\Kikiline\AppData\Local\Temp\Ebl.exe

Bitte diese Dateien bei Virustotal auswerten lassen und von jeder den Ergebnislink posten. Falls Du die Dateien nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn eine Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

hm...also iwie klappt das bei mir nich...
auf der seite stand error

LG Kikiline

Genaue Fehlermeldung? Ist auch egal, dann mach es so:


1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:

Code: Alles auswählenAufklappen

ATTFilter

files to delete:
C:\Users\Kikiline\AppData\Local\Temp\Ebk.exe
C:\Users\Kikiline\AppData\Local\Temp\Ebl.exe
         

4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken

is mir echt peinlich aber das klappt auch nicht...folgende Fehlermeldung kommt:

Error: Invalid script. A vlid script must begin with a command directive.
Aborting execution!

kann dann nur mit OK schließen...

tut mir echt leid, bin allem gefolgt wie du es beschrieben hast..

LG Kikiline

Du musst das "files to delete:" mitkopieren!!

ja sry mein fehler, habe das auch gemerkt

nach dem neustart habe ich aber kein LogFile eingeblendet bekommen, kann also nichts posten..

LG Kikiline

Das Log ist da => c:\avenger.txt
Und wenn nicht ist es auch in der backup.zip die Du hochladen solltest.

kann ich nich finden und von der backup.zip weiß ich grad auch nix..
sry aber ich steh grad iwie aufm schlauch...

ich habe das c:\avenger.txt in der suchleiste eingegeben doch es wird nicht gefunden...hab dann iwas falsch gemacht, wenn du sagst, es muss da sein

LG Kikiline