Liebes Team,

ich benötige dringend wure Hilfe.
Seit ich heute Mittag einen neuen Flash Player heruntergeladen habe, bekomme ich eine Fehlermeldung, dass ich einen Trojaner auf meinem Laptop habe und das Sicherheitscenter meines Laptops deaktviert ist.
Der Trojaner heißt: trojan aspx js.
Ich habe den rkill durchgeführt, dann den anti mailware durchlaufen lassen, den GMER durchgeführt und den CCleaner

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as a on 11.04.2010 at 19:04:28.


Processes terminated by Rkill or while it was running:


C:\Users\a\AppData\Local\Temp\davclnt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\a\Desktop\rkill.com


Rkill completed on 11.04.2010 at 19:04:31.


GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-11 21:06:32
Windows 6.0.6001 Service Pack 1
Running: zivr35dy.exe; Driver: C:\Users\a\AppData\Local\Temp\fgldrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EA02340, 0x3ECA97, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3580] kernel32.dll!FindResourceA 769509A5 5 Bytes JMP 0042B440 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3580] kernel32.dll!FindResourceW 769697C7 5 Bytes JMP 0042B480 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3580] USER32.dll!LoadStringA 776A61ED 2 Bytes JMP 0042B710 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3580] USER32.dll!LoadStringA + 3 776A61F0 2 Bytes [D8, 88]
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3580] USER32.dll!LoadMenuW 776B3DE3 5 Bytes JMP 0042B600 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3580] USER32.dll!LoadStringW 776B95FB 5 Bytes JMP 0042B660 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3580] USER32.dll!CreateDialogParamA 776C16FD 5 Bytes JMP 0042B4C0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3580] USER32.dll!CreateDialogParamW 776D1C58 5 Bytes JMP 0042B530 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3580] USER32.dll!LoadMenuA 776E7BCF 5 Bytes JMP 0042B5A0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Windows\explorer.exe[5692] kernel32.dll!DeleteFileW 7693C5C8 5 Bytes JMP 06BE6600 C:\Program Files\Softex\OmniPass\opfolderext.dll (OpFolderExt/Softex Inc.)
.text C:\Windows\explorer.exe[5692] kernel32.dll!CreateFileW 7696CC4E 5 Bytes JMP 06BE5F20 C:\Program Files\Softex\OmniPass\opfolderext.dll (OpFolderExt/Softex Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73F188B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73F598A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73F1B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73F0FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73F17A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73F0EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F4B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73F1BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73F1074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73F106B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73F071B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73F9D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73F37379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73F0E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73F0697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73F069A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5692] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73F12465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Leider besteht mein Problem nach wie vor und ich bekomme immer noch eine Meldung, dass jemand versicht meinen PC auszuspionieren und der PC versucht ständig ein Programm namens Digital Protection herunterzuladen.

Ich bin jetzt echt ein wenig verzweifelt, weil ich nun schon alles durchgespielt habe, was ihr an Hilfelösungen anbietet.

Hoffe auf eure Hilfe!

Hallo und

Starte Malwarebytes, aktualisiere es und mach einen Vollscan => Log posten. Anschließend:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Vielen Dank für die Antwort und die Hilfe!

Hier schon mal die Logdatei von Malwarebytes:
Falls das hier zu unübersichtlich ist, hab ich es auch als Datei beigefügt.

alwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3982

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

12.04.2010 20:41:40
mbam-log-2010-04-12 (20-41-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 246660
Laufzeit: 54 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 52

Infizierte Speicherprozesse:
C:\Users\a\AppData\Local\Temp\davclnt.exe (Malware.Packer.Gen) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmaeetpbsptex (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\davclnt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Windows\PRAGMAeetpbsptex (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\a\AppData\Local\Temp\davclnt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asdE2B1.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asdEE06.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asdF126.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asdFA0D.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asdFBAC.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asdFCF9.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\PRAGMA31ce.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd58D0.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd59D4.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd6480.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd758F.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd76F6.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd77C2.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd8AD1.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd969E.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd9844.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd1DAD.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd1F38.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd25AE.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd2B06.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd2E24.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd9C0C.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd9D16.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asdA301.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asdA952.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asdB7F8.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\TMP25AD.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd38A.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd4224.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd45FC.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd46A9.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\asd52AB.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\dhdhtrdhdrtr5y (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\Digital Protection\digext.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Local\Temp\Digital Protection\dighook.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\PRAGMAdyapihjqvr.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\PRAGMAfepkknptts.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\PRAGMAptsntstvqx.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\PRAGMAeetpbsptex\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Windows\System32\PRAGMAddvupdvvrw.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\a\Desktop\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\a\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

Siehste, das hat noch einiges weggeräumt
Ich warte aufs OTL Log...

Ja, war jetzt auch sehr erstaunt. Gestern Abend hatte er nichts mehr gefunden.
Hier also noch das OTL log:

OTL logfile created on: 12.04.2010 20:50:56 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\a\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,70 Gb Total Space | 77,66 Gb Free Space | 50,86% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 122,71 Gb Total Space | 110,31 Gb Free Space | 89,89% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: A-PC
Current User Name: a
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\a\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Softex\OmniPass\scureapp.exe ()
PRC - C:\Programme\Softex\OmniPass\opvapp.exe ()
PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\a\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)


========== Driver Services (SafeList) ==========

DRV - (cnsuys) -- C:\Windows\System32\drivers\nbri.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {9f94fab0-58a2-11dd-ae16-0800200c9a66}:3.0.26

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 11:40:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 11:40:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.10.14 22:08:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009.02.06 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\mozilla\Extensions
[2010.04.11 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\vdw2w579.default\extensions
[2010.03.20 18:41:40 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\vdw2w579.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2010.01.10 19:58:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\vdw2w579.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.20 18:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\vdw2w579.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}\mozapps\extensions
[2010.03.15 22:52:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.15 22:52:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.03.15 22:46:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.15 22:46:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.15 22:46:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.15 22:46:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.15 22:46:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0716d684-b9ac-11de-8ddb-001f1604cc53}\Shell\AutoRun\command - "" = G:\installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.12 20:45:56 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe
[2010.04.12 19:29:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.04.11 20:01:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.11 18:21:31 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Malwarebytes
[2010.04.11 18:21:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.11 18:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.11 18:21:07 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.11 18:21:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.11 17:42:23 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Avira
[2010.04.11 17:39:12 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.11 17:39:12 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.11 15:34:59 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.04.11 15:34:58 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.04.11 15:34:58 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.04.11 15:34:58 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.04.11 15:34:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.04.11 15:34:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.04.11 15:34:58 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.04.11 15:34:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.04.11 15:34:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.04.11 15:34:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.04.11 15:34:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.04.11 15:34:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.04.11 15:34:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.04.11 15:34:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.04.11 15:34:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.04.05 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Amazon
[2010.04.05 18:59:30 | 000,000,000 | ---D | C] -- C:\Programme\Amazon
[2010.03.31 20:55:40 | 000,000,000 | ---D | C] -- C:\Programme\QS
[2010.03.20 18:29:20 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.20 18:29:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.03.20 18:27:52 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.03.20 18:27:52 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.03.20 18:27:52 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.03.20 18:27:52 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.03.20 18:27:52 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.03.20 18:27:52 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.03.20 18:27:51 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.03.20 18:27:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.03.20 18:27:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.03.20 18:27:02 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.03.20 18:27:02 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.03.20 18:26:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.03.20 18:26:47 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.03.20 18:26:47 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.03.20 18:26:45 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.03.20 18:26:45 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.03.20 18:26:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.03.20 18:26:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.03.20 18:26:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.03.20 18:26:43 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.03.15 22:54:36 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\skypePM
[2010.03.15 22:52:41 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Skype
[2010.03.15 22:52:08 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.15 22:52:07 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.03.15 22:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009.10.11 21:09:20 | 016,871,432 | ---- | C] ( ) -- C:\Users\a\gimp-2.6.7-i686-setup.exe
[2008.07.25 09:00:57 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010.04.12 20:51:50 | 001,835,008 | -HS- | M] () -- C:\Users\a\NTUSER.DAT
[2010.04.12 20:47:39 | 000,027,459 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.04.12 20:47:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.12 20:47:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.12 20:47:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.12 20:47:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.12 20:47:24 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.12 20:46:49 | 000,524,288 | -HS- | M] () -- C:\Users\a\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.12 20:46:49 | 000,065,536 | -HS- | M] () -- C:\Users\a\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.12 20:46:39 | 002,636,029 | -H-- | M] () -- C:\Users\a\AppData\Local\IconCache.db
[2010.04.12 20:46:11 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe
[2010.04.12 19:50:20 | 001,418,794 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.12 19:50:20 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.12 19:50:20 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.12 19:50:20 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.12 19:50:20 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.11 20:32:00 | 000,293,376 | ---- | M] () -- C:\Users\a\Desktop\zivr35dy.exe
[2010.04.11 20:17:06 | 000,142,816 | ---- | M] () -- C:\Users\a\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.11 20:16:22 | 000,453,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.11 20:01:44 | 000,001,674 | ---- | M] () -- C:\Users\a\Desktop\CCleaner.lnk
[2010.04.11 19:04:16 | 000,363,520 | ---- | M] () -- C:\Users\a\Desktop\rkill.com
[2010.04.11 18:42:40 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\nbri.sys
[2010.04.11 18:21:20 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.11 15:56:26 | 000,000,104 | ---- | M] () -- C:\Users\a\Desktop\Papierkorb - Verknüpfung.lnk
[2010.04.11 15:03:33 | 000,001,183 | ---- | M] () -- C:\ProgramData\pragmamfeklnmal.dll
[2010.04.01 17:44:43 | 000,000,680 | ---- | M] () -- C:\Users\a\AppData\Local\d3d9caps.dat
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.15 22:54:36 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.03.15 22:52:08 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2010.04.11 20:31:59 | 000,293,376 | ---- | C] () -- C:\Users\a\Desktop\zivr35dy.exe
[2010.04.11 20:01:44 | 000,001,674 | ---- | C] () -- C:\Users\a\Desktop\CCleaner.lnk
[2010.04.11 19:04:14 | 000,363,520 | ---- | C] () -- C:\Users\a\Desktop\rkill.com
[2010.04.11 18:42:40 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\nbri.sys
[2010.04.11 18:21:20 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.11 15:56:26 | 000,000,104 | ---- | C] () -- C:\Users\a\Desktop\Papierkorb - Verknüpfung.lnk
[2010.04.11 15:03:33 | 000,001,183 | ---- | C] () -- C:\ProgramData\pragmamfeklnmal.dll
[2010.04.01 17:44:43 | 000,000,680 | ---- | C] () -- C:\Users\a\AppData\Local\d3d9caps.dat
[2010.03.15 22:54:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.15 22:52:08 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009.11.01 17:33:22 | 000,003,286 | ---- | C] () -- C:\Users\a\.recently-used.xbel
[2009.10.25 15:44:16 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.10.25 15:43:56 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.08.30 16:02:10 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2009.03.08 17:47:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.13 21:45:55 | 000,027,459 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.02.13 20:21:20 | 000,027,459 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.02.06 21:25:22 | 000,010,240 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.11 14:01:03 | 000,524,288 | -HS- | C] () -- C:\Users\a\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.09.11 14:01:03 | 000,524,288 | -HS- | C] () -- C:\Users\a\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.09.11 14:01:03 | 000,262,144 | -H-- | C] () -- C:\Users\a\ntuser.dat.LOG1
[2008.09.11 14:01:03 | 000,065,536 | -HS- | C] () -- C:\Users\a\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008.09.11 14:01:03 | 000,000,020 | -HS- | C] () -- C:\Users\a\ntuser.ini
[2008.09.11 14:01:03 | 000,000,000 | -H-- | C] () -- C:\Users\a\ntuser.dat.LOG2
[2008.09.11 14:01:00 | 001,835,008 | -HS- | C] () -- C:\Users\a\NTUSER.DAT
[2008.07.25 09:00:57 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.07.25 09:00:57 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.07.25 09:00:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.07.17 11:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.07.17 09:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.07.17 08:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.07.14 11:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

Und hier das zweite:

OTL Extras logfile created on: 12.04.2010 20:50:57 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\a\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,70 Gb Total Space | 77,66 Gb Free Space | 50,86% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 122,71 Gb Total Space | 110,31 Gb Free Space | 89,89% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: A-PC
Current User Name: a
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-782673703-2599978224-1469087819-1001]
"EnableNotifications" = 1
"EnableNotificationsRef" = 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*esigner.exe -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{651B29D9-3424-4EC6-97C2-069145561A3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7AD252FF-F75E-4165-B977-35F523D09D15}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7D15ED71-D6C4-468C-8060-3E36AE15E919}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F47084A-C3E6-4524-8008-397409F71DFD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1222E235-6140-4AC3-AE19-F84F8483B8D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{289F4083-94FF-4FA0-964B-8AD17F302DA2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{30611AB3-4371-451A-9702-C50EC67E5691}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{426C7A74-D4C1-41A2-8E17-1A19F42AE8E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{467491F0-6A61-4470-AD6B-7EB4015FA435}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7782EF1E-E6B0-41DD-8254-775D0BCC731B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{96EE7343-328E-460B-B372-2B36D01EE775}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{9CC3C7EF-F2CA-4D14-AC98-1E1B6AAF8A54}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{C7502F25-D77E-45AC-A118-9FB6F5CFC59F}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{CDC1D663-862B-4FA9-B855-3258E1CD7753}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EBB42C07-EB97-4E58-A41A-D4D72859E140}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EF1F4230-9E94-4236-9970-433498514294}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FFA036B0-98D6-4588-A630-9966FA64DA26}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{008E6974-6C2E-4D7C-901A-7FB87AC15D19}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{1997F336-F563-41C4-9423-93CE618FB0BF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{1ACB3EE5-EEA3-45A2-A0E6-E78B37F05588}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{7EE91E80-8646-4C27-B6BC-A9A280334FB0}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{86492906-29A3-453C-BFA2-89799732B546}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{C291DE66-7B6B-483F-BF2C-F9AE6268A1E1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{16B1765E-770F-467A-A421-CE339B7198EC}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{1B72E3D5-3DE0-40D9-9EE0-F799570A6FD5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{5E867DB9-A61A-44B7-AF65-C448460EC2F3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9BDF9421-C327-4854-84CE-E14A325D6779}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CAFC7552-8801-4C8B-BA39-2C94D04DEA01}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{CC225CE7-D260-415E-88BB-139B05275EB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2E41963B-151C-4D8B-BE5D-15A4F161719F}" = GoGear Spark Device Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44061C54-0775-4AE1-B433-79BCC6431817}" = WISO Mein Geld 2009 Professional
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Anmelde-Assistent
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Designer 2.0_is1" = Designer 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LetsTrade" = LetsTrade Komponenten
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video easy D" = MAGIX Video easy 1.0.0.24 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NVIDIA Drivers" = NVIDIA Drivers
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ULTIMATER" = Microsoft Office Ultimate 2007
"WinGimp-2.0_is1" = GIMP 2.6.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.04.2010 13:33:03 | Computer Name = a-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.04.2010 13:39:52 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.04.2010 13:40:04 | Computer Name = a-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.04.2010 13:40:05 | Computer Name = a-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.04.2010 13:44:01 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.04.2010 13:44:15 | Computer Name = a-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.04.2010 13:44:15 | Computer Name = a-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.04.2010 14:47:37 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.04.2010 14:47:50 | Computer Name = a-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.04.2010 14:47:50 | Computer Name = a-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 09.01.2010 01:31:48 | Computer Name = a-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.01.2010 13:54:44 | Computer Name = a-PC | Source = HTTP | ID = 15016
Description =

Error - 10.01.2010 13:55:05 | Computer Name = a-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.01.2010 15:19:30 | Computer Name = a-PC | Source = HTTP | ID = 15016
Description =

Error - 11.01.2010 15:19:52 | Computer Name = a-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.01.2010 12:37:51 | Computer Name = a-PC | Source = HTTP | ID = 15016
Description =

Error - 12.01.2010 12:38:14 | Computer Name = a-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13.01.2010 13:52:32 | Computer Name = a-PC | Source = HTTP | ID = 15016
Description =

Error - 13.01.2010 13:52:52 | Computer Name = a-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14.01.2010 15:44:59 | Computer Name = a-PC | Source = HTTP | ID = 15016
Description =


< End of report >

Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
DRV - (cnsuys) -- C:\Windows\System32\drivers\nbri.sys ()
[2009.10.25 15:43:56 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
         

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.

Hier ist es schon:

========== OTL ==========
Service cnsuys stopped successfully!
Service cnsuys deleted successfully!
C:\Windows\System32\drivers\nbri.sys moved successfully.
C:\Windows\mgxoschk.ini moved successfully.

OTL by OldTimer - Version 3.2.1.1 log created on 04122010_211411


Viele Grüße
Yvonne

Ok, dann mach jetzt ein Log mit CF, das Tool nimmt uns viel Arbeit ab

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Ok, hier bin ich wieder.
Musste einen System Neustart machen.

Log ist unten angefügt.

Viele Grüße
Yvonne

Ok, hier bin ich wieder. Hat etwas gedauert, musste noch nen Neustart machen.
Anbei das Log

ok, hat etwas gedauert. Musste einen Neustart machen:

ComboFix 10-04-12.01 - a 12.04.2010 21:45:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3070.1936 [GMT 2:00]
ausgeführt von:: c:\users\a\Desktop\Cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((( Dateien erstellt von 2010-03-12 bis 2010-04-12 ))))))))))))))))))))))))))))))
.

2010-04-12 19:51 . 2010-04-12 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 19:14 . 2010-04-12 19:14 -------- d-----w- C:\_OTL
2010-04-11 18:01 . 2010-04-11 18:01 -------- d-----w- c:\program files\CCleaner
2010-04-11 16:21 . 2010-04-11 16:21 -------- d-----w- c:\users\a\AppData\Roaming\Malwarebytes
2010-04-11 16:21 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 16:21 . 2010-04-11 16:21 -------- d-----w- c:\programdata\Malwarebytes
2010-04-11 16:21 . 2010-04-11 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 16:21 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 15:42 . 2010-04-11 15:42 -------- d-----w- c:\users\a\AppData\Roaming\Avira
2010-04-11 15:39 . 2009-05-11 09:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-11 15:39 . 2009-05-11 09:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-11 13:03 . 2010-04-11 13:03 1183 ----a-w- c:\programdata\pragmamfeklnmal.dll
2010-04-05 17:05 . 2010-04-05 17:05 -------- d-----w- c:\users\a\AppData\Roaming\Amazon
2010-04-05 16:59 . 2010-04-05 16:59 -------- d-----w- c:\program files\Amazon
2010-04-01 15:44 . 2010-04-01 15:44 680 ----a-w- c:\users\a\AppData\Local\d3d9caps.dat
2010-03-31 18:55 . 2010-03-31 18:55 -------- d-----w- c:\program files\QS
2010-03-20 16:29 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-20 16:29 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-20 16:29 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-20 16:26 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-15 20:54 . 2010-04-12 17:12 -------- d-----w- c:\users\a\AppData\Roaming\skypePM
2010-03-15 20:52 . 2010-04-12 17:31 -------- d-----w- c:\users\a\AppData\Roaming\Skype
2010-03-15 20:52 . 2010-03-15 20:52 -------- d-----w- c:\program files\Common Files\Skype
2010-03-15 20:52 . 2010-03-15 20:52 -------- d-----r- c:\program files\Skype
2010-03-15 20:52 . 2010-03-15 20:52 -------- d-----w- c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 18:53 . 2008-07-17 11:56 618430 ----a-w- c:\windows\system32\perfh007.dat
2010-04-12 18:53 . 2008-07-17 11:56 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-04-11 18:17 . 2008-09-11 12:01 142816 ----a-w- c:\users\a\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-10 22:17 . 2009-02-06 20:59 -------- d-----w- c:\users\a\AppData\Roaming\ICQ
2010-03-20 16:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-15 20:54 . 2010-03-15 20:54 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-01 07:05 . 2009-12-30 18:47 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-24 08:16 . 2009-10-15 17:25 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-11 13:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-11 13:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-11 13:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-11 13:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-19 07:43 . 2010-02-19 07:43 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-16 11:24 . 2009-12-30 18:47 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-09 15:20 . 2009-02-13 18:21 27459 ----a-w- c:\programdata\nvModes.dat
2010-01-25 12:48 . 2010-03-20 16:27 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-03-20 16:27 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-03-20 16:27 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-03-20 16:27 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-03-20 16:27 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-03-20 16:27 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-03-20 16:27 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-03-20 16:27 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-03-20 16:27 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-20 18:03 . 2010-01-20 18:03 10180528 ----a-w- c:\users\a\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe
2010-01-18 15:42 . 2009-10-21 19:51 1314816 ----a-w- c:\users\a\AppData\Roaming\phonostar GmbH\phonostar-Player\skins\phonostarSkin.dll
2008-07-10 14:33 . 2008-07-10 14:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
2007-09-01 12:03 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-07-11 03:08 13543968 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-07-11 03:08 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2009-12-15 09:40 207504 ----a-w- c:\program files\pdf24\pdf24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2010-01-18 12:31 37888 ----a-w- c:\program files\phonostar-Player\phonostarTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-03 09:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-06-25 11:49 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-782673703-2599978224-1469087819-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000004

R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\vdw2w579.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-12 21:51
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-04-12 21:53:10
ComboFix-quarantined-files.txt 2010-04-12 19:53

Vor Suchlauf: 9 Verzeichnis(se), 83.563.929.600 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 83.514.843.136 Bytes frei

- - End Of File - - 4C352C563167DC7A049F432F6D33861B

Sieht ok aus.
Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Prima, bei Malewarebytes wurde nichts mehr gefunden.

Und hier noch der Log von SuperAnti Spyware:

Hier hat er zwei Elemente gefunden, die ich dann löschen hab lassen.


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/13/2010 at 00:58 AM

Application Version : 4.35.1002

Core Rules Database Version : 4796
Trace Rules Database Version: 2608

Scan type : Complete Scan
Total Scan Time : 01:34:14

Memory items scanned : 690
Memory threats detected : 0
Registry items scanned : 8813
Registry threats detected : 0
File items scanned : 149565
File threats detected : 2

Adware.Tracking Cookie
C:\Users\a\AppData\Roaming\Microsoft\Windows\Cookies\a@doubleclick[2].txt
C:\Users\a\AppData\Roaming\Microsoft\Windows\Cookies\a@statse.webtrendslive[2].txt


und nun? Sind wir jetzt durch? Bin ich endlich alles wieder los?

Viele Grüße

Yvonne